Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opened a .scr file like an idiot. It has renamed self to avastservice.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 Auzei

Auzei

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 24 August 2015 - 06:29 PM

Hey! I have a virus. I had what I thought was a screenshot from skype through a friend. It was a .scr instead though. I was suspiscious of clicking it in the first place because we hardly ever talk on skype. But, for some reason I did the really dumb thing and clicked it. Pretty instantly I knew it was a virus since it loaded but didn't open anything. I close the programs I have open and then receive a text from coinbase. I never use coinebase. I made an account there a while back but never did anything with it. I was basically just curious what it was about and then left it alone. 
 
This kind of freaked me out and I wondered what other information it could have. So I called my bank to cancel my card and send me a new one just to be safe. I restart the computer into safemode and then search online quick way to get rid of it. I went to reddit and found the techsupport subreddit. I read their malware removal guide and I followed it twice, minus the roguekiller step. I thought it worked and got rid of the virus. Here I decided I want to be safer so I install bitdefender and get rid of avast. Avast gave me some trouble but I was able to work it out and got rid of it. 
 
After all the scans and removing I find I'm unable to run Dungeon Fighter Online. Whenever I try to launch it it makes the CPU run at 100%. So I ended the process. and restarted my computer after another scan and did a sfc /scannow and it found some stuff and fixed it. I restarted and let it boot up normally. I uninstalled DFO and re-installed it. I was able to play it just fine. Later after i had played for a bit and needed to do a few things I closed the game. A few hours later I came back and it was doing the 100% CPU again. So I close the process again.
 
Now, at some point I noticed avastservice.exe is a process. So I do some research and find out about avastcleaner and I run that to get rid of it. Before I got rid of it I noticed It still had some files. After they were no longer there. So I thought it was gone. Later, I see the process STILL there. I try closing it manually and it says access denied. I'm confused.
 
Alright, now I have just noticed another thing while I'm in safemode because I saw bitdefender mention avastservice.exe. I decided to search for 'avast' and it had some files and folder. Not sure what they are but some of them are in appdata in the chrome folder, some of them are in c drive, windows, winsxs and manifests. I try deleting one or two of them to see. Doesn't let me. 
 
Then I see the thing I downloaded from skype labeled 'avastservice.exe' with the weird icon. It looks like an image that is static but instead of being black and white it's colored. It's the same thing and the original virus that caused all this. It's been slipping by the virus scans and renamed itself.
 
So, I know there are a few extra programs you will see in these logs, some clutter that I don't need. I'll be taking care of some of that. But this virus is way more important. I haven't gotten the chance to change my passwords yet and I really want to. I'm posting this from my Dad's laptop because I don't want to let the virus do whatever. Right now my computer is in safemode. 
 
Where do I start now? Let's have a clean slate. Here are my logs for FRST and addition:
 
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by Auzei (administrator) on AUZEICOMP (24-08-2015 18:46:35)
Running from C:\Users\Auzei\Desktop
Loaded Profiles: Auzei (Available Profiles: Auzei)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-07-04] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2015-08-22]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Auzei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4142785134-173464496-186887342-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4142785134-173464496-186887342-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MCM_WCP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{79DB3ADD-B0DF-4EC1-9F83-1E2439AC8976}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Auzei\AppData\Roaming\Mozilla\Firefox\Profiles\cd3d3sst.default-1419995965952
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2014-04-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-08-09] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Auzei\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4142785134-173464496-186887342-1000: @my.com/Games -> C:\Users\Auzei\AppData\Local\MyComGames\NPMyComDetector.dll [2015-07-18] (My.com, Inc)
FF Plugin HKU\S-1-5-21-4142785134-173464496-186887342-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Auzei\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4142785134-173464496-186887342-1000: @talk.google.com/O1DPlugin -> C:\Users\Auzei\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4142785134-173464496-186887342-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Auzei\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4142785134-173464496-186887342-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Auzei\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4142785134-173464496-186887342-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Auzei\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Auzei\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Auzei\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: MEGA - C:\Users\Auzei\AppData\Roaming\Mozilla\Firefox\Profiles\cd3d3sst.default-1419995965952\Extensions\firefox@mega.co.nz.xpi [2015-05-29]
FF Extension: Reddit Enhancement Suite - C:\Users\Auzei\AppData\Roaming\Mozilla\Firefox\Profiles\cd3d3sst.default-1419995965952\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-02-17]
FF Extension: Quick Translator - C:\Users\Auzei\AppData\Roaming\Mozilla\Firefox\Profiles\cd3d3sst.default-1419995965952\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2015-03-06]
FF Extension: Adblock Plus - C:\Users\Auzei\AppData\Roaming\Mozilla\Firefox\Profiles\cd3d3sst.default-1419995965952\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-30]
 
Chrome: 
=======
CHR Profile: C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-27]
CHR Extension: (Google Drive) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-27]
CHR Extension: (YouTube) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-27]
CHR Extension: (Adblock Plus) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-27]
CHR Extension: (plugCubed) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cipflinfkekcenojmoohjoionlhiljli [2014-05-11]
CHR Extension: (Google Search) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-27]
CHR Extension: (Netflix) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-04-03]
CHR Extension: (Tampermonkey) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-11-12]
CHR Extension: (Tonematrix) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\enpfehkomaakbncdddjkoffacajcglha [2014-02-28]
CHR Extension: (Twitch Live) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcjibojeokeogfofjgaajlobobagbeg [2015-08-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-28]
CHR Extension: (StayFocusd) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-12-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Soundcorset) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifojddckfabgppaklbpcbkcbdgakfnd [2015-08-23]
CHR Extension: (Ghostery) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-13]
CHR Extension: (Hangouts) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-05-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (Cacoo - Diagramming & Real-Time Collaboration) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2014-02-28]
CHR Extension: (Reverse Playlist for YouTube™ (BETA)) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\phmkjpaalnpngdifcgejpakhfleamlag [2015-05-23]
CHR Extension: (Gmail) - C:\Users\Auzei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-08-02] (Echobit LLC)
S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1720888 2015-08-12] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6874680 2015-08-12] (GOG.com)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-22] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-30] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-24] ()
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 CORK70; C:\Windows\System32\drivers\CORK70.sys [25600 2012-10-31] ( )
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-02] (Echobit, LLC)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2014-02-27] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2014-02-27] (FNet Co., Ltd.)
S1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-25] (REALiX™)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 monectdevices; C:\Windows\System32\DRIVERS\monectdevices.sys [15768 2013-12-03] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-04] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-24 18:46 - 2015-08-24 18:46 - 00020286 _____ C:\Users\Auzei\Desktop\FRST.txt
2015-08-24 18:46 - 2015-08-24 18:46 - 00000000 ____D C:\FRST
2015-08-24 18:46 - 2015-08-24 18:44 - 02186752 _____ (Farbar) C:\Users\Auzei\Desktop\FRST64.exe
2015-08-24 06:23 - 2015-08-24 06:23 - 00055263 _____ C:\Users\Auzei\Desktop\DxDiag.txt
2015-08-24 06:21 - 2015-08-24 06:21 - 00001212 _____ C:\Users\Auzei\Desktop\Eventviewergupdate.txt
2015-08-23 22:33 - 2015-08-23 22:33 - 00001416 _____ C:\Users\Auzei\Desktop\sdxcg.txt
2015-08-23 20:42 - 2015-08-23 20:42 - 05506188 _____ C:\Users\Auzei\Downloads\5_2.mp4
2015-08-23 20:25 - 2015-08-23 20:25 - 00001654 _____ C:\Users\Public\Desktop\Dungeon Fighter Online.lnk
2015-08-23 20:25 - 2015-08-23 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\neople
2015-08-23 20:24 - 2015-08-23 20:24 - 03064944 _____ (Neople) C:\Users\Auzei\Downloads\DFO_Install (2).exe
2015-08-23 16:56 - 2015-08-23 16:56 - 00000274 _____ C:\Users\Public\Documents\neople_uninstaller2.bat
2015-08-23 16:56 - 2015-08-23 16:56 - 00000154 _____ C:\Users\Auzei\Desktop\siper.txt
2015-08-23 16:53 - 2015-08-23 16:53 - 00002420 _____ C:\Users\Auzei\Desktop\cc_20150823_165335.reg
2015-08-23 16:53 - 2015-08-23 16:53 - 00000456 _____ C:\Users\Auzei\Desktop\cc_20150823_165356.reg
2015-08-23 16:51 - 2015-08-23 16:51 - 00488592 _____ C:\Users\Auzei\Desktop\cc_20150823_165113.reg
2015-08-23 16:50 - 2015-08-23 16:50 - 00000082 _____ C:\Users\Auzei\Desktop\cc_20150823_165052.reg
2015-08-23 15:58 - 2015-08-23 15:58 - 06609608 _____ (Piriform Ltd) C:\Users\Auzei\Downloads\ccsetup508.exe
2015-08-23 15:58 - 2015-08-23 15:58 - 00001017 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-23 15:50 - 2015-08-23 15:54 - 00002842 _____ C:\Windows\system32\lic2.xml23654
2015-08-23 15:50 - 2015-08-23 15:50 - 00002172 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-08-23 15:50 - 2015-08-23 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-08-23 15:50 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-08-23 15:50 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-08-23 15:49 - 2015-08-23 15:50 - 00000000 ____D C:\Program Files\Bitdefender
2015-08-23 15:49 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-08-23 15:49 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-08-23 15:44 - 2015-08-23 15:44 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\ProductData
2015-08-23 15:41 - 2015-08-23 15:41 - 00001930 _____ C:\Users\Auzei\Desktop\JRT.txt
2015-08-23 15:34 - 2015-08-23 15:34 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-23 15:30 - 2015-08-23 15:29 - 05961160 _____ (AVAST Software) C:\Users\Auzei\Desktop\avastclear.exe
2015-08-23 14:06 - 2015-08-23 14:06 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\aipai
2015-08-23 14:05 - 2015-08-23 14:06 - 00000000 ____D C:\SmartPixel
2015-08-23 14:05 - 2015-08-23 14:05 - 00001596 _____ C:\Users\Auzei\Desktop\SmartPixel.lnk
2015-08-23 14:05 - 2015-08-23 14:05 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPixel
2015-08-23 14:05 - 2015-08-23 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPixel
2015-08-23 14:01 - 2015-08-23 14:01 - 29908056 _____ (Beyond Magic Limited) C:\Users\Auzei\Downloads\smartpixel_setup.exe
2015-08-22 22:27 - 2015-08-22 22:27 - 03064944 _____ (Neople) C:\Users\Auzei\Downloads\DFO_Install (1).exe
2015-08-22 22:26 - 2015-08-22 22:26 - 00000274 _____ C:\Users\Public\Documents\neople_uninstaller1.bat
2015-08-22 22:19 - 2015-08-22 22:19 - 00003304 ____N C:\bootsqm.dat
2015-08-22 21:44 - 2015-08-22 21:44 - 00262144 _____ C:\Windows\Minidump\082215-41761-01.dmp
2015-08-22 21:26 - 2015-08-22 21:27 - 00085924 _____ C:\Windows\DPINST.LOG
2015-08-22 20:14 - 2015-08-22 20:15 - 00000000 ____D C:\Users\Auzei\Desktop\Removal
2015-08-22 20:11 - 2015-08-22 20:17 - 00002842 _____ C:\Windows\system32\lic2.xml21938
2015-08-22 20:11 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-08-22 19:57 - 2015-08-23 15:49 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\QuickScan
2015-08-22 19:57 - 2015-08-22 19:57 - 10447328 _____ C:\Users\Auzei\Downloads\Antivirus_Free_Edition_x64.exe
2015-08-22 19:56 - 2015-08-22 19:56 - 00162208 _____ C:\Users\Auzei\Downloads\Antivirus_Free_Edition.exe
2015-08-22 19:56 - 2015-08-22 19:56 - 00006200 ____H C:\Users\)vnbxklsjtmjklwkxeclpk\)fnoqhklsjtmjklwkxecrx.tiff
2015-08-22 19:56 - 2015-08-22 19:56 - 00000000 ___HD C:\Users\Auzei\Documents\%qljhdklsjtmjklwkxejsv
2015-08-22 19:56 - 2015-08-22 19:56 - 00000000 ___HD C:\Users\Auzei\AAODFvnbxklsjtmjklwkxeclpk
2015-08-22 19:56 - 2015-08-22 19:56 - 00000000 ___HD C:\Users\)vnbxklsjtmjklwkxeclpk
2015-08-22 19:46 - 2015-08-21 20:41 - 00000000 ____D C:\Users\Auzei\Downloads\integrity_verification
2015-08-22 19:46 - 2015-08-21 20:37 - 00000000 ____D C:\Users\Auzei\Desktop\tron
2015-08-22 19:45 - 2015-08-22 19:45 - 00003418 _____ C:\Windows\System32\Tasks\CryptoMonitor_SU
2015-08-22 19:44 - 2015-08-22 19:46 - 631475416 _____ (Igor Pavlov) C:\Users\Auzei\Downloads\Tron v6.5.1 (2015-08-21).exe
2015-08-22 19:44 - 2015-08-22 19:44 - 00000000 ____D C:\Users\Auzei\AppData\Local\EasySync_Solutions
2015-08-22 19:43 - 2015-08-22 19:43 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\EasySync Solutions
2015-08-22 19:43 - 2015-08-22 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasySync CryptoMonitor
2015-08-22 19:43 - 2015-08-22 19:43 - 00000000 ____D C:\Program Files\EasySync Solutions
2015-08-22 19:41 - 2015-08-22 19:43 - 10847128 _____ (EasySync Solutions) C:\Users\Auzei\Downloads\EasySync_CryptoMonitor_FreePro_Setup.exe
2015-08-22 19:41 - 2015-08-22 19:41 - 01078576 _____ (RaMMicHaeL) C:\Users\Auzei\Downloads\unchecky_setup.exe
2015-08-22 18:50 - 2015-08-22 18:50 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Auzei\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-22 18:48 - 2015-08-23 15:29 - 00004792 _____ C:\Users\Auzei\Desktop\Rkill.txt
2015-08-22 16:08 - 2015-08-22 15:48 - 00225280 _____ (EO4WFYURvm) C:\Windows\SysWOW64\clientsvr.exe
2015-08-22 15:49 - 2015-08-23 15:44 - 00000000 __SHD C:\ProgramData\379510
2015-08-22 15:49 - 2015-08-22 15:49 - 00000006 __RSH C:\ProgramData\1eb8df49fb73d0f79fe3e7944e328cac79df7321
2015-08-22 15:49 - 2015-08-22 15:49 - 00000000 __SHD C:\ProgramData\379410
2015-08-21 10:42 - 2015-08-21 10:44 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Tap_Dungeon
2015-08-21 10:40 - 2015-08-22 21:23 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-20 03:00 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 03:00 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:00 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:00 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 21:03 - 2015-08-19 21:04 - 163862111 _____ C:\Users\Auzei\Downloads\Test Game - Copy.zip
2015-08-19 16:47 - 2015-08-19 16:47 - 04915278 _____ C:\Users\Auzei\Downloads\Bird_Sound_Effect.wav
2015-08-18 21:33 - 2015-08-18 21:36 - 233344840 _____ (Enterbrain ) C:\Users\Auzei\Downloads\RPGVXAce_Multi.exe
2015-08-17 20:26 - 2015-08-17 20:26 - 03064944 _____ (Neople) C:\Users\Auzei\Downloads\DFO_Install.exe
2015-08-17 20:22 - 2015-08-17 20:22 - 00000274 _____ C:\Users\Public\Documents\neople_uninstaller0.bat
2015-08-17 20:14 - 2015-08-17 20:14 - 00003072 _____ C:\Windows\System32\Tasks\{E4BB6EF2-BF0F-4AC8-B8CD-5C06534EB004}
2015-08-17 17:24 - 2015-08-17 17:24 - 00000543 _____ C:\Users\Auzei\Desktop\TalonRO.lnk
2015-08-16 16:37 - 2015-08-16 16:37 - 00000881 _____ C:\Users\Auzei\Desktop\Mabinogi.lnk
2015-08-16 14:21 - 2015-08-07 00:22 - 00573048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-16 14:17 - 2015-08-07 07:06 - 42840184 _____ C:\Windows\system32\nvcompiler.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 22520624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 18540336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 16630096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 15510112 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 14928048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 13656016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 12179496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 11076216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-16 14:17 - 2015-08-07 07:06 - 02937648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 02624816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 01898104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435560.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435560.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 01104440 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 01063216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 01059960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00985208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00942688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00931448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-08-16 14:17 - 2015-08-07 07:06 - 00177088 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-08-16 14:17 - 2015-08-07 07:06 - 00033050 _____ C:\Windows\system32\nvinfo.pb
2015-08-16 14:13 - 2015-07-03 00:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-08-16 14:13 - 2015-07-03 00:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-08-16 11:15 - 2015-08-16 11:15 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2015-08-16 11:05 - 2015-08-16 11:05 - 00000000 ____D C:\Nexon
2015-08-16 11:04 - 2015-08-16 21:29 - 00000000 ____D C:\Users\Auzei\AppData\Local\NexonLauncher
2015-08-16 11:04 - 2015-08-16 11:05 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\NexonLauncher
2015-08-16 11:04 - 2015-08-16 11:04 - 00000752 _____ C:\Users\Auzei\Desktop\Nexon Launcher.lnk
2015-08-12 03:17 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:17 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 19:05 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 19:05 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 19:05 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 19:05 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 19:05 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 19:05 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 19:05 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 19:05 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 19:05 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 19:05 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 19:05 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 19:05 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 19:05 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 19:05 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 19:05 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 19:05 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 19:05 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 19:05 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 19:05 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 19:05 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 19:05 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 19:05 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 19:05 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 19:05 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 19:05 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 19:05 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 19:05 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 19:05 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 19:05 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 19:05 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 19:05 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 19:05 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 19:05 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 19:05 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 19:05 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 19:05 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 19:05 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 19:05 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 19:05 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 19:05 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 19:05 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 19:05 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 19:05 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 19:05 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 19:05 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:05 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:05 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 19:05 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 19:05 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 19:05 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 19:05 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 19:05 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 19:04 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 19:04 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 19:04 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 19:04 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 19:04 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 19:04 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 19:04 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 19:04 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 19:04 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 19:04 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 19:04 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 19:04 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 19:04 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 19:04 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 19:04 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 19:04 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 19:04 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 19:04 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 19:04 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 19:04 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 19:04 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 19:04 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 19:04 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 19:04 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 19:04 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 19:04 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 19:04 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 19:04 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 19:04 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 19:04 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 19:04 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 19:04 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 19:04 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 19:04 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 19:04 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 19:03 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 19:03 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 19:03 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 19:03 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 19:03 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 19:03 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 19:03 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 19:03 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 19:03 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 19:03 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 19:03 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 19:03 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 19:03 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 19:03 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 19:03 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 19:03 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 19:03 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 19:03 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 19:03 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 19:03 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 19:03 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 19:03 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 19:03 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 19:03 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 19:03 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 19:03 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 19:03 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 19:03 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 19:03 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 19:03 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 19:03 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 19:03 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 19:03 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 19:03 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 19:03 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 19:03 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 19:03 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 19:03 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 19:03 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 19:03 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 19:03 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 19:03 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 19:03 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 19:03 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 19:03 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 19:03 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 19:03 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 19:03 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 19:03 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 19:03 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 19:03 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 19:03 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 19:03 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 19:03 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 19:03 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 19:03 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 19:03 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 19:03 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 19:03 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 19:03 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 19:03 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 19:03 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 19:03 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 19:03 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-08 01:19 - 2015-08-08 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2015-08-08 01:18 - 2015-08-08 08:34 - 00000000 ____D C:\Users\Auzei\AppData\Local\Bitwig Studio
2015-08-08 01:18 - 2015-08-08 01:18 - 00000000 ____D C:\Users\Auzei\Documents\Bitwig Studio
2015-08-07 22:09 - 2015-08-07 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-08-07 20:51 - 2015-08-24 18:21 - 00000068 __RSH C:\Windows\system32\Drivers\xusb21.winsecurity
2015-08-07 20:51 - 2015-08-24 17:59 - 00000068 __RSH C:\Windows\system32\Drivers\wmiacpi.winsecurity
2015-08-07 20:51 - 2015-08-07 20:51 - 00000053 __RSH C:\Windows\system32\Drivers\WdfLdr.winsecurity
2015-08-07 18:29 - 2015-08-07 18:29 - 00000000 ____D C:\Program Files (x86)\Bitwig Studio
2015-08-05 18:37 - 2015-08-05 18:58 - 00000000 ____D C:\Users\Auzei\Documents\Syntorial
2015-08-05 18:37 - 2015-08-05 18:54 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Syntorial
2015-08-05 18:36 - 2015-08-05 18:36 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2015-08-05 18:36 - 2015-08-05 18:36 - 00000000 ____D C:\Program Files (x86)\Syntorial (Demo)
2015-08-04 22:32 - 2015-08-24 16:33 - 00000000 ____D C:\Users\Auzei\AppData\Local\Spotify
2015-08-04 22:32 - 2015-08-04 22:32 - 00001792 _____ C:\Users\Auzei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-07-28 07:04 - 2015-07-28 07:04 - 00003092 _____ C:\Windows\System32\Tasks\{70C38526-7E26-43BA-AF26-4A6C2EAB055C}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-24 18:46 - 2009-07-14 01:13 - 00862768 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-24 18:22 - 2015-01-25 13:40 - 00756498 _____ C:\Windows\PFRO.log
2015-08-24 18:21 - 2014-02-27 19:33 - 02045737 _____ C:\Windows\WindowsUpdate.log
2015-08-24 18:20 - 2014-03-16 19:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-24 18:07 - 2009-07-14 00:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-24 18:07 - 2009-07-14 00:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-24 18:00 - 2014-02-27 18:09 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4142785134-173464496-186887342-1000UA.job
2015-08-24 17:59 - 2015-01-25 13:40 - 00035043 _____ C:\Windows\setupact.log
2015-08-24 17:59 - 2014-08-29 17:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 17:58 - 2014-02-27 22:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-24 17:58 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-24 17:38 - 2014-11-08 18:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-24 16:38 - 2014-03-07 16:50 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Spotify
2015-08-24 16:29 - 2014-08-29 17:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-23 21:05 - 2014-02-27 18:09 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4142785134-173464496-186887342-1000Core.job
2015-08-23 20:07 - 2014-03-25 11:54 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\vlc
2015-08-23 19:02 - 2014-03-01 08:56 - 00000000 ____D C:\Users\Auzei\AppData\Local\CrashDumps
2015-08-23 16:55 - 2014-03-04 18:26 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\uTorrent
2015-08-23 15:58 - 2015-01-25 12:28 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-08-22 21:45 - 2014-02-27 18:04 - 00065160 _____ C:\Users\Auzei\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-22 21:44 - 2015-02-11 19:17 - 00000000 ____D C:\Windows\Minidump
2015-08-22 21:44 - 2009-07-14 00:45 - 00300704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-22 21:43 - 2015-02-11 19:17 - 655107890 _____ C:\Windows\MEMORY.DMP
2015-08-22 21:27 - 2014-02-27 18:31 - 00000000 ____D C:\Program Files (x86)\Razer
2015-08-22 21:26 - 2014-02-27 18:32 - 00000000 ____D C:\Users\Auzei\AppData\Local\Razer
2015-08-22 21:26 - 2014-02-27 18:31 - 00000000 ____D C:\ProgramData\Razer
2015-08-22 21:25 - 2014-02-27 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-08-22 21:23 - 2014-02-27 19:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-22 20:47 - 2014-05-27 06:58 - 00000000 ____D C:\AdwCleaner
2015-08-22 20:03 - 2014-05-27 07:27 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-22 19:56 - 2014-02-27 16:36 - 00000000 ____D C:\Users\Auzei
2015-08-22 19:34 - 2015-01-25 12:15 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\IObit
2015-08-22 19:34 - 2015-01-25 12:14 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-22 19:20 - 2014-09-30 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-22 19:19 - 2014-03-16 19:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-22 19:19 - 2014-03-01 08:51 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-22 19:19 - 2014-03-01 08:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-22 18:40 - 2015-01-25 13:33 - 00000000 ____D C:\Windows\pss
2015-08-22 15:56 - 2014-03-01 00:06 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Skype
2015-08-21 14:37 - 2014-10-18 18:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-21 14:37 - 2014-03-01 00:06 - 00000000 ____D C:\ProgramData\Skype
2015-08-21 13:27 - 2015-07-18 09:31 - 00000000 ____D C:\Users\Auzei\AppData\Local\MyComGames
2015-08-21 13:23 - 2015-03-27 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-21 13:23 - 2014-03-01 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-21 13:20 - 2014-09-26 22:20 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\TS3Client
2015-08-17 19:38 - 2014-02-27 22:50 - 00000000 ____D C:\Users\Auzei\Desktop\My Stuff
2015-08-17 17:24 - 2014-10-11 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TalonRO
2015-08-17 17:22 - 2015-02-02 07:42 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-16 14:30 - 2014-06-22 13:15 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\OBS
2015-08-16 14:30 - 2014-06-22 13:15 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-16 14:22 - 2015-04-25 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-16 14:22 - 2014-02-27 22:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-14 10:30 - 2014-09-30 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-13 06:55 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-12 08:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 03:37 - 2014-04-18 16:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:37 - 2014-04-18 16:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-12 03:17 - 2014-04-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:10 - 2014-12-08 16:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:01 - 2014-12-08 16:00 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-09 18:16 - 2014-05-23 13:52 - 00000000 ____D C:\Users\Auzei\.gimp-2.8
2015-08-07 22:10 - 2014-09-26 22:20 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2015-08-07 07:06 - 2015-05-18 21:44 - 14673920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-07 07:06 - 2015-05-18 21:44 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-08-07 07:06 - 2015-04-25 11:37 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-07 07:06 - 2015-04-25 11:37 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-07 07:06 - 2015-04-25 11:17 - 17124832 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-07 07:06 - 2015-04-25 11:17 - 12513288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-08-07 07:06 - 2015-04-25 11:17 - 03518248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-07 07:06 - 2015-04-25 11:17 - 03106384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-07 00:34 - 2015-04-25 11:38 - 06883448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-07 00:34 - 2015-04-25 11:38 - 03492144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-07 00:34 - 2015-04-25 11:38 - 02558768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-07 00:34 - 2015-04-25 11:38 - 00937592 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-07 00:34 - 2015-04-25 11:38 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-07 00:34 - 2015-04-25 11:38 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-05 20:39 - 2014-03-04 23:36 - 00000000 ____D C:\ProgramData\Propellerhead Software
2015-08-05 20:38 - 2015-06-03 17:25 - 00000000 ____D C:\Program Files\Propellerhead
2015-08-05 20:38 - 2014-03-04 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2015-08-03 17:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-03 06:12 - 2015-04-25 11:38 - 05133709 _____ C:\Windows\system32\nvcoproc.bin
2015-08-01 18:49 - 2014-06-25 21:42 - 00000000 ____D C:\Users\Auzei\AppData\Roaming\Mumble
2015-07-28 17:46 - 2014-02-27 23:07 - 00000000 ____D C:\Users\Auzei\Documents\My Games
2015-07-28 06:51 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-26 09:24 - 2014-02-28 23:38 - 00000000 ____D C:\Users\Auzei\AppData\Local\Battle.net
2015-07-26 09:24 - 2014-02-28 23:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2014-07-26 23:36 - 2014-07-26 23:36 - 0000098 _____ () C:\Users\Auzei\AppData\Roaming\LauncherSettings_live.cfg
2014-07-26 23:34 - 2014-07-26 23:34 - 0000040 _____ () C:\Users\Auzei\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-06-15 09:28 - 2014-06-15 09:31 - 1065984 _____ () C:\Users\Auzei\AppData\Local\file__0.localstorage
2014-11-29 15:07 - 2014-11-29 15:07 - 0003233 _____ () C:\Users\Auzei\AppData\Local\recently-used.xbel
2015-04-19 14:53 - 2015-06-13 21:52 - 0007628 _____ () C:\Users\Auzei\AppData\Local\Resmon.ResmonCfg
2014-02-27 18:04 - 2014-02-27 18:04 - 0000003 _____ () C:\Users\Auzei\AppData\Local\user_data.ini
2015-08-22 15:49 - 2015-08-22 15:49 - 0000006 __RSH () C:\ProgramData\1eb8df49fb73d0f79fe3e7944e328cac79df7321
2015-05-09 15:26 - 2015-03-10 15:26 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\Auzei\AppData\Local\Temp\0de22af8fc92ac39a3def2b1b106cbf6.dll
C:\Users\Auzei\AppData\Local\Temp\4e6cf5d72520e51ea54dbf30164d13e3.dll
C:\Users\Auzei\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7afjvf.dll
C:\Users\Auzei\AppData\Local\Temp\NGMDll.dll
C:\Users\Auzei\AppData\Local\Temp\NGMResource.dll
C:\Users\Auzei\AppData\Local\Temp\NGMSetup.exe
C:\Users\Auzei\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Auzei\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Auzei\AppData\Local\Temp\nvStInst.exe
C:\Users\Auzei\AppData\Local\Temp\Quarantine.exe
C:\Users\Auzei\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Auzei\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Auzei\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll
C:\Users\Auzei\AppData\Local\Temp\sqlite3.dll
C:\Users\Auzei\AppData\Local\Temp\unicows.dll
C:\Users\Auzei\AppData\Local\Temp\Uninstaller-13260.exe
C:\Users\Auzei\AppData\Local\Temp\Uninstaller-7548.exe
C:\Users\Auzei\AppData\Local\Temp\Uninstaller-7608.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2015-08-22 00:59
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by Auzei (2015-08-24 18:47:12)
Running from C:\Users\Auzei\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4142785134-173464496-186887342-500 - Administrator - Disabled)
Auzei (S-1-5-21-4142785134-173464496-186887342-1000 - Administrator - Enabled) => C:\Users\Auzei
Guest (S-1-5-21-4142785134-173464496-186887342-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acquisition version 0.2d (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.2d - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aseprite 1.0.9 (HKLM-x32\...\{11AD6B99-637C-47B7-8925-A541A95AC1F0}_is1) (Version:  - David Capello)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.110 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
Authorizer 2.8.1d3 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.8.1d3 - Propellerhead Software AB)
Authorizer Ignition Key Support (Version: 1.0.6.0 - Propellerhead Software AB) Hidden
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bitwig Studio (HKLM-x32\...\{96D9F08A-5470-455E-B11B-F1657B2790F7}) (Version: 1.1.10 - Bitwig GmbH)
Blue Iris 4 (HKLM-x32\...\{24DBFE51-243F-4538-BB28-2FD7EC8E7F16}) (Version: 4.0.4.3 - Perspective Software)
Boid (HKLM-x32\...\Steam App 314010) (Version:  - Mokus)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
C3 (HKLM-x32\...\{78C10BED-CB1D-4E9C-BAE5-AC777D49B521}) (Version: 0.6.6260 - Mercer Road Corp)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Corsair K70 Firmware Update Application (HKLM-x32\...\{8C9DA353-2101-4658-BAA7-53F88EA0D3AB}_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crawl (HKLM-x32\...\Steam App 293780) (Version:  - Powerhoof)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
D2SE V2.2.0 (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
DC Universe Online (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dungeon Crawl Stone Soup (HKLM-x32\...\Crawl) (Version: 0.15.0 - )
Dungeon Defenders II (Pre-Alpha) (HKLM-x32\...\Steam App 236110) (Version:  - )
Dungeon Souls (HKLM-x32\...\Steam App 383230) (Version:  - Mike Studios)
EasySync CryptoMonitor (HKLM-x32\...\EasySync CryptoMonitor 2.0.503.0) (Version: 2.0.503.0 - EasySync Solutions)
EasySync CryptoMonitor (Version: 2.0.503.0 - EasySync Solutions) Hidden
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 Multiplayer 0.1.0.9 Alpha R3 (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.0.9 Alpha R3 - ETS2MP Team)
f.lux (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\Flux) (Version:  - )
FMOD Studio 1.04.04 (HKLM-x32\...\FMOD Studio 1.04.04) (Version:  - Firelight Technologies Pty Ltd)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
Freaking Meatbags (HKLM-x32\...\Steam App 297060) (Version:  - Wild Factor)
Gigantic Launcher (HKLM-x32\...\{DF49BD46-1696-4118-A3A3-B86BF0426449}) (Version: 1.3.0.0 - Motiga Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Gnomoria (HKLM-x32\...\Steam App 224500) (Version:  - Robotronic Games)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoPanda2 (HKLM-x32\...\{D0AC6435-7546-45DF-9797-2F5BB23F0F19}) (Version: 2.4.0 - PANDANET Inc.)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Half Minute Hero: The Second Coming (HKLM-x32\...\Steam App 240970) (Version:  - OPUS)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JetBrains PyCharm Community Edition 3.4.1 (HKLM-x32\...\PyCharm Community Edition 3.4.1) (Version: 135.1057 - JetBrains s.r.o.)
Lethal League (HKLM-x32\...\Steam App 261180) (Version:  - Team Reptile)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Magic The Gathering Online  (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\35c9d60442fbb010) (Version: 3.4.83.470 - Wizards of the Coast)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MapleLegends version 1.0 release (HKLM-x32\...\{7D76C931-6594-4A58-825D-EA6193FE3E34}}_is1) (Version: 1.0 release - MapleLegends)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5697 - Mozilla)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
My.com Game Center (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\MyComGames) (Version: 3.138 - My.com B.V.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.2.0 - Nexon)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{ae03da4b-8b32-49df-9f7a-58173366fe26}) (Version: latest - ppy Pty Ltd)
Path of Exile - The Awakening Closed Beta (HKLM-x32\...\{08614ECB-C254-422C-AB67-C51E98CD1F78}) (Version: 2.0.0.41339 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.41545 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
PULSAR: Lost Colony (HKLM-x32\...\Steam App 252870) (Version:  - )
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Puzzle Pirates (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\Puzzle Pirates) (Version:  - )
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
PyxelEdit (HKLM-x32\...\PyxelEdit) (Version: 0.3.108 - UNKNOWN)
PyxelEdit (x32 Version: 0.3.108 - UNKNOWN) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Reason 7.1.1 (HKLM\...\Reason7.1_64_is1) (Version: 7.1.1 - Propellerhead Software AB)
Reason 8 8.3.0d92 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.0d92 - Propellerhead Software AB)
Reason Ignition Key Support (x32 Version: 1.0.7.0 - Propellerhead Software AB) Hidden
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Scrolls (HKLM-x32\...\{AA53ACF4-5893-4F7C-8589-32F6A4266125}) (Version: 1.0.0.0 - Mojang)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
ShiftWindow 1.02 (HKLM-x32\...\ShiftWindow_is1) (Version:  - Grismar)
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version:  - Yacht Club Games)
skyforge_mycom (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\skyforge_mycom) (Version: 1.31 - My.com B.V.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
SmartPixel (HKLM-x32\...\SmartPixel) (Version: 3.2.0.0 - Beyond Magic Limited)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Spotify (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stonehearth (HKLM-x32\...\Steam App 253250) (Version:  - )
Sui Generis Combat Alpha (HKLM-x32\...\{2ABB7C05-404F-4B14-A1E1-A6F8AD76D2BE}) (Version: 0.8.7 - Bare Mettle Entertainment)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
Syntorial (Demo) (HKLM-x32\...\{AAA1874D-04F6-48F3-99C0-E137EAD0EFEF}) (Version: 1.6.1 - Audible Genius, LLC)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TalonRO Client 1.0.0 (HKLM-x32\...\TalonRO_is1) (Version: 1.0.0 - TalonRO)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Basement Collection (HKLM-x32\...\Steam App 214790) (Version:  - Edmund McMillen, Tyler Glaiel)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Curious Expedition (HKLM-x32\...\Steam App 358130) (Version:  - )
THE KING OF FIGHTERS XIII STEAM EDITION (HKLM-x32\...\Steam App 222940) (Version:  - SNK Playmore)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.7.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Unity Web Player (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4142785134-173464496-186887342-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
X3Watch (HKLM-x32\...\{BCF442DC-768A-4383-AFD7-E239F715ADB3}) (Version: 1.00.0000 - XXXChurch)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUsb (HKLM-x32\...\XFastUsb) (Version:  - )
XSplit Broadcaster (HKLM-x32\...\{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}) (Version: 1.3.1403.1202 - SplitMediaLabs)
XSplit Gamecaster (HKLM-x32\...\{C1BC9A8A-B24D-44FE-94E8-4F4F1FFABB9B}) (Version: 1.5.1403.0604 - SplitMediaLabs)
Yatagarasu Attack on Cataclysm (HKLM-x32\...\Steam App 319280) (Version:  - Yatagarasu Dev Team)
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Auzei\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{b58568d3-b3a6-4225-a48f-bcfc738e8bb1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Auzei\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142785134-173464496-186887342-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Auzei\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
22-08-2015 22:24:56 Removed DFO.
22-08-2015 22:28:01 Installed DFO.
23-08-2015 16:55:22 Removed DFO.
23-08-2015 20:25:04 Installed DFO.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {089C2F5C-65E0-48CE-8A4B-BFB85DC1D5F4} - System32\Tasks\{7B006720-8A34-4E5F-B3D3-C768A5396C00} => pcalua.exe -a C:\Users\Auzei\Downloads\DotNetFx35ClientSetup.exe -d C:\Users\Auzei\Downloads
Task: {1478E377-7128-4B13-B991-75C538544322} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4142785134-173464496-186887342-1000UA => C:\Users\Auzei\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {33D477C5-4D61-4142-A5B0-F95C9E14A31C} - System32\Tasks\{A8E344EA-D923-4F49-BDF9-CE39C283F8BB} => pcalua.exe -a "C:\Program Files (x86)\YTDownloader\YTDUninstall.exe"
Task: {38004758-EFEF-4E2B-BC16-C7BCC6DC0232} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3C0DE88D-7F29-4FD0-AFE2-F2F967C7D8AC} - System32\Tasks\CryptoMonitor_SU => C:\Program Files\EasySync Solutions\EasySync CryptoMonitor\CryptoMonitor.exe [2015-06-30] (EasySync Solutions)
Task: {43E54AB4-FF63-4CE7-AE67-0BFACF8628BA} - System32\Tasks\{EAD7B18C-9A46-4C98-A7BD-FF62F0228E43} => pcalua.exe -a "C:\Users\Auzei\Downloads\setup (2).exe" -d C:\Users\Auzei\Downloads
Task: {45AC13D5-28B0-497B-9B54-1CE51CD0EC75} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-09-30] (Microsoft Corporation)
Task: {4F979455-0893-44E4-92B6-3525821E0A10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: {6B118CEF-B2D3-42D2-B5B4-9EAAB05B8141} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {6BF64D2B-B195-4795-B43F-9D57630C14E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4142785134-173464496-186887342-1000Core => C:\Users\Auzei\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {780147F2-E6E6-4459-B7E0-053C51F954F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: {8791C1F1-7778-4591-84E4-5704399A15B2} - System32\Tasks\{656541E4-6B37-458F-8EF2-100D79CC4FD0} => pcalua.exe -a "C:\Program Files (x86)\iWebar\Uninstall.exe" -c /fcp=1
Task: {BA68ACB1-B24B-4AE4-9033-67C24385C3B7} - System32\Tasks\{70C38526-7E26-43BA-AF26-4A6C2EAB055C} => Chrome.exe http://ui.skype.com/ui/0/7.6.80.105/en/abandoninstall?page=tsMain
Task: {BE139104-7569-4B89-8BF2-9A11A847998E} - System32\Tasks\{E4BB6EF2-BF0F-4AC8-B8CD-5C06534EB004} => pcalua.exe -a D:\Neople\DFO\DFO.exe -d D:\Neople\DFO
Task: {D0622C8D-50D0-40AF-872C-8A7DB4D1606B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-22] (Adobe Systems Incorporated)
Task: {E74FBFE6-7A34-48DB-8220-2F6B3FACB5C2} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4142785134-173464496-186887342-1000Core.job => C:\Users\Auzei\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4142785134-173464496-186887342-1000UA.job => C:\Users\Auzei\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:CM_87d780ec9e0d55470f2204b6db454bdfe2496059a07d21f4f1dc72bee115682a
AlternateDataStreams: C:\Windows:CM_bfe21e7d1e61c9efc4590824cdd47d851819028c4fa29dbdf31dc53fe4b7cdc2
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Auzei\Downloads\DFO_Install (1).exe:BDU
AlternateDataStreams: C:\Users\Auzei\Downloads\smartpixel_setup.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4142785134-173464496-186887342-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Auzei\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: EvoSvc => 3
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MonectServerService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8B54FD65-84AF-435B-B7AF-AFFCF5C864EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{745B64DF-7FCE-4354-9D4B-6CB5118B1406}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{649F37CB-57B3-49E4-B84B-7E5435F4F94F}C:\program files (x86)\xxxchurch\x3watch\x3watch.exe] => (Allow) C:\program files (x86)\xxxchurch\x3watch\x3watch.exe
FirewallRules: [UDP Query User{5DA593BF-F72F-4BF2-B19E-DEADA67FAFB1}C:\program files (x86)\xxxchurch\x3watch\x3watch.exe] => (Allow) C:\program files (x86)\xxxchurch\x3watch\x3watch.exe
FirewallRules: [{430E9D44-3F5E-41EF-BFFB-63B3F9FA7615}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{D2AED8A3-2BB9-48BE-A9F0-7BA96E3EC051}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{2CC0583B-0FD7-4784-8A2B-167B5E21B924}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6DA97EF5-D759-4460-BBD4-C757DE5CA274}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [UDP Query User{F74E667D-E07B-48F9-905E-6E3C834284D8}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [{4DD714CE-500E-4D80-8D1A-568DAB855180}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{4A00A5DA-C4DC-4236-8264-9F450D34CE96}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{8A79357E-510A-42D5-A073-2E1FF1C6197E}C:\users\auzei\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\auzei\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4F54DB04-8242-4C19-9321-C4715582C137}C:\users\auzei\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\auzei\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{1AC853C3-9CD0-4B79-B7FD-4FC02812C70F}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [UDP Query User{C6642C8D-126C-47D1-AA71-3A781751557B}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [TCP Query User{C13BE1C8-7C60-4F0E-990D-EEEE4C0AD223}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [UDP Query User{6D766DFE-6C13-41FA-9D74-B8A07854EDD6}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [TCP Query User{5D2891D3-6915-429E-B05F-EB9E2D2B21DF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{AACBE5AC-84A1-4957-874F-40379EA3C3FD}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{0828296F-422F-4F86-92AC-1BB97A2216C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PULSARLostColony\PULSAR_LostColony.exe
FirewallRules: [{16B83B7B-E401-41F0-ABA7-47925A8E0D17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PULSARLostColony\PULSAR_LostColony.exe
FirewallRules: [{77F88052-0791-4D74-A9FA-5DF95876C225}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{75EDD418-2082-4C86-BC69-BC9A9040C5B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{665708AE-4184-4616-8882-89CEE750C44F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{36A1B6A8-D1CA-480F-8D5E-94B88BFBD7D2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{54579F20-F831-4000-A18D-61650A55F80F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{6F1205F7-5F17-400F-BCB4-B5BF70CEE237}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A1B8274A-4D5A-48AB-936B-4916A9E6470E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PULSARLostColony
FirewallRules: [{5F1230E6-99D8-4FDE-B29F-9B3554CD75EE}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{5377E73A-4D5A-43EC-84E1-5EC9AAAFD95D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{76BC92E3-8DDC-4494-846B-9915F540197D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{3823E6AC-645B-4C79-B724-767A069F128D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{2BF2E6C6-8F4D-4438-9033-51E25344088F}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{346F03BC-155F-49F0-86B4-64F5760DBB42}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{E52A04D8-40E2-40DC-BBC9-65656C27E734}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6F6CA73-472E-445F-9174-E33E17FBB392}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5176B103-D9F6-4CA4-9670-78562FE3239E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{739FE4B0-2402-4CC1-BC65-6FFDC20EA835}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4B064BED-216D-4B6B-AA92-24916FBD41CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{DDA5127E-ECD8-47C4-B8CE-136881A301CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{CA0E883B-1712-4F35-9E9B-BEAD0AF67E84}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{F3995B41-43D0-4A42-8FBF-FF3C1DEC200A}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{AE6954BA-CCB8-48D8-8F4A-966A723021DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4302DD00-D72F-4921-8936-887EF64F5320}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{112CA610-BBB0-46B8-B787-BAD8FE349F19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F5A7A77-92C3-4A49-9749-75E2C5122A42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9CCA5A42-E458-415C-8C2B-48B5CDE457B7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E6459BB9-A62D-45A3-A98D-38BE5E38F5D7}C:\program files (x86)\jetbrains\pycharm community edition 3.4.1\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 3.4.1\bin\pycharm.exe
FirewallRules: [UDP Query User{24FF6C9E-CCD0-4BC5-B340-1483ABE6617D}C:\program files (x86)\jetbrains\pycharm community edition 3.4.1\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 3.4.1\bin\pycharm.exe
FirewallRules: [{E3603FC1-5F62-43F7-800A-EE11BDDBD7FC}] => (Allow) D:\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{50877847-7751-4C13-93A2-A90A28D691DD}] => (Allow) D:\Steam\SteamApps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{D5910559-9889-4768-91BD-FF190141D711}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{3E932DF6-AF81-4F16-97F5-F10096976059}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{7AA1B7B4-91C6-45E7-95FE-EE5D535DB1A9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2ABF628A-70AE-4F74-88F2-6176B5654868}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B0BF798D-88B8-4152-B1C3-A5C0F13CE519}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D27FA6AD-BC2E-4C0A-AE0C-A866ADC3B3A8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{3B1D3C5D-5306-4EA4-A8AA-036C19398663}] => (Allow) D:\Steam\SteamApps\common\lethalleague\LethalLeague.exe
FirewallRules: [{A41AC9AA-A36E-4712-8774-25E8238CFFF6}] => (Allow) D:\Steam\SteamApps\common\lethalleague\LethalLeague.exe
FirewallRules: [{878857C4-DB23-483F-A5AA-9E20D37ABCD8}] => (Allow) D:\Steam\SteamApps\common\Stonehearth\Stonehearth.exe
FirewallRules: [{B0C1E8E1-2B06-44DD-BE1E-5737B45837B4}] => (Allow) D:\Steam\SteamApps\common\Stonehearth\Stonehearth.exe
FirewallRules: [{B99E4854-70BB-4AF2-8409-27BE6EA2AC66}] => (Allow) D:\Origin\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{98A54105-4619-47B7-9FD5-2D5193B3AC53}] => (Allow) D:\Origin\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{29175103-559E-4793-B96A-C562CB0F5669}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{6BC6466D-BCE5-4D06-81AF-1707ADAF02E3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D2791374-9433-470B-8D72-E2C3D84D0B55}] => (Allow) D:\Steam\SteamApps\common\Gnomoria\Gnomoria.exe
FirewallRules: [{B7F06E05-9942-4E5D-981D-0815E37255D1}] => (Allow) D:\Steam\SteamApps\common\Gnomoria\Gnomoria.exe
FirewallRules: [TCP Query User{B1B67970-F9C3-4FBC-98B0-0718B2BB55BE}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{C36FD7D5-8C8D-4144-BC72-94EC15F2FEE5}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [{99528FB7-420B-480C-ACBF-CA96640AB721}] => (Allow) D:\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{4814B9BA-8B67-4D10-BE1F-321F489E43E3}] => (Allow) D:\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{F511780B-DAE9-4E7A-87EC-790740DD51FA}] => (Allow) D:\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{15C317A8-1D31-4D15-96F7-A622538C766C}] => (Allow) D:\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
FirewallRules: [{785E0030-74D3-4C30-AABC-94266248FEA3}] => (Allow) D:\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{8E3A3076-7E95-4FC3-94DF-7A863509FD41}] => (Allow) D:\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{D0081440-5D29-42EE-981B-6264C873A4C3}] => (Allow) D:\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{51C6A17D-5FD8-47A4-BF7D-27E7FD1576FA}] => (Allow) D:\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{6639ECD9-B0D7-4D7A-84E3-8D244C52DBA9}] => (Allow) D:\Origin\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{CDFF2661-6D58-4761-987D-0D287F9E6B26}] => (Allow) D:\Origin\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{3F3D30B2-E38B-4066-8987-0DE58DBB63F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{187423CD-D506-416B-BA9A-FD90C78C2905}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38E4441E-FB0F-4812-A652-8F3241A291E1}] => (Allow) D:\Steam\SteamApps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{AF126ECD-ABBB-4577-90A9-67568874364D}] => (Allow) D:\Steam\SteamApps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{38796E01-97F4-40EE-BD3D-37DF6D96CA42}D:\warcraft 3\warcraft iii\war3.exe] => (Allow) D:\warcraft 3\warcraft iii\war3.exe
FirewallRules: [UDP Query User{0CB4C03D-5015-489D-AA29-CF89C050F33A}D:\warcraft 3\warcraft iii\war3.exe] => (Allow) D:\warcraft 3\warcraft iii\war3.exe
FirewallRules: [{5ACA1B26-6FC2-46AE-BFE5-E4EF190633BE}] => (Allow) D:\Steam\SteamApps\common\Freaking Meatbags\Freaking_MeatBags.exe
FirewallRules: [{55FF0555-EB80-4232-BBF5-D5FD5951048B}] => (Allow) D:\Steam\SteamApps\common\Freaking Meatbags\Freaking_MeatBags.exe
FirewallRules: [{DC05067A-EEF8-4154-A160-74448BFECB73}] => (Allow) D:\Blizzard\StarCraft II\StarCraft II.exe
FirewallRules: [{A6C0171F-1FE6-47DB-B736-EE3687300A35}] => (Allow) D:\Blizzard\StarCraft II\StarCraft II.exe
FirewallRules: [{562D6E02-C091-4B7B-A397-91104A079CCD}] => (Allow) D:\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{B8E72CEF-633D-4F43-9A99-CD202DE296D8}] => (Allow) D:\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [TCP Query User{86218E24-985A-46C5-8ABC-FA93998DD5F0}D:\blizzard\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\blizzard\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{8A38E953-CD04-4348-80E4-C80A0C87B46E}D:\blizzard\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\blizzard\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{6AF96BFB-456A-4E68-B962-000668A5BB4A}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A509EF25-BEA7-4CA0-ABDD-09102686660C}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{802BF49A-10D5-4508-ABB8-BC84CCBDB50D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{7032D0B4-4475-46F4-92BB-197CE8562592}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{30D65279-F268-46B6-BCF8-2928C15BE988}] => (Allow) D:\Steam\SteamApps\common\Ori\ori.exe
FirewallRules: [{562C7B29-723F-4F1B-9CC6-496DB2CDD2E4}] => (Allow) D:\Steam\SteamApps\common\Ori\ori.exe
FirewallRules: [{BE1DF019-B11A-439F-B282-A024486E304A}] => (Allow) D:\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{20276372-1955-4BD7-BB92-4E6B6466583C}] => (Allow) D:\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [TCP Query User{BCEBCD96-F460-437F-910C-C0A3B1BCAC4B}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe
FirewallRules: [UDP Query User{A48E01BC-ED1B-4B61-9172-0A9FB107BB55}D:\neople\dfo\dfo.exe] => (Allow) D:\neople\dfo\dfo.exe
FirewallRules: [{F33E4AFC-E02B-4E4E-9775-0300B666A3A2}] => (Allow) D:\Steam\SteamApps\common\basement\The Basement Collection.exe
FirewallRules: [{CA869834-3FD7-41C0-BB76-F73552CD6DEC}] => (Allow) D:\Steam\SteamApps\common\basement\The Basement Collection.exe
FirewallRules: [{C869247A-3EE4-495E-AE4B-09A8C02A144E}] => (Allow) D:\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{DD7E347E-87D1-4AD9-9097-C8892FB8B973}] => (Allow) D:\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [TCP Query User{AAFD896F-659F-49DD-BC78-EF8B0F2BDB50}D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{F67CC9BA-B8CF-4B94-AC56-054D17ED8466}D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{25DB0A6A-60DC-4AA5-83D0-D56FE36EC798}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{B00BDD6E-7B85-41ED-A1E0-EC80F727DBC6}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{ADAB9866-9512-459C-8B20-B203C287C7F3}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5B3CC6AF-66BD-4DE3-85B9-1308300C57B5}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{0A93D0CB-4EAD-4DD2-8191-3AD81ABF63E1}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [UDP Query User{E9C71BB2-D85F-4DB0-856D-2D8CF63DAE79}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [{B7769D69-4ECA-4A8E-ACDD-572D399D2843}] => (Allow) D:\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{E2F71541-3984-4AE2-B83B-E2DAD68FB6FA}] => (Allow) D:\Steam\SteamApps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{D710A28B-7A98-428F-A47E-DF9DD18D6981}] => (Allow) D:\Steam\SteamApps\common\Boid\Boid.exe
FirewallRules: [{995481FF-BA69-4DBD-8E3C-594F57F89813}] => (Allow) D:\Steam\SteamApps\common\Boid\Boid.exe
FirewallRules: [{4F31514D-4D26-466F-8267-7653619361A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BE6630A6-4A13-4D0C-9606-5BB7CC93D2D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{4DE15B39-B75F-4103-98FD-18C6A9122914}C:\program files (x86)\motiga\gigantic launcher\gigantic\binaries\win32\rxgame-win32-shipping.exe] => (Allow) C:\program files (x86)\motiga\gigantic launcher\gigantic\binaries\win32\rxgame-win32-shipping.exe
FirewallRules: [UDP Query User{6B00ED76-BEF5-4ABE-B187-975DBD780DEF}C:\program files (x86)\motiga\gigantic launcher\gigantic\binaries\win32\rxgame-win32-shipping.exe] => (Allow) C:\program files (x86)\motiga\gigantic launcher\gigantic\binaries\win32\rxgame-win32-shipping.exe
FirewallRules: [TCP Query User{A60BBB53-CFA7-412B-92DB-8E66D8998A4B}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [UDP Query User{D5B30360-EE06-4EB3-91BF-A9683B18D57C}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{6134B169-13A3-4511-A5C9-5D9564888072}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{061BBB24-5D3D-4388-A7C0-90C390FBE173}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{0DB0B860-7D2D-48D0-A9D8-A815E5B1108A}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{3CE351B1-D3A1-4268-8684-09B9E337DCB8}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{D8CEB8A2-8E42-4C24-BA73-4686BEA4D06C}] => (Allow) D:\Steam\SteamApps\common\The Curious Expedition\nw.exe
FirewallRules: [{E86DCB67-5F91-4ECA-B6C2-64D33CC7CDFF}] => (Allow) D:\Steam\SteamApps\common\The Curious Expedition\nw.exe
FirewallRules: [{B5B898AE-C503-41BB-987D-05F0F528AE82}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{FEED2DB6-282D-4AD2-94E5-675101F17A58}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{8636BF0A-B0D8-4B77-AF8E-78305D03F83F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{B7A35419-E6D5-4818-A1A6-0148EE1B9DD0}] => (Allow) D:\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{E71EFDAA-E121-4396-924F-4F8A30508610}] => (Allow) D:\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{4C11DA74-CE0A-473F-A5DA-21BDC2449F68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half Minute Hero Two\HMH2.exe
FirewallRules: [{B8FEC987-9804-46D9-AB71-31B88C1AD989}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half Minute Hero Two\HMH2.exe
FirewallRules: [{EE6BA90D-5031-4C88-BC71-2FAAE2569AFB}] => (Allow) D:\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{25C9F515-748B-4452-B69C-ABE8F02392B6}] => (Allow) D:\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{A02D93DC-3363-4750-9F5B-D2E9F1952E63}] => (Allow) D:\Steam\SteamApps\common\King of Fighters XIII\kofxiii.exe
FirewallRules: [{BC6B997F-4F67-4B33-89C8-1C0BB9511F2C}] => (Allow) D:\Steam\SteamApps\common\King of Fighters XIII\kofxiii.exe
FirewallRules: [{A721B750-AE97-46EC-9601-4127F9FD40EA}] => (Allow) D:\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{A4F3B881-C105-49FC-9C06-58C0FC8F2A94}] => (Allow) D:\Steam\SteamApps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{A4AD3C96-EC2E-4098-8E8C-8323947C6E71}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A7110046-1D4F-46D4-9BCD-EE820280C578}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{101F11B1-B009-4E6A-9BB0-08FADBB28373}] => (Allow) D:\Steam\SteamApps\common\Yatagarasu\YatagarasuLauncher.exe
FirewallRules: [{31B9D00F-453A-4312-9AB1-DED4EBF7D170}] => (Allow) D:\Steam\SteamApps\common\Yatagarasu\YatagarasuLauncher.exe
FirewallRules: [{D20567E7-B7A0-4794-B60D-46EB49FA5747}] => (Allow) D:\Steam\SteamApps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{0E9AFE30-AC44-4C9F-B276-C2096BA23CFF}] => (Allow) D:\Steam\SteamApps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [TCP Query User{A084676A-CDE6-4ECB-A69A-5325928418FE}C:\users\auzei\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\auzei\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{5990F660-1BF3-435A-8CC6-4D8BFC7C340F}C:\users\auzei\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\auzei\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{9BB4409B-8AC0-4627-90BC-F09A8F12BA63}C:\users\auzei\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\auzei\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{131B8C22-4545-41F9-892F-31E2F5120B5E}C:\users\auzei\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\auzei\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{ACC1BC94-96A6-48E6-BA6C-A3CE1FDB1042}] => (Allow) D:\Steam\SteamApps\common\Crawl\Crawl.exe
FirewallRules: [{4631D30A-1C74-4C39-9059-8FA30FFD3B93}] => (Allow) D:\Steam\SteamApps\common\Crawl\Crawl.exe
FirewallRules: [TCP Query User{EC52FA7A-1EC8-433F-A2F6-5C1F86B2DDD7}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [UDP Query User{37D7FCBD-4B27-48E8-8447-26337FBB825B}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [{DCE7787E-EEB7-4527-9A6F-315EAF7ED51A}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{2F514C84-FDF5-497E-8954-8B577E96E0B4}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{660C4605-6EB7-4E9C-8144-FCDF8B2915B8}] => (Allow) D:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BE8FF146-A08C-4C77-A925-D447A8ACBEBC}] => (Allow) D:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{01DF5662-C3A3-4D48-BD6A-1B9D9ACC97F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{21C0D746-F2AA-4DB5-AC2E-C98967B02CBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D97B79A2-2A9E-4A4D-B093-203E7ED003BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1284B042-319C-4139-A342-F37F43D0D473}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D3355F8C-90C8-42A2-9150-F08AD7879DF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ECEC0F7D-23B5-49F0-9533-95547B641DAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A4062DFE-0DF1-4BC7-85B0-7FDF100DCCEC}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{2315D9FE-105F-4CB7-8526-B359F9D734D0}C:\smartpixel\bin\smartpixel.exe] => (Allow) C:\smartpixel\bin\smartpixel.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2015 06:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 06:00:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 05:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 07:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.1.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.1.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007ca10a
Faulting process id: 0x1548
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (08/23/2015 03:44:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 03:39:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Auzei\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
 
Error: (08/23/2015 03:37:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 03:26:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 12:57:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 10:22:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/24/2015 06:43:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 06:22:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 06:22:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 06:22:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 06:22:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 06:22:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 06:22:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 06:22:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/24/2015 06:22:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/24/2015 06:22:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (08/24/2015 06:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 06:00:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2015 05:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 07:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.1.000000004libqt4_plugin.dll2.2.1.00002000240000015007ca10a154801d0ddf7b61057daC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dllf699b73e-49ea-11e5-a908-bc5ff41c3b25
 
Error: (08/23/2015 03:44:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 03:39:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Auzei\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"JRT Pre-Junkware Removal0x8007043c
 
Error: (08/23/2015 03:37:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 03:26:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2015 12:57:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2015 10:22:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 15%
Total physical RAM: 8103.53 MB
Available physical RAM: 6820.12 MB
Total Virtual: 16205.26 MB
Available Virtual: 15325.76 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:107.61 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:173.38 GB) NTFS
Drive f: () (Removable) (Total:116.91 GB) (Free:116.89 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C9BEC9BE)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7C548C01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 116.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of FRST.txt ============================
 
 
I hope this goes smoothly and without too much wait. I understand other people are busy too. I do have online classwork I need keep up with. I'm trying to find time to change all my important passwords. Oh yeah! Also I had a blue screen at some point during all of this. it was from volsnap.sys

Edited by Auzei, 24 August 2015 - 06:34 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 26 August 2015 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Auzei\AppData\Local\Temp\0de22af8fc92ac39a3def2b1b106cbf6.dll
C:\Users\Auzei\AppData\Local\Temp\4e6cf5d72520e51ea54dbf30164d13e3.dll
C:\Users\Auzei\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7afjvf.dll
C:\Users\Auzei\AppData\Local\Temp\NGMDll.dll
C:\Users\Auzei\AppData\Local\Temp\NGMResource.dll
C:\Users\Auzei\AppData\Local\Temp\NGMSetup.exe
C:\Users\Auzei\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Auzei\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Auzei\AppData\Local\Temp\nvStInst.exe
C:\Users\Auzei\AppData\Local\Temp\Quarantine.exe
C:\Users\Auzei\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Auzei\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Auzei\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll
C:\Users\Auzei\AppData\Local\Temp\sqlite3.dll
C:\Users\Auzei\AppData\Local\Temp\unicows.dll
C:\Users\Auzei\AppData\Local\Temp\Uninstaller-13260.exe
C:\Users\Auzei\AppData\Local\Temp\Uninstaller-7548.exe
C:\Users\Auzei\AppData\Local\Temp\Uninstaller-7608.exe
AlternateDataStreams: C:\Windows:CM_87d780ec9e0d55470f2204b6db454bdfe2496059a07d21f4f1dc72bee115682a
AlternateDataStreams: C:\Windows:CM_bfe21e7d1e61c9efc4590824cdd47d851819028c4fa29dbdf31dc53fe4b7cdc2
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Auzei\Downloads\DFO_Install (1).exe:BDU
AlternateDataStreams: C:\Users\Auzei\Downloads\smartpixel_setup.exe:BDU
C:\Windows\MEMORY.DMP

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===




ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

Lets check further on this.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:35 PM

Posted 31 August 2015 - 07:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users