Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Both GMer and aswMBR are bsoding me, what should i do?


  • Please log in to reply
6 replies to this topic

#1 aviza12

aviza12

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 11 September 2015 - 09:43 AM

Hi guys,

So after failing to install a WIN10 update, I've got all suspicious and tried to find whether or not i'm infected.

I've tried so far Roguekiller, Malwarebyte antirootkit, gmer, kaspersky's tdskiller, and aswmbr.

also, my antivirus is eset nod32.

 

anyway, most of these tests passed with flying colours, but both aswmbr and gmer consistently bsod'ed my computer.

 

Can anyone help me? Thanks a bunch!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:28 PM

Posted 11 September 2015 - 10:02 AM

Hi, appears you have some issues tat require a deeper look. Please repost as per the guide. If you have the RogueKiller log ,include that.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 11 September 2015 - 10:18 AM

Thank's for the quick reply!

 

so here are the logs (couldn't find any way to attach the files, so i'll just paste the contents here, I hope it's ok)

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01

Ran by avishay (administrator) on AVISHAYPC (11-09-2015 18:04:03)
Running from D:\Users\Avishay\Downloads
Loaded Profiles: avishay (Available Profiles: avishay)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() D:\Program Files\Everything\Everything.exe
(ESET) D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() D:\Program Files\Everything\Everything.exe
(Logitech Inc.) D:\Program Files\Logitech Gaming Software\LCore.exe
(ESET) D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Flux Software LLC) C:\Users\zarad\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Codeusa Software) D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => D:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
HKLM\...\Run: [Launch LCore] => D:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [GoogleChromeAutoLaunch_B04F73544F72B0AFDA6C8742B9AF1155] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [f.lux] => C:\Users\zarad\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
Startup: C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-07-31]
ShortcutTarget: Borderless Gaming.lnk -> D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe (Codeusa Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{040e884e-073e-4896-8c6e-ec5b32e88eb3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{040e884e-073e-4896-8c6e-ec5b32e88eb3}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> jb
CHR Profile: C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (SHINE for reddit (beta)) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2015-07-30]
CHR Extension: (Torrent Search) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-07-30]
CHR Extension: (Duolingo on the Web) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-08-06]
CHR Extension: (Google Art Project) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh [2015-07-30]
CHR Extension: (Google Docs) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Cast) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-14]
CHR Extension: (Google Search) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Vimium) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2015-07-30]
CHR Extension: (Google Calendar) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-30]
CHR Extension: (Google Sheets) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-30]
CHR Extension: (React Developer Tools) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2015-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-30]
CHR Extension: (JetBrains IDE Support) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhgeddbohgjknpmjagkdomcpobmllji [2015-08-22]
CHR Extension: (Google Keep - notes and lists) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-07-30]
CHR Extension: (Deathamns) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2015-07-30]
CHR Extension: (Tabs saver) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead [2015-07-30]
CHR Extension: (Evernote Web) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-07-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-13]
CHR Extension: (Inbox by Gmail Wrapper) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbobkgjhhkepcjhghkajdiepnlpdpg [2015-07-30]
CHR Extension: (feedly) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2015-07-30]
CHR Extension: (Save to Pocket) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Adblock Pro) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-30]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-07-30]
CHR Extension: (Gmail) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ekrn; D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 Everything; D:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
R2 LGCoreTemp; D:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-11] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 18:03 - 2015-09-11 18:04 - 00000000 ____D C:\FRST
2015-09-11 18:03 - 2015-09-11 18:03 - 00000000 ____D C:\Users\zarad\AppData\Local\CrashDumps
2015-09-11 17:40 - 2015-09-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-09-11 17:35 - 2015-09-11 17:35 - 00016148 _____ C:\WINDOWS\system32\AVISHAYPC_avishay_HistoryPrediction.bin
2015-09-11 17:27 - 2015-09-11 17:27 - 00343336 _____ C:\WINDOWS\Minidump\091115-17906-01.dmp
2015-09-11 17:04 - 2015-09-11 17:04 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-11 17:04 - 2015-09-11 17:04 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-11 12:14 - 2015-09-11 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-11 12:14 - 2015-09-11 12:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 12:14 - 2015-09-11 12:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-11 12:13 - 2015-09-11 17:02 - 00000000 ____D C:\Users\zarad\Desktop\mbar
2015-09-11 12:13 - 2015-09-11 12:13 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-10 21:09 - 2015-09-10 22:17 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Mp3tag
2015-09-10 21:09 - 2015-09-10 21:09 - 00000000 ____D D:\Program Files (x86)\Mp3tag
2015-09-10 21:09 - 2015-09-10 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-09-09 12:01 - 2015-09-09 12:01 - 00346040 _____ C:\WINDOWS\Minidump\090915-12531-01.dmp
2015-09-08 03:15 - 2015-09-08 03:16 - 00353376 _____ C:\WINDOWS\Minidump\090815-15937-01.dmp
2015-09-04 16:17 - 2015-09-04 16:17 - 00000000 ____D C:\Users\zarad\AppData\Roaming\JULIAAtSR
2015-09-04 16:04 - 2015-09-04 16:04 - 00000220 _____ C:\Users\zarad\Desktop\Dreamfall The Longest Journey.url
2015-09-04 15:56 - 2015-09-04 15:56 - 00000222 _____ C:\Users\zarad\Desktop\J.U.L.I.A. Among the Stars.url
2015-09-04 12:15 - 2015-09-04 12:15 - 00340424 _____ C:\WINDOWS\Minidump\090415-11890-01.dmp
2015-09-04 12:07 - 2015-09-04 12:07 - 00339352 _____ C:\WINDOWS\Minidump\090415-15250-01.dmp
2015-09-04 11:55 - 2015-09-04 11:55 - 00277896 _____ C:\WINDOWS\Minidump\090415-13859-01.dmp
2015-09-04 11:45 - 2015-09-04 11:45 - 00277896 _____ C:\WINDOWS\Minidump\090415-11531-01.dmp
2015-09-04 11:40 - 2015-09-04 11:40 - 00277896 _____ C:\WINDOWS\Minidump\090415-11140-01.dmp
2015-09-04 11:36 - 2015-09-04 11:36 - 00277896 _____ C:\WINDOWS\Minidump\090415-11343-01.dmp
2015-09-04 11:35 - 2015-09-04 11:55 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-04 11:34 - 2015-09-04 11:34 - 00000000 ____D C:\WINDOWS\pss
2015-09-04 01:57 - 2015-09-04 01:57 - 00355496 _____ C:\WINDOWS\Minidump\090415-22343-01.dmp
2015-08-29 21:02 - 2015-08-29 21:07 - 00000000 ____D C:\Users\zarad\AppData\Local\dxhr
2015-08-29 19:36 - 2015-08-29 19:46 - 00000000 ____D C:\Users\zarad\AppData\Local\Plex Media Server
2015-08-29 18:21 - 2015-08-29 18:22 - 00358696 _____ C:\WINDOWS\Minidump\082915-20453-01.dmp
2015-08-29 16:37 - 2015-08-29 16:37 - 00000000 ____D C:\Users\zarad\AppData\Local\238010
2015-08-29 16:37 - 2015-08-29 16:37 - 00000000 ____D C:\ProgramData\Intel
2015-08-29 03:15 - 2015-08-29 03:16 - 00346248 _____ C:\WINDOWS\Minidump\082915-13718-01.dmp
2015-08-22 17:28 - 2015-08-22 17:28 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)
2015-08-22 17:28 - 2015-08-22 17:28 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Continuum
2015-08-22 17:28 - 2015-08-22 17:28 - 00000000 ____D C:\Users\zarad\.continuum
2015-08-22 17:05 - 2015-08-22 17:05 - 00000000 ____D C:\Users\zarad\WebstormProjects
2015-08-22 17:03 - 2015-08-22 17:03 - 00000000 ____D C:\Users\zarad\.WebStorm10
2015-08-22 16:25 - 2015-08-22 16:25 - 00000222 _____ C:\Users\zarad\Desktop\XCOM Enemy Unknown.url
2015-08-21 11:12 - 2015-08-21 11:12 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-21 11:12 - 2015-08-21 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-21 08:35 - 2015-08-21 08:35 - 00357432 _____ C:\WINDOWS\Minidump\082115-13875-01.dmp
2015-08-14 18:42 - 2015-09-09 16:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 18:42 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 08:45 - 2015-08-14 08:45 - 00002376 _____ C:\Users\zarad\Desktop\Chrome App Launcher.lnk
2015-08-14 08:45 - 2015-08-14 08:45 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-13 21:36 - 2015-08-13 21:36 - 00000222 _____ C:\Users\zarad\Desktop\Deus Ex Human Revolution - Director's Cut.url
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files\Reference Assemblies
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files\MSBuild
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files (x86)\Reference Assemblies
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files (x86)\MSBuild
2015-08-13 20:43 - 2015-06-17 18:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-13 20:43 - 2015-06-17 18:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 20:43 - 2015-06-17 18:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-13 20:43 - 2015-05-29 21:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-13 20:43 - 2015-05-29 21:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 20:43 - 2015-05-29 21:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-13 20:41 - 2015-08-13 20:41 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Victoria 2 Heart of Darkness
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 18:04 - 2015-07-30 00:20 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Everything
2015-09-11 17:57 - 2015-07-10 15:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-11 17:39 - 2015-07-30 02:16 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-11 17:36 - 2015-07-30 00:23 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Skype
2015-09-11 17:35 - 2015-07-30 00:07 - 00000000 ____D D:\Program Files (x86)\Steam
2015-09-11 17:35 - 2015-07-30 00:03 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 17:35 - 2015-07-29 23:56 - 00000000 ____D C:\Users\zarad
2015-09-11 17:31 - 2015-07-30 00:00 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-11 17:27 - 2015-07-30 10:17 - 1000115044 _____ C:\WINDOWS\MEMORY.DMP
2015-09-11 17:27 - 2015-07-30 10:17 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-11 17:27 - 2015-07-10 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-11 17:27 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-11 17:13 - 2015-07-30 00:03 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 13:57 - 2015-07-10 13:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-11 11:52 - 2015-07-30 01:44 - 00015950 _____ C:\WINDOWS\PFRO.log
2015-09-11 11:52 - 2015-07-10 12:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-11 11:14 - 2015-08-07 23:46 - 00000087 _____ C:\WINDOWS\SysWOW64\EpfwUser.dat
2015-09-11 11:14 - 2015-08-07 23:46 - 00000087 _____ C:\WINDOWS\SysWOW64\EpfwTemp.dat
2015-09-11 07:00 - 2015-07-30 20:14 - 00000000 ____D C:\Users\zarad\AppData\Roaming\uTorrent
2015-09-10 21:11 - 2015-07-30 20:45 - 00000000 ____D C:\Users\zarad\AppData\Roaming\BSplayer
2015-09-10 20:54 - 2015-07-10 15:20 - 00014038 _____ C:\WINDOWS\setupact.log
2015-09-10 19:56 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-07 16:24 - 2015-07-29 23:57 - 00000000 ____D C:\Users\zarad\AppData\Local\Packages
2015-09-04 00:13 - 2015-07-30 00:03 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-03 19:08 - 2015-07-30 00:03 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-03 19:08 - 2015-07-30 00:03 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-22 19:03 - 2015-07-30 02:08 - 00045035 _____ C:\WINDOWS\DirectX.log
2015-08-22 17:02 - 2015-07-31 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2015-08-21 12:01 - 2015-07-30 16:17 - 00000000 ____D C:\Users\zarad\AppData\Local\SpyParty
2015-08-21 11:12 - 2015-07-30 00:23 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 18:00 - 2015-07-30 00:20 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-14 04:14 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2015-07-30 01:46 - 2015-07-30 01:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\zarad\AppData\Local\Temp\dllnt_dump.dll
C:\Users\zarad\AppData\Local\Temp\InstHelper.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-04 16:14
 
==================== End of FRST.txt ============================

 

ADDITION.TXT:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01

Ran by avishay (2015-09-11 18:04:48)
Running from D:\Users\Avishay\Downloads
Windows 10 Home (X64) (2015-07-29 20:53:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1030064827-480775796-251853561-500 - Administrator - Disabled)
avishay (S-1-5-21-1030064827-480775796-251853561-1001 - Administrator - Enabled) => C:\Users\zarad
DefaultAccount (S-1-5-21-1030064827-480775796-251853561-503 - Limited - Disabled)
Guest (S-1-5-21-1030064827-480775796-251853561-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderless Gaming (HKLM-x32\...\Steam App 388080) (Version:  - AndrewMD5)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
Crawl (HKLM-x32\...\Steam App 293780) (Version:  - Powerhoof)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dreamfall: The Longest Journey (HKLM-x32\...\Steam App 6300) (Version:  - Funcom)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
f.lux (HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
J.U.L.I.A.: Among the Stars (HKLM-x32\...\Steam App 257690) (Version:  - CBE Software s.r.o.)
JetBrains PyCharm 4.5.3 (HKLM-x32\...\PyCharm 4.5.3) (Version: 141.1899 - JetBrains s.r.o.)
JetBrains WebStorm 10.0.4 (HKLM-x32\...\WebStorm 10.0.4) (Version: 141.1550 - JetBrains s.r.o.)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
NOT A HERO (HKLM-x32\...\Steam App 274270) (Version:  - Roll7)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1211 - Plex, Inc.) Hidden
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
Python 3.4.3 (Anaconda3 2.2.0 64-bit) (HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Python 3.4.3 (Anaconda3 2.2.0 64-bit)) (Version: 2.2.0 - Continuum Analytics, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SpyParty version 0.1.3869.0 (HKLM-x32\...\{03AFB032-CCC7-4236-A0F8-619C50BB498E}_is1) (Version: 0.1.3869.0 - definition six, inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
TowerFall Ascension (HKLM-x32\...\Steam App 251470) (Version:  - Matt Thorson)
USB Game Controller (HKLM-x32\...\{95CC887F-91B2-45E9-AE29-0D51995192CB}) (Version: 2005.05.26 - )
Victoria 2 Heart of Darkness (HKLM-x32\...\Victoria 2 Heart of Darkness1) (Version: 1 - Friends in War)
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version:  - RuneStorm)
WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)
XCom Long War EW Mod version Beta 15f3 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 15f3 - JohnnyLump)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
22-08-2015 19:02:07 Installed DirectX
28-08-2015 14:39:14 Windows Update
29-08-2015 19:35:59 Plex Media Server
03-09-2015 18:32:05 Windows Update
07-09-2015 16:01:43 Windows Update
10-09-2015 19:50:56 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 14:04 - 2015-07-10 14:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {51609806-D3AA-4DDB-887E-188B0012F309} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {6258EC70-D0D5-46BA-9621-E4C580CFE6D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-30] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {DAED9CD0-C56D-45EC-8258-5AD855B2C2E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-30 02:40 - 2015-07-30 02:40 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2008-10-28 11:53 - 2008-10-28 11:53 - 00022016 _____ () C:\WINDOWS\System32\sxs1ml6.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-30 00:20 - 2014-08-06 04:04 - 01441792 _____ () D:\Program Files\Everything\Everything.exe
2009-12-29 10:39 - 2009-12-29 10:39 - 00333312 _____ () C:\WINDOWS\system32\SaMinDrv.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-03-07 03:07 - 2015-03-07 03:07 - 00908568 _____ () D:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-02 03:28 - 2015-07-02 03:28 - 01095448 _____ () D:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 03:07 - 2015-03-07 03:07 - 00060184 _____ () D:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-02 03:28 - 2015-07-02 03:28 - 00240408 _____ () D:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-07-10 14:00 - 2015-07-10 14:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 06576640 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 14:00 - 2015-07-10 19:28 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-04 00:13 - 2015-08-28 03:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 00:13 - 2015-08-28 03:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 00778240 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 04962816 _____ () D:\Program Files (x86)\Steam\v8.dll
2015-07-30 00:12 - 2015-08-19 23:39 - 02413248 _____ () D:\Program Files (x86)\Steam\video.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 01556992 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 01187840 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 02396672 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00479744 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-30 00:12 - 2015-08-19 23:39 - 00704192 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-30 00:12 - 2015-07-27 04:13 - 00171008 _____ () D:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 39553928 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2015-07-30 00:12 - 2015-08-19 23:39 - 00373440 _____ () D:\Program Files (x86)\Steam\steam.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-09-04 00:13 - 2015-08-28 03:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 17228952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexNewTranscoder.exe
2015-08-23 03:27 - 2015-08-23 03:27 - 00443872 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexpat-1.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00052360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\LIBBZ2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04224601.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04224601.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1030064827-480775796-251853561-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zarad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\qeghonm.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: lfsvc => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{918286B2-B695-4C61-9F13-8443868E77DE}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{71040B46-C34E-411B-8EEE-B90CE9AF9EF6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9ED95A59-1133-49FD-9417-9C870B365EF3}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{780F2BD7-324D-46B9-8085-AD5C9FC68D91}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3C5AA38B-5DD4-4E98-94EF-D843DEE95055}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E63BBF3-42B7-4650-A1A5-FB8578C1EC76}D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe] => (Allow) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [UDP Query User{F276D86E-0AA7-4A6C-A08C-19A7E0F5D4A1}D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe] => (Allow) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [{BCE73314-7280-49DC-8C55-F010DADCF8B3}] => (Block) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [{9A517C02-5B75-4C6A-8067-5591A656E08B}] => (Block) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [{1ED78DAB-2367-4CE5-8DD6-50620A7B3239}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{22C095E2-632F-4E60-BA11-01C1AEAF78EA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [TCP Query User{7F39C95E-B8D2-41BE-A80D-B405189B43BC}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{B90C1614-229A-42FC-A899-E08686F4CD44}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [{1C49D801-B447-44E8-9666-0B8FA965C890}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe
FirewallRules: [{91412C86-8ECA-4A71-8169-4DAC95937B26}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe
FirewallRules: [{F8E215BD-406D-414D-8268-7CDB7392416C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{5B4F4342-4FFA-4E45-98EF-F83407901D53}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{9FFFC00B-B5FB-43A4-AD4F-E48AC3D4225B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{123E0A25-CA41-4F36-B0AB-227C7103D1F5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{8571ECD5-7A06-4C28-BDE4-68BF8EA7D86B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{1ED8CE5E-F57F-40F1-8098-03DDA8A5C8CC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{C33D0184-3296-4698-B3B6-09AA42E534E6}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE30E25A-E7A4-45C0-851E-C5734DE82BAF}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{90CDADDA-8E7C-4800-A027-7A56AEADC224}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B255B4E-B53D-4C55-B1E5-7FB94356CA7A}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{516FBA69-8515-4169-A934-6B11E5B097F6}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7C9BCF1-0A03-4E4E-8C4D-C4AECF3C005C}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{CF674A4E-71A7-4E98-8ABB-1AB9E78B8A04}D:\dev\webstorm 9.0.3\bin\webstorm.exe] => (Allow) D:\dev\webstorm 9.0.3\bin\webstorm.exe
FirewallRules: [UDP Query User{48F8E108-6C29-4661-88F9-913ACCC5B245}D:\dev\webstorm 9.0.3\bin\webstorm.exe] => (Allow) D:\dev\webstorm 9.0.3\bin\webstorm.exe
FirewallRules: [{AD4065CC-1210-4D71-B9F7-DCD12058DFC5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{13B23C47-E202-481B-BA5C-68C4483F2716}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{3E88460B-1058-435A-9C30-B53F6CB64CCD}D:\dev\pycharm 4.5.1\bin\pycharm.exe] => (Allow) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [UDP Query User{69D2C135-5620-4217-A2BD-FD10C3D84B67}D:\dev\pycharm 4.5.1\bin\pycharm.exe] => (Allow) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [{58075F8D-806D-4946-B2EB-5CAEA363469E}] => (Block) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [{81D66669-B86D-421B-8B33-7E29E76F6B57}] => (Block) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [{461594B8-8F7F-49AF-89AF-97C33E6AC1EC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{03653BDE-D415-45F9-8FFF-00A56AC6E281}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{2F9676AC-45DA-49BB-B725-AA1E44107B77}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3.exe
FirewallRules: [{2BC27BE9-0BBF-46E7-9A17-ED4064C123E1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3.exe
FirewallRules: [{131505C3-A325-46DC-BDAC-49F2A1C37527}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3_Debug.exe
FirewallRules: [{6028D28C-B320-4BCA-B79C-D35B520F1225}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3_Debug.exe
FirewallRules: [TCP Query User{8FB1196F-28EB-4155-830E-F3DD4DC76054}D:\users\avishay\documents\octgn\octgn\octgn.exe] => (Allow) D:\users\avishay\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{AB49A4B5-6A6F-41CF-8241-10484D7D4321}D:\users\avishay\documents\octgn\octgn\octgn.exe] => (Allow) D:\users\avishay\documents\octgn\octgn\octgn.exe
FirewallRules: [{4B69BD11-33E9-4AF5-B2A4-75A3040C4299}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{4BDE42E2-A053-459D-A6FE-0070BFCBFFB7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{05CF7BE8-57AE-4AC0-8D4C-0610468E83A0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{B0EF3226-4708-49A5-A03D-581D946EBB9C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{0553D8B4-5A32-4BEA-8D3F-036DE39C0E9A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{9B9D9679-A6D4-4D0C-896D-B047C425ACFE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{2C7D09D8-8F50-4E92-8311-318D126DE561}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{73595DE8-F706-48B4-B702-9A66E1FB8E55}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{E8947C68-21BF-4C42-B2CF-B71778564C8D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{016BA9E3-1F4B-4F66-B427-BC9316957196}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{D96A039E-1B99-4F76-BDAB-1CAE78DB69EF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{66047B52-8C88-45F3-8525-30DED14CA350}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{7DFD80A5-A0E3-454C-A268-A80DF70162DB}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5D832CB0-1D94-4ECF-BCE7-A56D10686269}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{442435B5-609C-40FC-88BD-01CF9DAE5D02}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{F74021E8-75E5-412A-BC7E-765E97F90DF5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{B72EBB4A-FEA1-4E6D-A7ED-0864DA3A200C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{7F3A018E-A60F-4F58-B7FA-6D8682CBE522}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F054E40E-9954-4266-A661-AC9D4B52F9C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{80ADEB02-FE5F-4645-B221-DDEDCCA3EEBC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{17BAB5C1-C07F-4133-9B73-1D66CB882950}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B3C86FED-75E6-4272-B705-6E16AF857CB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A5EC47DF-917D-4313-B9FB-B84AFFA1320B}] => (Allow) LPort=5556
FirewallRules: [{11315955-1CA4-4488-9864-8B72D5E2F670}] => (Allow) LPort=5558
FirewallRules: [TCP Query User{6517A0B0-883D-4914-BD2B-1E1DFFC45661}D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{FD643E83-E961-437A-AFC9-7B6FA6A8CAF4}D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{9988AC0C-453D-44D6-A653-CBFDE3958933}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{C96290D4-D78C-4DB4-9C56-EE18BD8CC817}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{80362685-8058-45A8-9D1E-81C47278315C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{9854E568-5E6E-44B1-B7A1-79316751915F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{9FFB45C6-7AAE-4547-8C17-1D934E3D2E05}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{0F7E24AC-26F1-4AFC-A073-064C4316B2F1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{49CC3434-A1D4-487D-8EA4-D1F97B17D2ED}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{7E9FED75-C9E7-4324-A993-4724A312A5CD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{B886B246-A4E1-4469-9220-1E5EEA14B7EE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Not a Hero\NOT A HERO.exe
FirewallRules: [{914D3717-FA4B-4F75-B7FB-FFE82AA24B17}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Not a Hero\NOT A HERO.exe
FirewallRules: [{C714832F-EE65-4002-ACD6-85EDE926D2A0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{F63D9A29-2190-4F7A-8433-DE9E8178D3F7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [TCP Query User{A1F25674-8B7A-44CF-B228-B252DC0DB3BD}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{03CD226A-77D8-4EA1-97F6-5816F27F3CE6}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{22B93F0C-FA08-4D29-BEC4-A97DDF7A3F7D}D:\dev\webstorm 10.0.4\bin\webstorm.exe] => (Allow) D:\dev\webstorm 10.0.4\bin\webstorm.exe
FirewallRules: [UDP Query User{56463E63-E0E5-45F7-A990-B6C63EECDC52}D:\dev\webstorm 10.0.4\bin\webstorm.exe] => (Allow) D:\dev\webstorm 10.0.4\bin\webstorm.exe
FirewallRules: [{4AF5E7C8-3830-4643-9984-B698BAEC8DD2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{C6C21F76-2555-48E5-8528-391C4919DA51}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{FAC13C6C-DB9C-4361-B10E-B5B4B39DFDCC}D:\dev\anaconda\python.exe] => (Allow) D:\dev\anaconda\python.exe
FirewallRules: [UDP Query User{79B6F116-3774-41D8-95CA-D18146FDD1D7}D:\dev\anaconda\python.exe] => (Allow) D:\dev\anaconda\python.exe
FirewallRules: [TCP Query User{F5BB1529-4709-441B-B130-68FB9CE817B3}D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{450DC068-FF21-41D9-8CE5-FE7EF56A2D32}D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{8FBBD6CD-8158-47BB-8782-CCAD522DD86D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D04B2213-86FC-4C54-89C9-4B7F9E93DE0E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\JULIA-Among the Stars\Launcher.exe
FirewallRules: [{1700DE7E-0379-42F0-A6EB-7AACBFC3C8B9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\JULIA-Among the Stars\Launcher.exe
FirewallRules: [{DFA7E2A4-0B23-4A87-84CD-5F824DE7C780}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dreamfall The Longest Journey\dreamfall.exe
FirewallRules: [{3AFCF201-3787-4671-A75D-7F2FA221F15D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dreamfall The Longest Journey\dreamfall.exe
FirewallRules: [{46EBBB3D-1749-43AA-BCF9-FA86045F2E3E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2F998071-3E51-4991-8A86-7E29510C57BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{219938F3-8DDC-406A-AA38-C78808406AD3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2C6363F9-6620-4AB5-85A3-4F3A8D737FC3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{9058C97A-5963-4828-A1FF-B79DE46EA630}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2015 06:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16401, time stamp: 0x55b1a665
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55b1a20d
Exception code: 0xc0000409
Fault offset: 0x0000000000139821
Faulting process ID: 0x1f90
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report ID: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (09/11/2015 07:13:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/11/2015 07:00:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/11/2015 07:00:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3760) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3760) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3760) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3760) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3760) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3760) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (09/11/2015 05:27:45 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c4 (0x00000000000000c5, 0xfffff801d67c2418, 0x00000000ffffffff, 0x000000000000ffff)C:\WINDOWS\MEMORY.DMP091115-17906-01
 
Error: (09/11/2015 05:27:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:12:20 PM on ‎9/‎11/‎2015 was unexpected.
 
Error: (09/11/2015 05:04:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (09/11/2015 11:57:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070011: Update for Windows 10 for x64-based Systems (KB3081449).
 
Error: (09/11/2015 11:57:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070011: Cumulative Update for Windows 10 for x64-based Systems (KB3081455).
 
Error: (09/11/2015 11:51:56 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.
 
Error: (09/11/2015 11:50:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%17
 
Error: (09/11/2015 11:49:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 11:49:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 11:49:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (09/11/2015 06:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchUI.exe10.0.10240.1640155b1a665CortanaApi.dll0.0.0.055b1a20dc000040900000000001398211f9001d0ec9fc56da2c3C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dllada9caa3-c272-4e9a-979d-b9ff458c7388Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyCortanaUI
 
Error: (09/11/2015 07:13:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/11/2015 07:00:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (09/11/2015 07:00:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3760-1032
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3760C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3760-1032
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3760C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3760-1032
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3760C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16336.43 MB
Available physical RAM: 12717.49 MB
Total Virtual: 18768.43 MB
Available Virtual: 14195.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.1 GB) (Free:32.2 GB) NTFS
Drive d: () (Fixed) (Total:831.32 GB) (Free:383.42 GB) NTFS
Drive e: (‏‏שמור על-ידי המערכת) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:119.14 GB) (Free:118.38 GB) NTFS
Drive h: (VERBATIM) (Fixed) (Total:1863.01 GB) (Free:455.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2EA351A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E8602724)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: F773AFC7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

RKreport_SCN_09112015_171722.json (which I assume it's roguekiller's log, since it's located under roguekiller\logs):

 

{

    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "10.10.4.0",
            "x64": false,
            "date": "Sep  4 2015",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.com/software/roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 10 (10.0.10240) 64 bits version",
            "boot": 0,
            "winpe": false,
            "user": "avishay",
            "user_admin": true,
            "program_location": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe",
            "x64": true
        },
        "report": {
            "type": 1,
            "aborted": false,
            "date": "09/11/2015 17:17:22",
            "switches": 0,
            "debug": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 468,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 656,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 640,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 752,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "",
                "pid_parent": 640,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 768,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 744,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "",
                "pid": 824,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "",
                "pid_parent": 752,
                "path_parent": ""
            },
            {
                "name": "lsass.exe",
                "name_parent": "",
                "pid": 844,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "C:\\WINDOWS\\system32\\lsass.exe",
                "pid_parent": 752,
                "path_parent": ""
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 868,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "winlogon.exe",
                "pid_parent": 744,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 984,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 424,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 820,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "dwm.exe",
                "name_parent": "winlogon.exe",
                "pid": 952,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"dwm.exe\"",
                "pid_parent": 868,
                "path_parent": "C:\\Windows\\System32\\winlogon.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 500,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1036,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1128,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1228,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1396,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "spoolsv.exe",
                "name_parent": "",
                "pid": 1668,
                "path": "C:\\Windows\\System32\\spoolsv.exe",
                "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1788,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2024,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "Everything.exe",
                "name_parent": "",
                "pid": 1908,
                "path": "D:\\Program Files\\Everything\\Everything.exe",
                "command_line": "\"D:\\Program Files\\Everything\\Everything.exe\" -svc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "ekrn.exe",
                "name_parent": "",
                "pid": 1628,
                "path": "D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe",
                "command_line": "\"D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe\"",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SkypeC2CAutoUpdateSvc.exe",
                "name_parent": "",
                "pid": 2052,
                "path": "C:\\Program Files (x86)\\Skype\\Toolbars\\AutoUpdate\\SkypeC2CAutoUpdateSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Skype\\Toolbars\\AutoUpdate\\SkypeC2CAutoUpdateSvc.exe\" /service",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SkypeC2CPNRSvc.exe",
                "name_parent": "",
                "pid": 2068,
                "path": "C:\\Program Files (x86)\\Skype\\Toolbars\\PNRSvc\\SkypeC2CPNRSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Skype\\Toolbars\\PNRSvc\\SkypeC2CPNRSvc.exe\" /service",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2076,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2268,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2568,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "dasHost.exe",
                "name_parent": "svchost.exe",
                "pid": 2432,
                "path": "C:\\Windows\\System32\\dasHost.exe",
                "command_line": "dashost.exe {0adc4f5c-ec9d-4424-9679fec09ea303c5}",
                "pid_parent": 500,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WUDFHost.exe",
                "name_parent": "svchost.exe",
                "pid": 1844,
                "path": "C:\\Windows\\System32\\WUDFHost.exe",
                "command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a935fc12-d456-4190-9337-2f970b19ad12 -SystemEventPortName:HostProcess-c2c678c1-fc3b-45d1-8ac3-208b7f4669c2 -IoCancelEventPortName:HostProcess-39620178-d21c-40c9-8df3-73d1bbab3c89 -NonStateChangingEventPortName:HostProcess-25ca914c-ee13-4b4e-b94b-066465eb0c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3a7f9938-4a53-42c4-8f0f-ddaeef2bd6a4 -DeviceGroupId:WpdFsGroup",
                "pid_parent": 500,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "GoogleCrashHandler.exe",
                "name_parent": "",
                "pid": 4084,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler.exe\"",
                "pid_parent": 4024,
                "path_parent": ""
            },
            {
                "name": "GoogleCrashHandler64.exe",
                "name_parent": "",
                "pid": 2736,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler64.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler64.exe\"",
                "pid_parent": 4024,
                "path_parent": ""
            },
            {
                "name": "SearchIndexer.exe",
                "name_parent": "",
                "pid": 3512,
                "path": "C:\\Windows\\System32\\SearchIndexer.exe",
                "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "sihost.exe",
                "name_parent": "svchost.exe",
                "pid": 3920,
                "path": "C:\\Windows\\System32\\sihost.exe",
                "command_line": "sihost.exe",
                "pid_parent": 820,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "taskhostw.exe",
                "name_parent": "svchost.exe",
                "pid": 4060,
                "path": "C:\\Windows\\System32\\taskhostw.exe",
                "command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
                "pid_parent": 820,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 3464,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\WINDOWS\\Explorer.EXE",
                "pid_parent": 3332,
                "path_parent": ""
            },
            {
                "name": "ShellExperienceHost.exe",
                "name_parent": "svchost.exe",
                "pid": 3800,
                "path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RuntimeBroker.exe",
                "name_parent": "svchost.exe",
                "pid": 3092,
                "path": "C:\\Windows\\System32\\RuntimeBroker.exe",
                "command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchUI.exe",
                "name_parent": "svchost.exe",
                "pid": 2280,
                "path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RtkNGUI64.exe",
                "name_parent": "explorer.exe",
                "pid": 4372,
                "path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe",
                "command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe\" -s",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "Everything.exe",
                "name_parent": "explorer.exe",
                "pid": 4428,
                "path": "D:\\Program Files\\Everything\\Everything.exe",
                "command_line": "\"D:\\Program Files\\Everything\\Everything.exe\" -startup",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "LCore.exe",
                "name_parent": "explorer.exe",
                "pid": 4584,
                "path": "D:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "command_line": "\"D:\\Program Files\\Logitech Gaming Software\\LCore.exe\" /minimized",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "egui.exe",
                "name_parent": "explorer.exe",
                "pid": 4592,
                "path": "D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe",
                "command_line": "\"D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "explorer.exe",
                "pid": 4612,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4740,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=watcher --on-initialized-event-handle=568 --parent-handle=572",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4928,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5032,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.1.1006871769\\536966030\" --font-cache-shared-handle=1972 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5044,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.2.1893880529\\1311953059\" --font-cache-shared-handle=2320 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5052,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5072,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.4.1057517664\\1366989628\" --font-cache-shared-handle=2400 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5080,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.5.951974702\\67155271\" --font-cache-shared-handle=2436 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5088,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.6.485908669\\1047236694\" --font-cache-shared-handle=2728 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5096,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.7.99809228\\892429395\" --font-cache-shared-handle=2748 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5104,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.8.182588015\\376360884\" --font-cache-shared-handle=2748 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5112,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.9.541083784\\158949466\" --font-cache-shared-handle=2744 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4148,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.10.1085887080\\464376633\" --font-cache-shared-handle=3156 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 3632,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "Steam.exe",
                "name_parent": "explorer.exe",
                "pid": 5496,
                "path": "D:\\Program Files (x86)\\Steam\\Steam.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "steamwebhelper.exe",
                "name_parent": "Steam.exe",
                "pid": 5524,
                "path": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe",
                "command_line": "",
                "pid_parent": 5496,
                "path_parent": "D:\\Program Files (x86)\\Steam\\Steam.exe"
            },
            {
                "name": "SteamService.exe",
                "name_parent": "",
                "pid": 5648,
                "path": "C:\\Program Files (x86)\\Common Files\\Steam\\SteamService.exe",
                "command_line": "",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "flux.exe",
                "name_parent": "explorer.exe",
                "pid": 5788,
                "path": "C:\\Users\\zarad\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "Skype.exe",
                "name_parent": "explorer.exe",
                "pid": 5840,
                "path": "C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "BorderlessGaming.exe",
                "name_parent": "explorer.exe",
                "pid": 6000,
                "path": "D:\\Program Files (x86)\\Steam\\steamapps\\common\\Borderless Gaming\\BorderlessGaming.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 6948,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SettingSyncHost.exe",
                "name_parent": "svchost.exe",
                "pid": 4812,
                "path": "C:\\Windows\\System32\\SettingSyncHost.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "ApplicationFrameHost.exe",
                "name_parent": "svchost.exe",
                "pid": 5668,
                "path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "Video.UI.exe",
                "name_parent": "svchost.exe",
                "pid": 3984,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.ZuneVideo_3.6.12711.0_x64__8wekyb3d8bbwe\\Video.UI.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "Calculator.exe",
                "name_parent": "svchost.exe",
                "pid": 4508,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsCalculator_10.1508.14010.0_x64__8wekyb3d8bbwe\\Calculator.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WinStore.Mobile.exe",
                "name_parent": "svchost.exe",
                "pid": 6492,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\\WinStore.Mobile.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "steamwebhelper.exe",
                "name_parent": "steamwebhelper.exe",
                "pid": 4772,
                "path": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe",
                "command_line": "",
                "pid_parent": 5524,
                "path_parent": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe"
            },
            {
                "name": "SystemSettingsBroker.exe",
                "name_parent": "svchost.exe",
                "pid": 244,
                "path": "C:\\Windows\\System32\\SystemSettingsBroker.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7488,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7576,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7672,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 8104,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "audiodg.exe",
                "name_parent": "svchost.exe",
                "pid": 7680,
                "path": "C:\\Windows\\System32\\audiodg.exe",
                "command_line": "",
                "pid_parent": 1036,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchProtocolHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 8096,
                "path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
                "command_line": "",
                "pid_parent": 3512,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1836,
                "path": "",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1144,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "SearchFilterHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 2264,
                "path": "C:\\Windows\\System32\\SearchFilterHost.exe",
                "command_line": "",
                "pid_parent": 3512,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 3988,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "chrome.exe",
                "pid": 7040,
                "path": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "RogueKiller.exe",
                "pid": 792,
                "path": "",
                "command_line": "",
                "pid_parent": 7040,
                "path_parent": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe"
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [],
        "registry": [
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{040e884e-073e-4896-8c6e-ec5b32e88eb3}",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{040e884e-073e-4896-8c6e-ec5b32e88eb3}",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            }
        ],
        "tasks": [],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226347,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++\n--- User ---\n[MBR] 51b4d0c5e5acb640dc59e60c6a807543\n[BSP] 74d742046bc444cb70b21fae801c88ff : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210124800 | Size: 851268 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: OCZ-VECTOR +++++\n--- User ---\n[MBR] ffb2903729cfd68863114b3214d6b091\n[BSP] 1355176df99763ba7a578ad6f13844ec : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208896 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive2: Hitachi HDS722020ALA330 USB Device +++++\n--- User ---\n[MBR] c3bda938fbd1e66173d2de573859336a\n[BSP] 5b25dfbe3d5390bb93643748fbea9334 : Empty|VT.Unknown MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nError reading LL2 MBR! ([32] The request is not supported. )\n\n"
        }
    }
}

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:28 PM

Posted 11 September 2015 - 12:36 PM

Please see step 7 as to where to post the logs... and copy/ paste is best
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 11 September 2015 - 03:28 PM

ok then.
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by avishay (administrator) on AVISHAYPC (11-09-2015 18:04:03)
Running from D:\Users\Avishay\Downloads
Loaded Profiles: avishay (Available Profiles: avishay)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() D:\Program Files\Everything\Everything.exe
(ESET) D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() D:\Program Files\Everything\Everything.exe
(Logitech Inc.) D:\Program Files\Logitech Gaming Software\LCore.exe
(ESET) D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Flux Software LLC) C:\Users\zarad\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Codeusa Software) D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => D:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
HKLM\...\Run: [Launch LCore] => D:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [GoogleChromeAutoLaunch_B04F73544F72B0AFDA6C8742B9AF1155] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [f.lux] => C:\Users\zarad\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
Startup: C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-07-31]
ShortcutTarget: Borderless Gaming.lnk -> D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe (Codeusa Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{040e884e-073e-4896-8c6e-ec5b32e88eb3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{040e884e-073e-4896-8c6e-ec5b32e88eb3}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> jb
CHR Profile: C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (SHINE for reddit (beta)) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2015-07-30]
CHR Extension: (Torrent Search) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-07-30]
CHR Extension: (Duolingo on the Web) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-08-06]
CHR Extension: (Google Art Project) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\akimgimeeoiognljlfchpbkpfbmeapkh [2015-07-30]
CHR Extension: (Google Docs) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Cast) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-14]
CHR Extension: (Google Search) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Vimium) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2015-07-30]
CHR Extension: (Google Calendar) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-30]
CHR Extension: (Google Sheets) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-30]
CHR Extension: (React Developer Tools) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2015-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-30]
CHR Extension: (JetBrains IDE Support) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhgeddbohgjknpmjagkdomcpobmllji [2015-08-22]
CHR Extension: (Google Keep - notes and lists) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-07-30]
CHR Extension: (Deathamns) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2015-07-30]
CHR Extension: (Tabs saver) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead [2015-07-30]
CHR Extension: (Evernote Web) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-07-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-13]
CHR Extension: (Inbox by Gmail Wrapper) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbobkgjhhkepcjhghkajdiepnlpdpg [2015-07-30]
CHR Extension: (feedly) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2015-07-30]
CHR Extension: (Save to Pocket) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Adblock Pro) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-30]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-07-30]
CHR Extension: (Gmail) - C:\Users\zarad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ekrn; D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 Everything; D:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
R2 LGCoreTemp; D:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-11] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 18:03 - 2015-09-11 18:04 - 00000000 ____D C:\FRST
2015-09-11 18:03 - 2015-09-11 18:03 - 00000000 ____D C:\Users\zarad\AppData\Local\CrashDumps
2015-09-11 17:40 - 2015-09-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-09-11 17:35 - 2015-09-11 17:35 - 00016148 _____ C:\WINDOWS\system32\AVISHAYPC_avishay_HistoryPrediction.bin
2015-09-11 17:27 - 2015-09-11 17:27 - 00343336 _____ C:\WINDOWS\Minidump\091115-17906-01.dmp
2015-09-11 17:04 - 2015-09-11 17:04 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-11 17:04 - 2015-09-11 17:04 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-11 12:14 - 2015-09-11 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-11 12:14 - 2015-09-11 12:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 12:14 - 2015-09-11 12:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-11 12:13 - 2015-09-11 17:02 - 00000000 ____D C:\Users\zarad\Desktop\mbar
2015-09-11 12:13 - 2015-09-11 12:13 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-10 21:09 - 2015-09-10 22:17 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Mp3tag
2015-09-10 21:09 - 2015-09-10 21:09 - 00000000 ____D D:\Program Files (x86)\Mp3tag
2015-09-10 21:09 - 2015-09-10 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-09-09 12:01 - 2015-09-09 12:01 - 00346040 _____ C:\WINDOWS\Minidump\090915-12531-01.dmp
2015-09-08 03:15 - 2015-09-08 03:16 - 00353376 _____ C:\WINDOWS\Minidump\090815-15937-01.dmp
2015-09-04 16:17 - 2015-09-04 16:17 - 00000000 ____D C:\Users\zarad\AppData\Roaming\JULIAAtSR
2015-09-04 16:04 - 2015-09-04 16:04 - 00000220 _____ C:\Users\zarad\Desktop\Dreamfall The Longest Journey.url
2015-09-04 15:56 - 2015-09-04 15:56 - 00000222 _____ C:\Users\zarad\Desktop\J.U.L.I.A. Among the Stars.url
2015-09-04 12:15 - 2015-09-04 12:15 - 00340424 _____ C:\WINDOWS\Minidump\090415-11890-01.dmp
2015-09-04 12:07 - 2015-09-04 12:07 - 00339352 _____ C:\WINDOWS\Minidump\090415-15250-01.dmp
2015-09-04 11:55 - 2015-09-04 11:55 - 00277896 _____ C:\WINDOWS\Minidump\090415-13859-01.dmp
2015-09-04 11:45 - 2015-09-04 11:45 - 00277896 _____ C:\WINDOWS\Minidump\090415-11531-01.dmp
2015-09-04 11:40 - 2015-09-04 11:40 - 00277896 _____ C:\WINDOWS\Minidump\090415-11140-01.dmp
2015-09-04 11:36 - 2015-09-04 11:36 - 00277896 _____ C:\WINDOWS\Minidump\090415-11343-01.dmp
2015-09-04 11:35 - 2015-09-04 11:55 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-04 11:34 - 2015-09-04 11:34 - 00000000 ____D C:\WINDOWS\pss
2015-09-04 01:57 - 2015-09-04 01:57 - 00355496 _____ C:\WINDOWS\Minidump\090415-22343-01.dmp
2015-08-29 21:02 - 2015-08-29 21:07 - 00000000 ____D C:\Users\zarad\AppData\Local\dxhr
2015-08-29 19:36 - 2015-08-29 19:46 - 00000000 ____D C:\Users\zarad\AppData\Local\Plex Media Server
2015-08-29 18:21 - 2015-08-29 18:22 - 00358696 _____ C:\WINDOWS\Minidump\082915-20453-01.dmp
2015-08-29 16:37 - 2015-08-29 16:37 - 00000000 ____D C:\Users\zarad\AppData\Local\238010
2015-08-29 16:37 - 2015-08-29 16:37 - 00000000 ____D C:\ProgramData\Intel
2015-08-29 03:15 - 2015-08-29 03:16 - 00346248 _____ C:\WINDOWS\Minidump\082915-13718-01.dmp
2015-08-22 17:28 - 2015-08-22 17:28 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)
2015-08-22 17:28 - 2015-08-22 17:28 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Continuum
2015-08-22 17:28 - 2015-08-22 17:28 - 00000000 ____D C:\Users\zarad\.continuum
2015-08-22 17:05 - 2015-08-22 17:05 - 00000000 ____D C:\Users\zarad\WebstormProjects
2015-08-22 17:03 - 2015-08-22 17:03 - 00000000 ____D C:\Users\zarad\.WebStorm10
2015-08-22 16:25 - 2015-08-22 16:25 - 00000222 _____ C:\Users\zarad\Desktop\XCOM Enemy Unknown.url
2015-08-21 11:12 - 2015-08-21 11:12 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-21 11:12 - 2015-08-21 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-21 08:35 - 2015-08-21 08:35 - 00357432 _____ C:\WINDOWS\Minidump\082115-13875-01.dmp
2015-08-14 18:42 - 2015-09-09 16:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 18:42 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 08:45 - 2015-08-14 08:45 - 00002376 _____ C:\Users\zarad\Desktop\Chrome App Launcher.lnk
2015-08-14 08:45 - 2015-08-14 08:45 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-13 21:36 - 2015-08-13 21:36 - 00000222 _____ C:\Users\zarad\Desktop\Deus Ex Human Revolution - Director's Cut.url
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files\Reference Assemblies
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files\MSBuild
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files (x86)\Reference Assemblies
2015-08-13 20:44 - 2015-08-13 20:44 - 00000000 ____D D:\Program Files (x86)\MSBuild
2015-08-13 20:43 - 2015-06-17 18:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-13 20:43 - 2015-06-17 18:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 20:43 - 2015-06-17 18:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-13 20:43 - 2015-05-29 21:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-13 20:43 - 2015-05-29 21:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 20:43 - 2015-05-29 21:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-13 20:41 - 2015-08-13 20:41 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Victoria 2 Heart of Darkness
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 18:04 - 2015-07-30 00:20 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Everything
2015-09-11 17:57 - 2015-07-10 15:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-11 17:39 - 2015-07-30 02:16 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-11 17:36 - 2015-07-30 00:23 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Skype
2015-09-11 17:35 - 2015-07-30 00:07 - 00000000 ____D D:\Program Files (x86)\Steam
2015-09-11 17:35 - 2015-07-30 00:03 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 17:35 - 2015-07-29 23:56 - 00000000 ____D C:\Users\zarad
2015-09-11 17:31 - 2015-07-30 00:00 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-11 17:27 - 2015-07-30 10:17 - 1000115044 _____ C:\WINDOWS\MEMORY.DMP
2015-09-11 17:27 - 2015-07-30 10:17 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-11 17:27 - 2015-07-10 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-11 17:27 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-11 17:13 - 2015-07-30 00:03 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 13:57 - 2015-07-10 13:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-11 11:52 - 2015-07-30 01:44 - 00015950 _____ C:\WINDOWS\PFRO.log
2015-09-11 11:52 - 2015-07-10 12:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-11 11:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-11 11:14 - 2015-08-07 23:46 - 00000087 _____ C:\WINDOWS\SysWOW64\EpfwUser.dat
2015-09-11 11:14 - 2015-08-07 23:46 - 00000087 _____ C:\WINDOWS\SysWOW64\EpfwTemp.dat
2015-09-11 07:00 - 2015-07-30 20:14 - 00000000 ____D C:\Users\zarad\AppData\Roaming\uTorrent
2015-09-10 21:11 - 2015-07-30 20:45 - 00000000 ____D C:\Users\zarad\AppData\Roaming\BSplayer
2015-09-10 20:54 - 2015-07-10 15:20 - 00014038 _____ C:\WINDOWS\setupact.log
2015-09-10 19:56 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-07 16:24 - 2015-07-29 23:57 - 00000000 ____D C:\Users\zarad\AppData\Local\Packages
2015-09-04 00:13 - 2015-07-30 00:03 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-03 19:08 - 2015-07-30 00:03 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-03 19:08 - 2015-07-30 00:03 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-22 19:03 - 2015-07-30 02:08 - 00045035 _____ C:\WINDOWS\DirectX.log
2015-08-22 17:02 - 2015-07-31 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2015-08-21 12:01 - 2015-07-30 16:17 - 00000000 ____D C:\Users\zarad\AppData\Local\SpyParty
2015-08-21 11:12 - 2015-07-30 00:23 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 18:00 - 2015-07-30 00:20 - 00000000 ____D C:\Users\zarad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-14 04:14 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2015-07-30 01:46 - 2015-07-30 01:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\zarad\AppData\Local\Temp\dllnt_dump.dll
C:\Users\zarad\AppData\Local\Temp\InstHelper.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-04 16:14
 
==================== End of FRST.txt ============================
 
ADDITION.TXT
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01

Ran by avishay (2015-09-11 18:04:48)
Running from D:\Users\Avishay\Downloads
Windows 10 Home (X64) (2015-07-29 20:53:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1030064827-480775796-251853561-500 - Administrator - Disabled)
avishay (S-1-5-21-1030064827-480775796-251853561-1001 - Administrator - Enabled) => C:\Users\zarad
DefaultAccount (S-1-5-21-1030064827-480775796-251853561-503 - Limited - Disabled)
Guest (S-1-5-21-1030064827-480775796-251853561-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderless Gaming (HKLM-x32\...\Steam App 388080) (Version:  - AndrewMD5)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
Crawl (HKLM-x32\...\Steam App 293780) (Version:  - Powerhoof)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dreamfall: The Longest Journey (HKLM-x32\...\Steam App 6300) (Version:  - Funcom)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
f.lux (HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
J.U.L.I.A.: Among the Stars (HKLM-x32\...\Steam App 257690) (Version:  - CBE Software s.r.o.)
JetBrains PyCharm 4.5.3 (HKLM-x32\...\PyCharm 4.5.3) (Version: 141.1899 - JetBrains s.r.o.)
JetBrains WebStorm 10.0.4 (HKLM-x32\...\WebStorm 10.0.4) (Version: 141.1550 - JetBrains s.r.o.)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
NOT A HERO (HKLM-x32\...\Steam App 274270) (Version:  - Roll7)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1211 - Plex, Inc.) Hidden
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - The Indie Stone)
Python 3.4.3 (Anaconda3 2.2.0 64-bit) (HKU\S-1-5-21-1030064827-480775796-251853561-1001\...\Python 3.4.3 (Anaconda3 2.2.0 64-bit)) (Version: 2.2.0 - Continuum Analytics, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SpyParty version 0.1.3869.0 (HKLM-x32\...\{03AFB032-CCC7-4236-A0F8-619C50BB498E}_is1) (Version: 0.1.3869.0 - definition six, inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
TowerFall Ascension (HKLM-x32\...\Steam App 251470) (Version:  - Matt Thorson)
USB Game Controller (HKLM-x32\...\{95CC887F-91B2-45E9-AE29-0D51995192CB}) (Version: 2005.05.26 - )
Victoria 2 Heart of Darkness (HKLM-x32\...\Victoria 2 Heart of Darkness1) (Version: 1 - Friends in War)
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version:  - RuneStorm)
WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)
XCom Long War EW Mod version Beta 15f3 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 15f3 - JohnnyLump)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1030064827-480775796-251853561-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\zarad\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
22-08-2015 19:02:07 Installed DirectX
28-08-2015 14:39:14 Windows Update
29-08-2015 19:35:59 Plex Media Server
03-09-2015 18:32:05 Windows Update
07-09-2015 16:01:43 Windows Update
10-09-2015 19:50:56 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 14:04 - 2015-07-10 14:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {51609806-D3AA-4DDB-887E-188B0012F309} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {6258EC70-D0D5-46BA-9621-E4C580CFE6D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-30] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {DAED9CD0-C56D-45EC-8258-5AD855B2C2E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-30 02:40 - 2015-07-30 02:40 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2008-10-28 11:53 - 2008-10-28 11:53 - 00022016 _____ () C:\WINDOWS\System32\sxs1ml6.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-30 00:20 - 2014-08-06 04:04 - 01441792 _____ () D:\Program Files\Everything\Everything.exe
2009-12-29 10:39 - 2009-12-29 10:39 - 00333312 _____ () C:\WINDOWS\system32\SaMinDrv.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-03-07 03:07 - 2015-03-07 03:07 - 00908568 _____ () D:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-02 03:28 - 2015-07-02 03:28 - 01095448 _____ () D:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 03:07 - 2015-03-07 03:07 - 00060184 _____ () D:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-02 03:28 - 2015-07-02 03:28 - 00240408 _____ () D:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-07-10 14:00 - 2015-07-10 14:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 06576640 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 14:00 - 2015-07-10 19:28 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-30 02:40 - 2015-07-30 02:40 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-04 00:13 - 2015-08-28 03:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 00:13 - 2015-08-28 03:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 00778240 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 04962816 _____ () D:\Program Files (x86)\Steam\v8.dll
2015-07-30 00:12 - 2015-08-19 23:39 - 02413248 _____ () D:\Program Files (x86)\Steam\video.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 01556992 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 01187840 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 02396672 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00479744 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-30 00:12 - 2014-12-02 00:31 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-30 00:12 - 2015-08-19 23:39 - 00704192 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-30 00:12 - 2015-07-27 04:13 - 00171008 _____ () D:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-07-30 00:12 - 2015-07-03 19:12 - 39553928 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2015-07-30 00:12 - 2015-08-19 23:39 - 00373440 _____ () D:\Program Files (x86)\Steam\steam.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-08-23 03:27 - 2015-08-23 03:27 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-09-04 00:13 - 2015-08-28 03:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 17228952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexNewTranscoder.exe
2015-08-23 03:27 - 2015-08-23 03:27 - 00443872 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexpat-1.dll
2015-08-23 03:27 - 2015-08-23 03:27 - 00052360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\LIBBZ2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04224601.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04224601.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1030064827-480775796-251853561-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zarad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\qeghonm.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: lfsvc => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{918286B2-B695-4C61-9F13-8443868E77DE}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{71040B46-C34E-411B-8EEE-B90CE9AF9EF6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9ED95A59-1133-49FD-9417-9C870B365EF3}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{780F2BD7-324D-46B9-8085-AD5C9FC68D91}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3C5AA38B-5DD4-4E98-94EF-D843DEE95055}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E63BBF3-42B7-4650-A1A5-FB8578C1EC76}D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe] => (Allow) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [UDP Query User{F276D86E-0AA7-4A6C-A08C-19A7E0F5D4A1}D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe] => (Allow) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [{BCE73314-7280-49DC-8C55-F010DADCF8B3}] => (Block) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [{9A517C02-5B75-4C6A-8067-5591A656E08B}] => (Block) D:\program files (x86)\steam\steamapps\downloading\300550\dragonfall.exe
FirewallRules: [{1ED78DAB-2367-4CE5-8DD6-50620A7B3239}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{22C095E2-632F-4E60-BA11-01C1AEAF78EA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [TCP Query User{7F39C95E-B8D2-41BE-A80D-B405189B43BC}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{B90C1614-229A-42FC-A899-E08686F4CD44}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [{1C49D801-B447-44E8-9666-0B8FA965C890}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe
FirewallRules: [{91412C86-8ECA-4A71-8169-4DAC95937B26}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderless Gaming\BorderlessGaming.exe
FirewallRules: [{F8E215BD-406D-414D-8268-7CDB7392416C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{5B4F4342-4FFA-4E45-98EF-F83407901D53}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{9FFFC00B-B5FB-43A4-AD4F-E48AC3D4225B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{123E0A25-CA41-4F36-B0AB-227C7103D1F5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{8571ECD5-7A06-4C28-BDE4-68BF8EA7D86B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{1ED8CE5E-F57F-40F1-8098-03DDA8A5C8CC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{C33D0184-3296-4698-B3B6-09AA42E534E6}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE30E25A-E7A4-45C0-851E-C5734DE82BAF}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{90CDADDA-8E7C-4800-A027-7A56AEADC224}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B255B4E-B53D-4C55-B1E5-7FB94356CA7A}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{516FBA69-8515-4169-A934-6B11E5B097F6}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7C9BCF1-0A03-4E4E-8C4D-C4AECF3C005C}] => (Allow) C:\Users\zarad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{CF674A4E-71A7-4E98-8ABB-1AB9E78B8A04}D:\dev\webstorm 9.0.3\bin\webstorm.exe] => (Allow) D:\dev\webstorm 9.0.3\bin\webstorm.exe
FirewallRules: [UDP Query User{48F8E108-6C29-4661-88F9-913ACCC5B245}D:\dev\webstorm 9.0.3\bin\webstorm.exe] => (Allow) D:\dev\webstorm 9.0.3\bin\webstorm.exe
FirewallRules: [{AD4065CC-1210-4D71-B9F7-DCD12058DFC5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{13B23C47-E202-481B-BA5C-68C4483F2716}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{3E88460B-1058-435A-9C30-B53F6CB64CCD}D:\dev\pycharm 4.5.1\bin\pycharm.exe] => (Allow) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [UDP Query User{69D2C135-5620-4217-A2BD-FD10C3D84B67}D:\dev\pycharm 4.5.1\bin\pycharm.exe] => (Allow) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [{58075F8D-806D-4946-B2EB-5CAEA363469E}] => (Block) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [{81D66669-B86D-421B-8B33-7E29E76F6B57}] => (Block) D:\dev\pycharm 4.5.1\bin\pycharm.exe
FirewallRules: [{461594B8-8F7F-49AF-89AF-97C33E6AC1EC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{03653BDE-D415-45F9-8FFF-00A56AC6E281}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{2F9676AC-45DA-49BB-B725-AA1E44107B77}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3.exe
FirewallRules: [{2BC27BE9-0BBF-46E7-9A17-ED4064C123E1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3.exe
FirewallRules: [{131505C3-A325-46DC-BDAC-49F2A1C37527}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3_Debug.exe
FirewallRules: [{6028D28C-B320-4BCA-B79C-D35B520F1225}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\AoW3\AoW3_Debug.exe
FirewallRules: [TCP Query User{8FB1196F-28EB-4155-830E-F3DD4DC76054}D:\users\avishay\documents\octgn\octgn\octgn.exe] => (Allow) D:\users\avishay\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{AB49A4B5-6A6F-41CF-8241-10484D7D4321}D:\users\avishay\documents\octgn\octgn\octgn.exe] => (Allow) D:\users\avishay\documents\octgn\octgn\octgn.exe
FirewallRules: [{4B69BD11-33E9-4AF5-B2A4-75A3040C4299}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{4BDE42E2-A053-459D-A6FE-0070BFCBFFB7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crawl\Crawl.exe
FirewallRules: [{05CF7BE8-57AE-4AC0-8D4C-0610468E83A0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{B0EF3226-4708-49A5-A03D-581D946EBB9C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{0553D8B4-5A32-4BEA-8D3F-036DE39C0E9A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{9B9D9679-A6D4-4D0C-896D-B047C425ACFE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{2C7D09D8-8F50-4E92-8311-318D126DE561}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{73595DE8-F706-48B4-B702-9A66E1FB8E55}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{E8947C68-21BF-4C42-B2CF-B71778564C8D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{016BA9E3-1F4B-4F66-B427-BC9316957196}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{D96A039E-1B99-4F76-BDAB-1CAE78DB69EF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{66047B52-8C88-45F3-8525-30DED14CA350}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{7DFD80A5-A0E3-454C-A268-A80DF70162DB}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5D832CB0-1D94-4ECF-BCE7-A56D10686269}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{442435B5-609C-40FC-88BD-01CF9DAE5D02}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{F74021E8-75E5-412A-BC7E-765E97F90DF5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{B72EBB4A-FEA1-4E6D-A7ED-0864DA3A200C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{7F3A018E-A60F-4F58-B7FA-6D8682CBE522}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F054E40E-9954-4266-A661-AC9D4B52F9C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{80ADEB02-FE5F-4645-B221-DDEDCCA3EEBC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{17BAB5C1-C07F-4133-9B73-1D66CB882950}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B3C86FED-75E6-4272-B705-6E16AF857CB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A5EC47DF-917D-4313-B9FB-B84AFFA1320B}] => (Allow) LPort=5556
FirewallRules: [{11315955-1CA4-4488-9864-8B72D5E2F670}] => (Allow) LPort=5558
FirewallRules: [TCP Query User{6517A0B0-883D-4914-BD2B-1E1DFFC45661}D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{FD643E83-E961-437A-AFC9-7B6FA6A8CAF4}D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{9988AC0C-453D-44D6-A653-CBFDE3958933}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{C96290D4-D78C-4DB4-9C56-EE18BD8CC817}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{80362685-8058-45A8-9D1E-81C47278315C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{9854E568-5E6E-44B1-B7A1-79316751915F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{9FFB45C6-7AAE-4547-8C17-1D934E3D2E05}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{0F7E24AC-26F1-4AFC-A073-064C4316B2F1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{49CC3434-A1D4-487D-8EA4-D1F97B17D2ED}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{7E9FED75-C9E7-4324-A993-4724A312A5CD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{B886B246-A4E1-4469-9220-1E5EEA14B7EE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Not a Hero\NOT A HERO.exe
FirewallRules: [{914D3717-FA4B-4F75-B7FB-FFE82AA24B17}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Not a Hero\NOT A HERO.exe
FirewallRules: [{C714832F-EE65-4002-ACD6-85EDE926D2A0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{F63D9A29-2190-4F7A-8433-DE9E8178D3F7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [TCP Query User{A1F25674-8B7A-44CF-B228-B252DC0DB3BD}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{03CD226A-77D8-4EA1-97F6-5816F27F3CE6}D:\program files\logitech gaming software\lcore.exe] => (Allow) D:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{22B93F0C-FA08-4D29-BEC4-A97DDF7A3F7D}D:\dev\webstorm 10.0.4\bin\webstorm.exe] => (Allow) D:\dev\webstorm 10.0.4\bin\webstorm.exe
FirewallRules: [UDP Query User{56463E63-E0E5-45F7-A990-B6C63EECDC52}D:\dev\webstorm 10.0.4\bin\webstorm.exe] => (Allow) D:\dev\webstorm 10.0.4\bin\webstorm.exe
FirewallRules: [{4AF5E7C8-3830-4643-9984-B698BAEC8DD2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{C6C21F76-2555-48E5-8528-391C4919DA51}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{FAC13C6C-DB9C-4361-B10E-B5B4B39DFDCC}D:\dev\anaconda\python.exe] => (Allow) D:\dev\anaconda\python.exe
FirewallRules: [UDP Query User{79B6F116-3774-41D8-95CA-D18146FDD1D7}D:\dev\anaconda\python.exe] => (Allow) D:\dev\anaconda\python.exe
FirewallRules: [TCP Query User{F5BB1529-4709-441B-B130-68FB9CE817B3}D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{450DC068-FF21-41D9-8CE5-FE7EF56A2D32}D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{8FBBD6CD-8158-47BB-8782-CCAD522DD86D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D04B2213-86FC-4C54-89C9-4B7F9E93DE0E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\JULIA-Among the Stars\Launcher.exe
FirewallRules: [{1700DE7E-0379-42F0-A6EB-7AACBFC3C8B9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\JULIA-Among the Stars\Launcher.exe
FirewallRules: [{DFA7E2A4-0B23-4A87-84CD-5F824DE7C780}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dreamfall The Longest Journey\dreamfall.exe
FirewallRules: [{3AFCF201-3787-4671-A75D-7F2FA221F15D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dreamfall The Longest Journey\dreamfall.exe
FirewallRules: [{46EBBB3D-1749-43AA-BCF9-FA86045F2E3E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2F998071-3E51-4991-8A86-7E29510C57BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{219938F3-8DDC-406A-AA38-C78808406AD3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2C6363F9-6620-4AB5-85A3-4F3A8D737FC3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{9058C97A-5963-4828-A1FF-B79DE46EA630}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2015 06:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16401, time stamp: 0x55b1a665
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55b1a20d
Exception code: 0xc0000409
Fault offset: 0x0000000000139821
Faulting process ID: 0x1f90
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report ID: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (09/11/2015 07:13:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/11/2015 07:00:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/11/2015 07:00:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3760) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3760) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3760) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3760) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3760) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3760) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (09/11/2015 05:27:45 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c4 (0x00000000000000c5, 0xfffff801d67c2418, 0x00000000ffffffff, 0x000000000000ffff)C:\WINDOWS\MEMORY.DMP091115-17906-01
 
Error: (09/11/2015 05:27:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:12:20 PM on ‎9/‎11/‎2015 was unexpected.
 
Error: (09/11/2015 05:04:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (09/11/2015 11:57:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070011: Update for Windows 10 for x64-based Systems (KB3081449).
 
Error: (09/11/2015 11:57:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070011: Cumulative Update for Windows 10 for x64-based Systems (KB3081455).
 
Error: (09/11/2015 11:51:56 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.
 
Error: (09/11/2015 11:50:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%17
 
Error: (09/11/2015 11:49:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 11:49:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 11:49:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (09/11/2015 06:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchUI.exe10.0.10240.1640155b1a665CortanaApi.dll0.0.0.055b1a20dc000040900000000001398211f9001d0ec9fc56da2c3C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dllada9caa3-c272-4e9a-979d-b9ff458c7388Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyCortanaUI
 
Error: (09/11/2015 07:13:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/11/2015 07:00:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (09/11/2015 07:00:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AVISHAYPC)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3760-1032
 
Error: (09/10/2015 07:53:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3760C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3760-1032
 
Error: (09/10/2015 07:53:05 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3760C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3760-1032
 
Error: (09/10/2015 07:52:55 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3760C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16336.43 MB
Available physical RAM: 12717.49 MB
Total Virtual: 18768.43 MB
Available Virtual: 14195.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.1 GB) (Free:32.2 GB) NTFS
Drive d: () (Fixed) (Total:831.32 GB) (Free:383.42 GB) NTFS
Drive e: (‏‏שמור על-ידי המערכת) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:119.14 GB) (Free:118.38 GB) NTFS
Drive h: (VERBATIM) (Fixed) (Total:1863.01 GB) (Free:455.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2EA351A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E8602724)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: F773AFC7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 

 


 
RK LOG FILE:
 

 

{

    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "10.10.4.0",
            "x64": false,
            "date": "Sep  4 2015",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.com/software/roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 10 (10.0.10240) 64 bits version",
            "boot": 0,
            "winpe": false,
            "user": "avishay",
            "user_admin": true,
            "program_location": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe",
            "x64": true
        },
        "report": {
            "type": 1,
            "aborted": false,
            "date": "09/11/2015 17:17:22",
            "switches": 0,
            "debug": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 468,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 656,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 640,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 752,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "",
                "pid_parent": 640,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 768,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 744,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "",
                "pid": 824,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "",
                "pid_parent": 752,
                "path_parent": ""
            },
            {
                "name": "lsass.exe",
                "name_parent": "",
                "pid": 844,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "C:\\WINDOWS\\system32\\lsass.exe",
                "pid_parent": 752,
                "path_parent": ""
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 868,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "winlogon.exe",
                "pid_parent": 744,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 984,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 424,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 820,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "dwm.exe",
                "name_parent": "winlogon.exe",
                "pid": 952,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"dwm.exe\"",
                "pid_parent": 868,
                "path_parent": "C:\\Windows\\System32\\winlogon.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 500,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1036,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1128,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1228,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1396,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "spoolsv.exe",
                "name_parent": "",
                "pid": 1668,
                "path": "C:\\Windows\\System32\\spoolsv.exe",
                "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1788,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2024,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "Everything.exe",
                "name_parent": "",
                "pid": 1908,
                "path": "D:\\Program Files\\Everything\\Everything.exe",
                "command_line": "\"D:\\Program Files\\Everything\\Everything.exe\" -svc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "ekrn.exe",
                "name_parent": "",
                "pid": 1628,
                "path": "D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe",
                "command_line": "\"D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe\"",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SkypeC2CAutoUpdateSvc.exe",
                "name_parent": "",
                "pid": 2052,
                "path": "C:\\Program Files (x86)\\Skype\\Toolbars\\AutoUpdate\\SkypeC2CAutoUpdateSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Skype\\Toolbars\\AutoUpdate\\SkypeC2CAutoUpdateSvc.exe\" /service",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SkypeC2CPNRSvc.exe",
                "name_parent": "",
                "pid": 2068,
                "path": "C:\\Program Files (x86)\\Skype\\Toolbars\\PNRSvc\\SkypeC2CPNRSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Skype\\Toolbars\\PNRSvc\\SkypeC2CPNRSvc.exe\" /service",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2076,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2268,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2568,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "dasHost.exe",
                "name_parent": "svchost.exe",
                "pid": 2432,
                "path": "C:\\Windows\\System32\\dasHost.exe",
                "command_line": "dashost.exe {0adc4f5c-ec9d-4424-9679fec09ea303c5}",
                "pid_parent": 500,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WUDFHost.exe",
                "name_parent": "svchost.exe",
                "pid": 1844,
                "path": "C:\\Windows\\System32\\WUDFHost.exe",
                "command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a935fc12-d456-4190-9337-2f970b19ad12 -SystemEventPortName:HostProcess-c2c678c1-fc3b-45d1-8ac3-208b7f4669c2 -IoCancelEventPortName:HostProcess-39620178-d21c-40c9-8df3-73d1bbab3c89 -NonStateChangingEventPortName:HostProcess-25ca914c-ee13-4b4e-b94b-066465eb0c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3a7f9938-4a53-42c4-8f0f-ddaeef2bd6a4 -DeviceGroupId:WpdFsGroup",
                "pid_parent": 500,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "GoogleCrashHandler.exe",
                "name_parent": "",
                "pid": 4084,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler.exe\"",
                "pid_parent": 4024,
                "path_parent": ""
            },
            {
                "name": "GoogleCrashHandler64.exe",
                "name_parent": "",
                "pid": 2736,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler64.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler64.exe\"",
                "pid_parent": 4024,
                "path_parent": ""
            },
            {
                "name": "SearchIndexer.exe",
                "name_parent": "",
                "pid": 3512,
                "path": "C:\\Windows\\System32\\SearchIndexer.exe",
                "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "sihost.exe",
                "name_parent": "svchost.exe",
                "pid": 3920,
                "path": "C:\\Windows\\System32\\sihost.exe",
                "command_line": "sihost.exe",
                "pid_parent": 820,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "taskhostw.exe",
                "name_parent": "svchost.exe",
                "pid": 4060,
                "path": "C:\\Windows\\System32\\taskhostw.exe",
                "command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
                "pid_parent": 820,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 3464,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\WINDOWS\\Explorer.EXE",
                "pid_parent": 3332,
                "path_parent": ""
            },
            {
                "name": "ShellExperienceHost.exe",
                "name_parent": "svchost.exe",
                "pid": 3800,
                "path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RuntimeBroker.exe",
                "name_parent": "svchost.exe",
                "pid": 3092,
                "path": "C:\\Windows\\System32\\RuntimeBroker.exe",
                "command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchUI.exe",
                "name_parent": "svchost.exe",
                "pid": 2280,
                "path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RtkNGUI64.exe",
                "name_parent": "explorer.exe",
                "pid": 4372,
                "path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe",
                "command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe\" -s",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "Everything.exe",
                "name_parent": "explorer.exe",
                "pid": 4428,
                "path": "D:\\Program Files\\Everything\\Everything.exe",
                "command_line": "\"D:\\Program Files\\Everything\\Everything.exe\" -startup",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "LCore.exe",
                "name_parent": "explorer.exe",
                "pid": 4584,
                "path": "D:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "command_line": "\"D:\\Program Files\\Logitech Gaming Software\\LCore.exe\" /minimized",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "egui.exe",
                "name_parent": "explorer.exe",
                "pid": 4592,
                "path": "D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe",
                "command_line": "\"D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "explorer.exe",
                "pid": 4612,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4740,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=watcher --on-initialized-event-handle=568 --parent-handle=572",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4928,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5032,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.1.1006871769\\536966030\" --font-cache-shared-handle=1972 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5044,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.2.1893880529\\1311953059\" --font-cache-shared-handle=2320 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5052,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5072,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.4.1057517664\\1366989628\" --font-cache-shared-handle=2400 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5080,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.5.951974702\\67155271\" --font-cache-shared-handle=2436 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5088,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.6.485908669\\1047236694\" --font-cache-shared-handle=2728 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5096,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.7.99809228\\892429395\" --font-cache-shared-handle=2748 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5104,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.8.182588015\\376360884\" --font-cache-shared-handle=2748 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5112,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.9.541083784\\158949466\" --font-cache-shared-handle=2744 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4148,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.10.1085887080\\464376633\" --font-cache-shared-handle=3156 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 3632,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "Steam.exe",
                "name_parent": "explorer.exe",
                "pid": 5496,
                "path": "D:\\Program Files (x86)\\Steam\\Steam.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "steamwebhelper.exe",
                "name_parent": "Steam.exe",
                "pid": 5524,
                "path": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe",
                "command_line": "",
                "pid_parent": 5496,
                "path_parent": "D:\\Program Files (x86)\\Steam\\Steam.exe"
            },
            {
                "name": "SteamService.exe",
                "name_parent": "",
                "pid": 5648,
                "path": "C:\\Program Files (x86)\\Common Files\\Steam\\SteamService.exe",
                "command_line": "",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "flux.exe",
                "name_parent": "explorer.exe",
                "pid": 5788,
                "path": "C:\\Users\\zarad\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "Skype.exe",
                "name_parent": "explorer.exe",
                "pid": 5840,
                "path": "C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "BorderlessGaming.exe",
                "name_parent": "explorer.exe",
                "pid": 6000,
                "path": "D:\\Program Files (x86)\\Steam\\steamapps\\common\\Borderless Gaming\\BorderlessGaming.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 6948,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SettingSyncHost.exe",
                "name_parent": "svchost.exe",
                "pid": 4812,
                "path": "C:\\Windows\\System32\\SettingSyncHost.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "ApplicationFrameHost.exe",
                "name_parent": "svchost.exe",
                "pid": 5668,
                "path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "Video.UI.exe",
                "name_parent": "svchost.exe",
                "pid": 3984,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.ZuneVideo_3.6.12711.0_x64__8wekyb3d8bbwe\\Video.UI.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "Calculator.exe",
                "name_parent": "svchost.exe",
                "pid": 4508,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsCalculator_10.1508.14010.0_x64__8wekyb3d8bbwe\\Calculator.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WinStore.Mobile.exe",
                "name_parent": "svchost.exe",
                "pid": 6492,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\\WinStore.Mobile.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "steamwebhelper.exe",
                "name_parent": "steamwebhelper.exe",
                "pid": 4772,
                "path": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe",
                "command_line": "",
                "pid_parent": 5524,
                "path_parent": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe"
            },
            {
                "name": "SystemSettingsBroker.exe",
                "name_parent": "svchost.exe",
                "pid": 244,
                "path": "C:\\Windows\\System32\\SystemSettingsBroker.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7488,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7576,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7672,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 8104,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "audiodg.exe",
                "name_parent": "svchost.exe",
                "pid": 7680,
                "path": "C:\\Windows\\System32\\audiodg.exe",
                "command_line": "",
                "pid_parent": 1036,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchProtocolHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 8096,
                "path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
                "command_line": "",
                "pid_parent": 3512,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1836,
                "path": "",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1144,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "SearchFilterHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 2264,
                "path": "C:\\Windows\\System32\\SearchFilterHost.exe",
                "command_line": "",
                "pid_parent": 3512,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 3988,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "chrome.exe",
                "pid": 7040,
                "path": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "RogueKiller.exe",
                "pid": 792,
                "path": "",
                "command_line": "",
                "pid_parent": 7040,
                "path_parent": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe"
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [],
        "registry": [
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{040e884e-073e-4896-8c6e-ec5b32e88eb3}",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{040e884e-073e-4896-8c6e-ec5b32e88eb3}",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            }
        ],
        "tasks": [],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226347,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++\n--- User ---\n[MBR] 51b4d0c5e5acb640dc59e60c6a807543\n[BSP] 74d742046bc444cb70b21fae801c88ff : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210124800 | Size: 851268 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: OCZ-VECTOR +++++\n--- User ---\n[MBR] ffb2903729cfd68863114b3214d6b091\n[BSP] 1355176df99763ba7a578ad6f13844ec : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208896 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive2: Hitachi HDS722020ALA330 USB Device +++++\n--- User ---\n[MBR] c3bda938fbd1e66173d2de573859336a\n[BSP] 5b25dfbe3d5390bb93643748fbea9334 : Empty|VT.Unknown MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nError reading LL2 MBR! ([32] The request is not supported. )\n\n"
        }
    }
}


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:28 PM

Posted 11 September 2015 - 07:40 PM

You must post that log here
Virus, Trojan, Spyware, and Malware Removal Logs forum:

click here
http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=new_post&f=22

Sorry for the confusion
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 12 September 2015 - 04:22 AM

Oh, oh.. got it. sorry!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users