Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting occasional unprompted keystrokes and mouse clicks


  • This topic is locked This topic is locked
15 replies to this topic

#1 Funnytom

Funnytom

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 21 July 2016 - 06:30 PM

Hi all.  I've been noticing lately that when using my computer I am having random additional keystrokes and mouse clicks.  For instance, I was using firefox recently when a single tab closed on its own.  In a separate example, I was playing a game (windward I believe) when q and e keystrokes were registered (I only knew as it has buttons mapped to those keys and they lit up unprompted.  I don't know if I'm going crazy or if something is actually happening to my PC, and any assistance would be greatly appreciated

 

The FRST log is below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Tom (administrator) on METATOM (22-07-2016 09:03:33)
Running from C:\Users\Tom\Downloads
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Tom\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1084328 2015-04-13] (The Eraser Project)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7907656 2016-02-02] (SoftPerfect)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-10] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112000 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-13] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-07-10]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{78B7C22F-2AB4-4F06-AF2B-38286767E6B2}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{78B7C22F-2AB4-4F06-AF2B-38286767E6B2}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{BE537A4D-C25A-42DA-A2A0-AE6BFB3B310C}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{D2B156FC-AFDF-4480-8DE9-158DB85A7E4A}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{D2B156FC-AFDF-4480-8DE9-158DB85A7E4A}: [DhcpNameServer] 78.46.223.24 162.242.211.137

Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-13] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-01] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-01] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-13] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-13] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-13] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\sf3pxdc6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Video DownloadHelper - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\sf3pxdc6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: Adblock Plus - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\sf3pxdc6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome: 
=======
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-11]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-11]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-11]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-11]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-11]
CHR Extension: (Google Sheets) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-05-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-05-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-12] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [24064 2014-12-05] (CLEVO CO.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 FPWinIo; C:\Windows\System32\drivers\FPWinIo.sys [83688 2013-08-08] (Egis Technology Inc.)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231152 2014-12-12] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-22] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3496216 2015-02-22] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72120 2016-01-26] (NetFilterSDK.com)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [502488 2014-05-08] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-10] (Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\system32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)
S1 avipbb; \SystemRoot\system32\DRIVERS\avipbb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-22 09:03 - 2016-07-22 09:03 - 02393600 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
2016-07-22 09:03 - 2016-07-22 09:03 - 00022739 _____ C:\Users\Tom\Downloads\FRST.txt
2016-07-22 09:03 - 2016-07-22 09:03 - 00000000 ____D C:\FRST
2016-07-22 08:53 - 2016-06-26 04:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-22 08:53 - 2016-06-26 02:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-22 08:53 - 2016-06-26 02:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-22 08:53 - 2016-06-26 02:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-22 08:53 - 2016-06-26 02:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-22 08:53 - 2016-06-22 04:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-07-22 08:53 - 2016-06-22 00:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-07-22 08:53 - 2016-06-12 05:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-22 08:53 - 2016-06-12 04:14 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-22 08:53 - 2016-06-12 04:11 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-22 08:53 - 2016-06-12 03:56 - 25812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-22 08:53 - 2016-06-12 03:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-22 08:53 - 2016-06-12 03:42 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-22 08:53 - 2016-06-12 03:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-07-22 08:53 - 2016-06-12 03:22 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-22 08:53 - 2016-06-12 03:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-07-22 08:53 - 2016-06-12 03:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-07-22 08:53 - 2016-06-12 03:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-22 08:53 - 2016-06-12 03:13 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-22 08:53 - 2016-06-12 03:12 - 20348928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-22 08:53 - 2016-06-12 03:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-07-22 08:53 - 2016-06-12 03:07 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-07-22 08:53 - 2016-06-12 03:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-22 08:53 - 2016-06-12 03:01 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-07-22 08:53 - 2016-06-12 03:00 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-22 08:53 - 2016-06-12 03:00 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-07-22 08:53 - 2016-06-12 02:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-22 08:53 - 2016-06-12 02:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-07-22 08:53 - 2016-06-12 02:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-22 08:53 - 2016-06-12 02:38 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-07-22 08:53 - 2016-06-12 02:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-22 08:53 - 2016-06-12 02:31 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-22 08:53 - 2016-06-12 02:31 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-22 08:53 - 2016-06-12 02:31 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-07-22 08:53 - 2016-06-12 02:30 - 15409664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-22 08:53 - 2016-06-12 02:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-22 08:53 - 2016-06-12 02:26 - 02869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-22 08:53 - 2016-06-12 02:15 - 13806080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-22 08:53 - 2016-06-12 02:12 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-22 08:53 - 2016-06-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-22 08:53 - 2016-06-12 01:59 - 02392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-22 08:53 - 2016-06-12 01:56 - 01315840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-22 08:53 - 2016-06-12 01:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-22 08:53 - 2016-06-11 07:35 - 04167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-07-22 08:53 - 2016-05-25 23:22 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-07-22 08:53 - 2016-05-25 23:22 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-07-22 08:53 - 2016-05-25 23:12 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-07-22 08:53 - 2016-05-25 23:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-07-22 08:53 - 2016-01-31 05:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-07-22 08:53 - 2016-01-31 05:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-07-22 08:53 - 2016-01-31 04:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-07-22 08:53 - 2016-01-31 04:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-07-22 08:53 - 2016-01-31 03:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-07-22 08:53 - 2016-01-31 03:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-07-22 08:36 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-07-22 08:36 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-07-22 08:32 - 2016-07-22 08:32 - 05659291 _____ (Swearware) C:\Users\Tom\Downloads\ComboFix(2).exe
2016-07-21 17:09 - 2016-07-21 17:09 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Wireshark
2016-07-21 17:06 - 2016-07-22 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-07-21 17:06 - 2016-07-22 08:27 - 00000000 ____D C:\Program Files\Wireshark
2016-07-21 17:06 - 2016-07-22 08:27 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-07-21 14:11 - 2016-07-21 14:11 - 00000000 ____D C:\Users\Tom\Documents\NCSOFT
2016-07-21 13:11 - 2016-07-21 13:11 - 00000000 ____D C:\Users\Tom\AppData\Roaming\NCSOFT
2016-07-21 07:52 - 2016-07-21 08:02 - 00000000 ____D C:\Users\Tom\AppData\Local\UBERMOSH
2016-07-20 21:36 - 2016-07-20 21:36 - 15430083 _____ C:\Users\Tom\Downloads\5.1.0-beta Launcher for 2.03.0788 (fixed2)-1-5-1-0beta(1).zip
2016-07-20 20:53 - 2016-07-20 20:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-20 20:53 - 2016-07-11 12:13 - 01887800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvCamera64.dll
2016-07-20 20:53 - 2016-07-11 12:13 - 01595840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvCamera32.dll
2016-07-20 20:53 - 2016-05-04 12:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-07-20 20:53 - 2016-05-04 12:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-07-20 20:53 - 2016-05-04 12:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-07-20 20:53 - 2016-05-04 12:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-07-20 20:52 - 2016-07-11 12:13 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 35115968 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 31640512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 25414080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 19220352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 17321352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 16790552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 14371384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 13581880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-07-20 20:52 - 2016-07-11 12:13 - 10691632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 10656112 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 10234336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 09020656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 08742360 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 08615336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 03542072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 03099072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 01939000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436881.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436881.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 01001016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00930360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00909880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00852024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00694672 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00583736 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00544120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00459320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00444472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00394808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00177952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00155768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-07-11 14:12 - 2016-06-24 09:54 - 00452849 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160711-141233.backup
2016-07-08 12:39 - 2016-06-30 08:44 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436869.dll
2016-07-08 12:39 - 2016-06-30 08:44 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436869.dll
2016-07-07 18:16 - 2016-07-07 18:16 - 00000000 ____D C:\Users\Tom\AppData\Roaming\OBS
2016-07-07 17:40 - 2016-07-07 18:53 - 00000000 ____D C:\Users\Tom\AppData\Local\Ubisoft Game Launcher
2016-07-07 17:40 - 2016-07-07 17:40 - 00001238 _____ C:\Users\Tom\Desktop\Uplay.lnk
2016-07-07 17:40 - 2016-07-07 17:40 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-07-07 17:40 - 2016-07-07 17:40 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-07-06 18:50 - 2016-07-06 18:51 - 140783556 _____ C:\Users\Tom\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US(1).exe
2016-07-04 20:16 - 2016-07-04 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-29 20:14 - 2016-06-29 20:14 - 00103881 _____ C:\Users\Tom\Downloads\Payslip - Thomas Methorst 4_01_2016-10_01_2016.pdf
2016-06-29 20:13 - 2016-06-29 20:13 - 00062336 _____ C:\Users\Tom\Downloads\Payslip__from_Terra_Search_Pty_Ltd(1).pdf
2016-06-26 20:50 - 2016-06-26 20:50 - 01224080 _____ ( ) C:\Users\Tom\Downloads\hwmonitor_1.29.exe
2016-06-25 16:11 - 2016-06-25 16:11 - 10905817 _____ C:\Users\Tom\Downloads\GD Stash-2-0-99h.zip
2016-06-24 20:30 - 2015-09-01 01:37 - 02134528 _____ (LinGon) C:\Users\Tom\Downloads\OurDarkerPurpose+3Tr-LNG_v480.1.11.exe
2016-06-24 20:29 - 2016-06-24 20:29 - 01894042 _____ C:\Users\Tom\Downloads\ourdarkerpurposetrainer.zip
2016-06-24 12:25 - 2016-06-24 12:31 - 00000000 ____D C:\Users\Tom\Desktop\Tor Browser
2016-06-24 12:25 - 2016-06-24 12:25 - 00000850 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-06-24 12:25 - 2016-06-24 12:25 - 00000802 _____ C:\Users\Tom\Desktop\Start Tor Browser.lnk
2016-06-24 09:54 - 2016-06-12 20:42 - 00452733 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160624-095425.backup
2016-06-23 10:03 - 2016-06-23 10:10 - 00000000 ____D C:\Users\Tom\AppData\Local\HyperLightDrifter
2016-06-23 09:29 - 2016-06-23 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake II - Quad Damage [GOG.com]
2016-06-23 09:27 - 2016-06-23 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper Light Drifter [GOG.com]
2016-06-23 09:26 - 2016-06-23 09:26 - 00000000 ____D C:\Users\Tom\AppData\LocalLow\Failbetter Games
2016-06-23 09:19 - 2003-06-12 23:25 - 00007062 _____ C:\WINDOWS\SysWOW64\audiopid.vxd
2016-06-23 09:16 - 2016-06-24 07:43 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-06-23 09:16 - 2016-06-23 09:16 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-06-23 09:16 - 2016-06-23 09:16 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-23 09:03 - 2016-06-23 09:04 - 00000000 ____D C:\Users\Tom\AppData\Local\nuclearthrone
2016-06-23 08:52 - 2016-06-04 03:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-23 08:52 - 2016-06-03 23:38 - 01413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-23 08:52 - 2016-06-03 03:51 - 00050352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-23 08:52 - 2016-05-30 01:04 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-23 08:52 - 2016-05-30 01:04 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-23 08:52 - 2016-05-30 01:04 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-23 08:52 - 2016-05-30 01:04 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-23 08:52 - 2016-05-30 01:04 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-23 08:52 - 2016-05-30 01:04 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-23 08:52 - 2016-03-28 23:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-06-23 08:52 - 2016-02-03 04:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-06-23 08:52 - 2016-01-25 04:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-06-23 08:52 - 2016-01-24 21:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-06-23 08:52 - 2016-01-24 21:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-06-23 08:52 - 2016-01-22 05:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-06-23 08:52 - 2016-01-22 04:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-06-23 08:52 - 2016-01-09 11:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-06-23 08:52 - 2015-12-31 07:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-06-23 08:52 - 2015-12-17 03:11 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-06-23 08:52 - 2015-12-17 02:51 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-06-23 08:52 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2016-06-23 08:52 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2016-06-23 08:52 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2016-06-23 08:52 - 2015-10-23 03:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2016-06-23 08:52 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2016-06-23 08:52 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2016-06-23 08:52 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2016-06-23 08:52 - 2015-10-23 02:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2016-06-23 08:52 - 2015-10-23 02:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-06-23 08:52 - 2015-10-23 01:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-06-23 08:52 - 2015-10-23 00:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-06-23 08:52 - 2015-10-23 00:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-06-23 08:52 - 2015-09-29 22:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-23 08:52 - 2015-09-05 05:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2016-06-23 08:52 - 2015-08-07 02:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-06-23 08:52 - 2015-08-07 02:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-06-23 08:52 - 2015-05-08 02:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2016-06-23 08:52 - 2015-05-08 01:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2016-06-23 08:52 - 2015-05-08 01:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2016-06-23 08:52 - 2015-04-30 09:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-06-23 08:52 - 2015-04-10 10:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-06-23 08:52 - 2015-04-10 10:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-06-23 08:52 - 2015-03-09 12:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2016-06-23 08:52 - 2015-01-29 11:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2016-06-23 08:52 - 2015-01-29 11:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2016-06-23 08:52 - 2015-01-27 13:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2016-06-23 08:52 - 2015-01-24 11:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2016-06-23 08:52 - 2015-01-23 17:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-06-23 08:52 - 2015-01-23 15:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-06-23 08:52 - 2015-01-06 13:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2016-06-23 08:52 - 2015-01-06 12:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2016-06-23 08:52 - 2015-01-06 11:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2016-06-23 08:52 - 2015-01-06 11:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2016-06-23 08:52 - 2014-11-10 12:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2016-06-23 08:52 - 2014-11-10 11:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2016-06-23 08:52 - 2014-11-05 11:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2016-06-23 08:52 - 2014-11-05 11:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2016-06-23 08:51 - 2016-05-29 17:08 - 22361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-23 08:51 - 2016-05-29 04:31 - 19788688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-06-23 08:51 - 2016-05-19 09:18 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-23 08:51 - 2016-05-19 09:18 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-23 08:51 - 2016-05-19 09:16 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-23 08:51 - 2016-05-19 08:28 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-23 08:51 - 2016-05-19 07:54 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2016-06-23 08:51 - 2016-05-19 07:33 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-23 08:51 - 2016-05-19 07:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2016-06-23 08:51 - 2016-05-19 06:59 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-23 08:51 - 2016-05-19 06:56 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2016-06-23 08:51 - 2016-05-19 06:33 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2016-06-23 08:51 - 2016-05-19 06:28 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-06-23 08:51 - 2016-05-19 06:16 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-06-23 08:51 - 2016-05-15 06:26 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-23 08:51 - 2016-05-14 15:19 - 01134768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-23 08:51 - 2016-05-14 09:08 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-23 08:51 - 2016-05-14 09:08 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-06-23 08:51 - 2016-05-14 09:08 - 00032512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-06-23 08:51 - 2016-05-14 08:24 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-23 08:51 - 2016-05-14 07:42 - 03667968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-23 08:51 - 2016-05-14 07:30 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-06-23 08:51 - 2016-05-14 07:29 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-06-23 08:51 - 2016-05-14 07:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-06-23 08:51 - 2016-05-14 07:27 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-06-23 08:51 - 2016-05-14 07:26 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-06-23 08:51 - 2016-05-14 07:26 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-23 08:51 - 2016-05-14 07:18 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-06-23 08:51 - 2016-05-14 07:18 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-06-23 08:51 - 2016-05-14 07:16 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-23 08:51 - 2016-05-14 07:16 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-06-23 08:51 - 2016-05-13 04:36 - 00034600 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe
2016-06-23 08:51 - 2016-05-13 03:39 - 00030984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountBroker.exe
2016-06-23 08:51 - 2016-05-13 03:37 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2016-06-23 08:51 - 2016-05-11 12:24 - 00107984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-23 08:51 - 2016-05-11 12:24 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-23 08:51 - 2016-05-07 07:59 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-06-23 08:51 - 2016-05-07 03:13 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-06-23 08:51 - 2016-05-06 04:28 - 01661072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-23 08:51 - 2016-05-06 03:39 - 01212256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-23 08:51 - 2016-05-06 03:18 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-06-23 08:51 - 2016-05-06 03:02 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-23 08:51 - 2016-05-06 02:37 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-06-23 08:51 - 2016-05-06 02:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-23 08:51 - 2016-05-06 02:29 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-23 08:51 - 2016-05-06 01:28 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-23 08:51 - 2016-05-06 01:16 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-23 08:51 - 2016-04-16 23:56 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-06-23 08:51 - 2016-04-13 01:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-23 08:51 - 2016-04-13 01:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-23 08:51 - 2016-04-10 15:35 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-06-23 08:51 - 2016-04-10 08:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-06-23 08:51 - 2016-04-10 08:14 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Geolocation.dll
2016-06-23 08:51 - 2016-04-10 08:10 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-06-23 08:51 - 2016-04-10 08:09 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-06-23 08:51 - 2016-04-10 08:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2016-06-23 08:51 - 2016-04-10 07:59 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll
2016-06-23 08:51 - 2016-04-10 07:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-06-23 08:51 - 2016-04-10 07:56 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-06-23 08:51 - 2016-04-10 07:55 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-06-23 08:51 - 2016-04-10 07:52 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2016-06-23 08:51 - 2016-04-08 02:34 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-23 08:51 - 2016-04-08 02:06 - 00927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-23 08:51 - 2016-04-08 01:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-23 08:51 - 2016-04-07 07:21 - 00114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2016-06-23 08:51 - 2016-04-07 04:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-06-23 08:51 - 2016-04-07 04:17 - 18825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-06-23 08:51 - 2016-04-07 02:25 - 15158272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-06-23 08:51 - 2016-04-06 08:37 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2016-06-23 08:51 - 2016-04-02 23:58 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-06-23 08:51 - 2016-04-02 03:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-06-23 08:51 - 2016-04-02 03:00 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-06-23 08:51 - 2016-04-02 02:53 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-06-23 08:51 - 2016-04-02 02:50 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-06-23 08:51 - 2016-04-02 02:41 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-06-23 08:51 - 2016-02-09 11:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-23 08:51 - 2016-02-09 11:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-23 08:51 - 2016-02-09 11:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-06-23 08:51 - 2016-02-09 02:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-06-23 08:51 - 2016-02-06 00:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-06-23 08:51 - 2016-02-05 02:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-23 08:51 - 2016-02-05 02:49 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-23 08:51 - 2016-02-05 02:39 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-23 08:51 - 2016-02-04 01:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-06-23 08:51 - 2016-02-03 03:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-06-23 08:51 - 2016-02-03 03:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-06-23 08:51 - 2016-02-03 03:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-06-23 08:51 - 2016-02-03 02:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-06-23 08:51 - 2016-02-03 02:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-06-23 08:51 - 2016-02-03 02:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-06-23 08:51 - 2016-02-03 02:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-06-23 08:51 - 2016-02-03 02:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-06-23 08:51 - 2015-09-03 12:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-06-23 08:51 - 2015-09-03 12:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-06-23 08:51 - 2015-08-29 08:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-06-23 08:51 - 2015-04-02 08:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-06-23 08:51 - 2015-04-02 08:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-06-23 08:51 - 2015-04-01 13:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2016-06-23 08:51 - 2015-04-01 12:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2016-06-23 08:51 - 2015-03-20 11:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-06-23 08:51 - 2015-03-13 11:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-23 08:51 - 2015-03-13 10:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-23 08:51 - 2015-03-04 11:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-06-23 08:51 - 2015-03-04 11:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-06-23 08:51 - 2015-03-02 11:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-06-23 08:51 - 2015-03-02 11:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-06-23 08:51 - 2014-12-19 18:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-06-23 08:51 - 2014-12-19 18:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-06-23 08:51 - 2014-11-05 05:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2016-06-23 08:51 - 2014-11-05 05:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2016-06-23 08:51 - 2014-11-04 16:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2016-06-23 08:51 - 2014-11-04 16:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2016-06-23 08:51 - 2014-11-04 16:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-06-23 08:51 - 2014-11-04 16:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2016-06-23 08:50 - 2016-02-09 06:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-06-23 08:50 - 2016-02-09 06:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-06-23 08:50 - 2016-02-09 06:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-06-23 08:50 - 2016-02-09 05:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-06-23 08:50 - 2016-02-09 05:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-06-23 08:50 - 2016-02-09 05:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-06-23 08:50 - 2016-02-09 05:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-06-23 08:50 - 2016-02-09 05:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-06-23 08:50 - 2016-02-09 05:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-06-23 08:50 - 2016-02-09 05:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-06-23 08:50 - 2016-02-09 04:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-06-23 08:50 - 2016-02-09 03:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-06-23 08:50 - 2016-02-09 03:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-06-23 08:50 - 2016-02-09 03:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-06-23 08:50 - 2016-02-09 03:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-06-23 08:50 - 2016-02-09 02:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-06-23 08:50 - 2016-02-09 02:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-06-23 08:50 - 2016-02-09 02:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-23 08:50 - 2016-02-09 02:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-06-23 08:50 - 2016-02-09 02:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-06-23 08:50 - 2016-02-09 02:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-06-23 08:50 - 2016-02-09 02:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-06-23 08:50 - 2016-02-09 02:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-23 08:50 - 2016-02-04 01:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-06-23 08:50 - 2016-02-03 03:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-06-23 08:50 - 2016-01-09 11:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-06-23 08:50 - 2016-01-09 11:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-06-23 08:50 - 2015-07-23 00:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2016-06-23 08:50 - 2015-07-22 23:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-06-23 08:50 - 2015-07-18 00:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-06-23 08:50 - 2015-07-18 00:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-06-23 08:50 - 2015-04-09 08:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2016-06-23 08:50 - 2015-01-30 13:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2016-06-23 08:50 - 2014-11-08 12:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-06-23 08:50 - 2014-11-08 12:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-06-23 08:49 - 2016-03-11 03:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-06-23 08:49 - 2016-03-11 03:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-06-23 08:49 - 2016-03-11 02:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-06-23 08:49 - 2016-03-11 02:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-06-23 08:49 - 2016-03-11 02:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-06-23 08:49 - 2016-03-06 03:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-06-23 08:49 - 2016-03-06 03:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-06-23 08:49 - 2016-02-05 04:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-06-23 08:49 - 2016-02-05 03:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-06-23 08:49 - 2016-02-03 03:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-06-23 08:49 - 2016-02-01 03:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-06-23 08:49 - 2016-01-27 05:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-06-23 08:49 - 2016-01-22 15:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-06-23 08:49 - 2016-01-22 15:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-06-23 08:49 - 2016-01-21 08:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-06-23 08:49 - 2016-01-11 02:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-06-23 08:49 - 2016-01-11 02:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-06-23 08:49 - 2016-01-07 09:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-06-23 08:49 - 2016-01-07 09:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-06-23 08:49 - 2016-01-07 02:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-23 08:49 - 2015-12-31 06:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-06-23 08:49 - 2015-11-20 00:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-06-23 08:49 - 2015-11-20 00:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-06-23 08:49 - 2015-10-04 05:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-06-23 08:49 - 2015-10-04 05:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-06-23 08:49 - 2015-08-07 03:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2016-06-23 08:49 - 2015-08-07 02:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2016-06-23 08:49 - 2015-05-04 01:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-23 08:49 - 2015-05-04 00:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-06-23 08:49 - 2015-05-04 00:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2016-06-23 08:49 - 2015-05-04 00:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2016-06-23 08:49 - 2015-04-25 12:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2016-06-23 08:49 - 2015-04-03 10:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2016-06-23 08:49 - 2015-04-03 10:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2016-06-23 08:49 - 2015-03-13 12:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2016-06-23 08:49 - 2015-03-06 12:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-06-23 08:49 - 2015-02-03 10:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-06-23 08:49 - 2015-02-03 10:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-06-23 08:49 - 2015-01-30 12:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2016-06-23 08:49 - 2015-01-30 12:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2016-06-23 08:49 - 2015-01-30 11:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2016-06-23 08:49 - 2015-01-30 11:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2016-06-23 08:49 - 2015-01-28 12:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2016-06-23 08:49 - 2015-01-28 11:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2016-06-23 08:49 - 2014-11-16 05:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-06-23 08:49 - 2014-11-15 16:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-06-23 08:49 - 2014-11-14 16:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-23 08:49 - 2014-11-14 15:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-23 08:49 - 2014-11-10 12:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2016-06-23 08:49 - 2014-11-10 11:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-23 08:49 - 2014-11-10 11:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-06-23 08:49 - 2014-11-10 10:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-06-23 08:49 - 2014-11-08 14:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2016-06-23 08:49 - 2014-11-08 13:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2016-06-23 08:49 - 2014-11-08 13:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2016-06-23 08:49 - 2014-11-08 13:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2016-06-23 08:49 - 2014-11-08 13:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2016-06-23 08:49 - 2014-11-08 13:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2016-06-23 08:49 - 2014-11-08 13:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2016-06-23 08:49 - 2014-11-08 13:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2016-06-23 08:49 - 2014-11-08 12:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2016-06-23 08:49 - 2014-11-08 12:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2016-06-23 08:49 - 2014-11-08 11:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-06-23 08:49 - 2014-11-08 11:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-06-23 08:49 - 2014-11-05 12:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2016-06-23 08:49 - 2014-11-05 12:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2016-06-23 08:49 - 2014-11-05 12:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-06-23 08:49 - 2014-11-05 11:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-06-23 08:49 - 2014-11-05 11:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-06-23 08:49 - 2014-11-05 11:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2016-06-23 08:49 - 2014-11-05 11:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2016-06-23 08:49 - 2014-11-05 11:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-06-23 08:49 - 2014-11-05 11:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-06-23 08:49 - 2014-11-05 11:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-06-23 08:49 - 2014-11-05 11:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2016-06-23 08:49 - 2014-11-05 11:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-06-23 08:49 - 2014-11-05 05:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-06-23 08:49 - 2014-11-04 16:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-06-23 08:49 - 2014-11-04 15:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-06-23 08:49 - 2014-10-31 09:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-06-23 08:49 - 2014-10-31 09:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-06-23 08:49 - 2014-10-29 11:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2016-06-23 08:49 - 2014-10-29 11:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2016-06-23 08:49 - 2014-10-21 11:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2016-06-23 08:49 - 2014-10-21 11:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2016-06-23 08:49 - 2014-10-21 10:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2016-06-23 08:49 - 2014-10-21 10:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2016-06-23 08:49 - 2014-10-21 10:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2016-06-23 08:49 - 2014-10-21 10:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2016-06-23 08:49 - 2014-10-17 14:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2016-06-23 08:49 - 2014-10-17 13:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-06-23 08:48 - 2016-03-16 11:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-23 08:48 - 2016-03-16 11:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-23 08:48 - 2016-03-15 02:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-06-23 08:48 - 2016-03-12 10:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-06-23 08:48 - 2016-03-12 10:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-06-23 08:48 - 2016-03-12 10:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-06-23 08:48 - 2016-03-11 02:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-06-23 08:48 - 2016-03-11 02:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-06-23 08:48 - 2016-03-11 02:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-06-23 08:48 - 2016-02-28 04:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-06-23 08:48 - 2016-02-28 03:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-06-23 08:48 - 2016-02-28 03:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-06-23 08:48 - 2016-02-28 02:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-06-23 08:48 - 2016-02-06 05:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-06-23 08:48 - 2016-02-06 01:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-06-23 08:48 - 2016-02-06 01:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-06-23 08:48 - 2016-02-06 01:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-06-23 08:48 - 2016-02-05 02:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-06-23 08:48 - 2016-02-05 02:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-06-23 08:48 - 2016-02-01 05:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-23 08:48 - 2016-02-01 04:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-23 08:48 - 2016-01-06 01:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-06-23 08:48 - 2015-12-21 00:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-06-23 08:48 - 2015-10-11 16:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-06-23 08:48 - 2015-10-11 16:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2016-06-23 08:48 - 2015-10-11 16:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2016-06-23 08:48 - 2015-10-11 16:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2016-06-23 08:48 - 2015-10-11 04:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2016-06-23 08:48 - 2015-10-11 04:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2016-06-23 08:48 - 2015-10-11 04:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2016-06-23 08:48 - 2015-10-09 02:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2016-06-23 08:48 - 2015-10-09 01:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2016-06-23 08:48 - 2015-10-06 04:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-06-23 08:48 - 2015-07-17 04:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2016-06-23 08:48 - 2015-07-15 07:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-06-23 08:48 - 2015-07-15 07:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2016-06-23 08:48 - 2015-07-15 07:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2016-06-23 08:48 - 2015-07-10 02:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-06-23 08:48 - 2015-06-12 06:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-06-23 08:48 - 2015-06-10 08:39 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-23 08:48 - 2015-06-10 08:38 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-23 08:48 - 2015-05-12 23:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-23 08:48 - 2015-05-12 02:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-06-23 08:48 - 2015-05-01 11:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-06-23 08:48 - 2015-05-01 11:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-06-23 08:48 - 2015-05-01 11:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-06-23 08:48 - 2015-04-24 01:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-06-23 08:48 - 2015-04-24 01:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-06-23 08:48 - 2015-04-16 16:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-06-23 08:48 - 2015-04-14 08:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2016-06-23 08:48 - 2015-04-14 08:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2016-06-23 08:48 - 2015-04-10 10:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-06-23 08:48 - 2015-04-10 10:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-06-23 08:48 - 2015-04-01 14:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-06-23 08:48 - 2015-04-01 14:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2016-06-23 08:48 - 2015-04-01 14:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2016-06-23 08:48 - 2015-04-01 14:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2016-06-23 08:48 - 2015-04-01 13:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-06-23 08:48 - 2015-04-01 13:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-06-23 08:48 - 2015-04-01 13:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-06-23 08:48 - 2015-04-01 12:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2016-06-23 08:48 - 2015-04-01 12:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-06-23 08:48 - 2015-04-01 12:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-06-23 08:48 - 2015-04-01 12:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2016-06-23 08:48 - 2015-04-01 12:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-06-23 08:48 - 2015-04-01 12:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-06-23 08:48 - 2015-03-13 14:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-06-23 08:48 - 2015-03-13 14:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-06-23 08:48 - 2015-03-06 13:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2016-06-23 08:48 - 2015-03-06 12:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2016-06-23 08:48 - 2015-02-08 09:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-06-23 08:48 - 2015-02-08 09:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-06-23 08:48 - 2015-01-30 12:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-06-23 08:48 - 2015-01-30 11:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-06-23 08:48 - 2015-01-30 11:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-06-23 08:48 - 2015-01-30 11:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-06-23 08:48 - 2015-01-30 11:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-06-23 08:48 - 2015-01-30 11:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-06-23 08:48 - 2015-01-30 11:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-06-23 08:48 - 2015-01-30 11:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-06-23 08:48 - 2014-12-11 15:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2016-06-23 08:48 - 2014-11-18 06:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-06-23 08:48 - 2014-11-14 16:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2016-06-23 08:48 - 2014-11-14 16:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-06-22 21:43 - 2014-04-16 09:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-06-22 21:43 - 2014-04-16 09:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-06-22 21:35 - 2016-05-19 09:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-22 21:35 - 2016-05-19 06:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-22 21:35 - 2016-05-18 15:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-22 21:35 - 2016-05-18 15:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-22 21:35 - 2016-05-15 06:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-22 21:35 - 2016-05-15 06:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-22 21:35 - 2016-05-14 09:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-22 21:35 - 2016-05-14 09:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-22 21:35 - 2016-05-14 09:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-22 21:35 - 2016-05-14 09:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-22 21:35 - 2016-05-14 09:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-22 21:35 - 2016-05-14 08:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-22 21:35 - 2016-05-14 07:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-22 21:35 - 2016-05-14 07:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-22 21:35 - 2016-05-14 07:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-22 21:35 - 2016-05-14 07:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-22 21:35 - 2016-05-13 04:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-22 21:35 - 2016-05-13 03:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-22 21:35 - 2016-05-13 02:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-22 21:35 - 2016-05-13 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-22 21:35 - 2016-05-13 02:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-22 21:35 - 2016-05-13 01:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-22 21:35 - 2016-05-13 01:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-22 21:35 - 2016-05-13 01:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-22 21:35 - 2016-05-10 07:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-22 21:35 - 2016-05-10 06:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-22 21:35 - 2016-05-10 06:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-22 21:35 - 2016-05-10 06:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-22 21:35 - 2016-05-07 01:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-22 21:35 - 2016-05-07 01:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-22 09:01 - 2015-10-03 14:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\FileAdvisor
2016-07-22 09:00 - 2016-05-30 11:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-22 09:00 - 2016-01-18 18:53 - 00000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2016-07-22 09:00 - 2015-07-10 13:20 - 00000000 __SHD C:\Users\Tom\IntelGraphicsProfiles
2016-07-22 08:58 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2016-07-22 08:57 - 2016-06-10 12:39 - 00359896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-22 08:57 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-07-22 08:57 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-07-22 08:57 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-07-22 08:57 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-22 08:55 - 2015-07-10 20:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-22 08:55 - 2013-08-23 01:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-22 08:54 - 2015-07-10 20:34 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-22 08:52 - 2015-07-10 14:59 - 00000000 ____D C:\Users\Tom\AppData\Local\ClassicShell
2016-07-22 08:52 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-22 08:45 - 2015-07-10 13:25 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3256585615-2926279296-1792539217-1001
2016-07-22 08:43 - 2016-01-01 09:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-22 08:39 - 2015-07-10 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-22 08:34 - 2014-11-22 11:01 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-22 08:33 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-22 08:31 - 2016-05-29 21:23 - 00000000 ____D C:\Users\Tom
2016-07-22 08:27 - 2016-02-18 19:53 - 00000000 ____D C:\Users\Tom\Desktop\5.1.0-beta Launcher for 2.03.0788 (fixed2)-1-5-1-0beta
2016-07-22 08:27 - 2016-02-01 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-07-22 08:27 - 2015-11-21 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-22 08:27 - 2015-11-21 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-07-22 08:27 - 2015-10-03 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2016-07-22 08:27 - 2015-10-03 09:03 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2016-07-22 08:27 - 2015-09-20 22:23 - 00000000 ____D C:\Program Files\Java
2016-07-22 08:27 - 2015-08-23 19:05 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Battle.net
2016-07-22 08:27 - 2015-07-12 22:20 - 00000000 ____D C:\ProgramData\Oracle
2016-07-22 08:27 - 2015-07-12 18:20 - 00000000 ____D C:\Program Files\NordVPN
2016-07-22 08:27 - 2015-07-10 20:03 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2016-07-22 08:27 - 2015-07-10 19:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-22 08:27 - 2015-07-10 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\Warframe
2016-07-22 08:27 - 2015-07-10 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-07-22 08:27 - 2014-11-13 09:25 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-07-22 08:27 - 2014-11-13 09:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-22 08:27 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-22 08:27 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-07-22 08:27 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-07-22 08:27 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2016-07-22 08:27 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\registration
2016-07-22 08:27 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-22 08:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-07-22 08:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\servicing
2016-07-21 23:00 - 2015-07-10 20:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TS3Client
2016-07-21 19:20 - 2015-08-23 19:05 - 00000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2016-07-21 18:28 - 2016-06-09 21:18 - 00007616 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2016-07-21 17:00 - 2015-09-08 12:10 - 00000000 ____D C:\Users\Tom\.oracle_jre_usage
2016-07-20 20:53 - 2016-05-29 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-20 20:53 - 2016-05-29 21:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-19 20:08 - 2015-10-03 09:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\AdvertismentImages
2016-07-15 20:10 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-14 19:42 - 2016-01-01 09:14 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-14 19:42 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-14 19:42 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-14 19:05 - 2015-07-29 16:51 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 19:05 - 2015-07-29 16:51 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 12:14 - 2015-07-11 10:16 - 00000000 ____D C:\Users\Tom\Documents\My Games
2016-07-11 12:13 - 2016-05-25 21:24 - 03840096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-07-11 12:13 - 2016-05-25 21:24 - 03393576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-07-11 12:13 - 2016-05-25 21:24 - 00039124 _____ C:\WINDOWS\system32\nvinfo.pb
2016-07-11 11:13 - 2015-10-03 09:03 - 00003518 _____ C:\WINDOWS\System32\Tasks\FileAdvisorCheck
2016-07-11 09:17 - 2016-05-29 21:18 - 06384064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-07-11 09:17 - 2016-05-29 21:18 - 02465848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-07-11 09:17 - 2016-05-29 21:18 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-07-11 09:17 - 2016-05-29 21:18 - 01364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-07-11 09:17 - 2016-05-29 21:18 - 00547896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-07-11 09:17 - 2016-05-29 21:18 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-07-11 09:17 - 2016-05-29 21:18 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-07-11 09:17 - 2016-05-29 21:18 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-07-10 17:13 - 2015-10-06 13:10 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-10 09:29 - 2016-05-15 14:49 - 00017920 ___SH C:\Users\Tom\Desktop\Thumbs.db
2016-07-08 03:03 - 2016-05-29 21:18 - 07211925 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-07-07 12:27 - 2015-07-10 18:45 - 00000000 ____D C:\Users\Tom\Desktop\Game Shortcuts
2016-07-05 18:55 - 2015-07-11 10:15 - 00000000 ____D C:\Users\Tom\Documents\Job stuff
2016-07-02 14:29 - 2014-11-22 15:29 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-07-02 14:29 - 2014-11-22 15:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-30 08:44 - 2016-05-25 21:24 - 03828968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET34D7.tmp
2016-06-30 08:44 - 2016-05-25 21:24 - 03387080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SET4469.tmp
2016-06-29 20:27 - 2016-04-14 15:54 - 00506895 _____ C:\Users\Tom\Documents\updated loan SS.ods
2016-06-26 21:30 - 2015-07-29 10:49 - 00000000 ____D C:\Users\Tom\AppData\Roaming\MPC-HC
2016-06-26 20:51 - 2016-01-21 10:35 - 00000963 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2016-06-25 10:37 - 2015-07-15 20:07 - 00000000 ____D C:\ProgramData\Stardock
2016-06-24 21:20 - 2016-04-15 16:38 - 00000000 ____D C:\Users\Tom\AppData\Local\OurDarkerPurpose
2016-06-24 16:48 - 2016-05-29 21:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-24 13:08 - 2015-11-05 09:17 - 00000000 ____D C:\Program Files\PeerBlock
2016-06-24 12:25 - 2016-03-17 20:49 - 00000000 ____D C:\Users\Tom\AppData\Local\PrivaZer
2016-06-24 11:12 - 2015-07-12 12:57 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Skype
2016-06-24 10:11 - 2015-07-12 12:57 - 00000000 ____D C:\ProgramData\Skype
2016-06-24 07:43 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppCompat
2016-06-24 07:39 - 2014-11-13 09:21 - 00001414 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-06-23 10:11 - 2015-10-20 13:26 - 00000000 ____D C:\Users\Tom\AppData\Local\ElevatedDiagnostics
2016-06-23 09:20 - 2013-08-23 01:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-06-23 09:19 - 2014-11-13 09:26 - 00000000 ____D C:\Program Files (x86)\Creative
2016-06-23 09:16 - 2014-11-22 15:25 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-06-23 09:16 - 2014-11-22 10:22 - 00000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2016-06-23 09:16 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-06-23 09:16 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\WinStore
2016-06-23 09:16 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-06-23 09:16 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\setup
2016-06-23 09:16 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-06-22 21:48 - 2016-05-29 21:20 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

==================== Files in the root of some directories =======

2016-06-09 21:18 - 2016-07-21 18:28 - 0007616 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2015-11-22 09:48 - 2015-11-22 09:48 - 0000127 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\avgnt.exe
C:\Users\Tom\AppData\Local\Temp\Bass.dll
C:\Users\Tom\AppData\Local\Temp\Bass.Net.dll
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-15 19:44

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Funnytom

Funnytom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 22 July 2016 - 03:11 AM

An update on my issue:  after using the computer and installing some windows updates, the computer refused to start.  One repair install later and my computer is running again, but still having performance issues now, with crashes when just trying to open the start menu - the crash occurred by the computer locking up, and then suffering a black screen, which I was only able to get past by restarting.  I've re-run the FRST and attached the log below.  I cannot attach the addition.txt to this post and will put it in the next one

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Tom (administrator) on METATOM (22-07-2016 18:02:49)
Running from C:\Users\Tom\Downloads
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Tom\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1084328 2015-04-13] (The Eraser Project)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-13] (IvoSoft)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7907656 2016-02-02] (SoftPerfect)
HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-06-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112000 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-13] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-07-10]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{78B7C22F-2AB4-4F06-AF2B-38286767E6B2}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{78B7C22F-2AB4-4F06-AF2B-38286767E6B2}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{BE537A4D-C25A-42DA-A2A0-AE6BFB3B310C}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{D2B156FC-AFDF-4480-8DE9-158DB85A7E4A}: [DhcpNameServer] 78.46.223.24 162.242.211.137

Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-13] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-01] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-01] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-13] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-13] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-13] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\sf3pxdc6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Video DownloadHelper - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\sf3pxdc6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: Adblock Plus - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\sf3pxdc6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome:
=======
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-11]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-11]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-11]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-11]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-11]
CHR Extension: (Google Sheets) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-06-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-06-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-06-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-06-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-05-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-05-30] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1633792 2015-07-22] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-12] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [24064 2014-12-05] (CLEVO CO.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-06-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-06-01] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 FPWinIo; C:\Windows\System32\drivers\FPWinIo.sys [83688 2013-08-08] (Egis Technology Inc.)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231152 2014-12-12] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-22] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3496216 2015-02-22] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72120 2016-01-26] (NetFilterSDK.com)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [502488 2014-05-08] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-10] (Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-22] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\system32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 03:33 - 2016-07-23 03:33 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-07-23 03:33 - 2016-07-23 03:33 - 00000000 ____D C:\Windows.old
2016-07-23 03:33 - 2016-07-22 17:47 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-23 03:29 - 2016-07-23 03:29 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2016-07-23 03:29 - 2016-07-23 03:29 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2016-07-23 03:29 - 2016-07-23 03:29 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-07-23 03:29 - 2016-07-23 03:29 - 00000000 ____D C:\Program Files\MSBuild
2016-07-23 03:29 - 2016-07-23 03:29 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-07-23 03:29 - 2016-07-23 03:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-07-23 03:29 - 2016-05-29 16:39 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-07-23 03:29 - 2016-05-29 16:39 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-23 03:29 - 2016-05-29 16:39 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-07-23 03:29 - 2016-05-29 16:38 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-07-23 03:29 - 2016-05-29 16:38 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-23 03:29 - 2016-05-29 16:38 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-07-22 18:02 - 2016-07-22 18:02 - 02393600 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
2016-07-22 17:47 - 2016-07-22 17:47 - 00001463 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-22 17:47 - 2016-07-22 17:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-22 17:47 - 2016-07-22 17:47 - 00000020 ___SH C:\Users\Tom\ntuser.ini
2016-07-22 17:39 - 2016-07-22 17:39 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-22 17:38 - 2016-07-22 17:57 - 00000000 ____D C:\Users\Tom
2016-07-22 17:38 - 2016-07-22 17:41 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2016-07-22 17:38 - 2016-07-22 17:41 - 00022863 _____ C:\WINDOWS\diagerr.xml
2016-07-22 17:38 - 2016-07-22 17:38 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-07-22 17:38 - 2014-11-22 11:02 - 00000369 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-07-22 17:38 - 2014-11-22 11:02 - 00000369 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-07-22 17:35 - 2016-07-22 17:58 - 00000000 ____D C:\Program Files (x86)\Razer
2016-07-22 17:35 - 2016-07-22 17:39 - 00000000 ____D C:\ProgramData\Razer
2016-07-22 17:35 - 2016-07-22 17:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-22 17:35 - 2016-07-22 17:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-22 17:35 - 2016-07-22 17:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-22 17:35 - 2016-07-11 09:17 - 06384064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-07-22 17:35 - 2016-07-11 09:17 - 02465848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-07-22 17:35 - 2016-07-11 09:17 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-07-22 17:35 - 2016-07-11 09:17 - 01364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-07-22 17:35 - 2016-07-11 09:17 - 00547896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-07-22 17:35 - 2016-07-11 09:17 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-07-22 17:35 - 2016-07-11 09:17 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-07-22 17:35 - 2016-07-11 09:17 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-07-22 17:35 - 2016-07-08 03:03 - 07211925 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-07-22 17:34 - 2016-07-22 17:39 - 00000000 ____D C:\Program Files\Intel
2016-07-22 17:34 - 2016-07-22 17:34 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2016-07-22 17:34 - 2016-07-22 17:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-07-22 17:34 - 2016-07-22 17:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-07-22 17:34 - 2016-07-22 17:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-07-22 17:34 - 2016-07-22 17:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-07-22 17:34 - 2016-07-22 17:34 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-07-22 17:34 - 2016-07-22 17:34 - 00000000 ____D C:\Program Files\Synaptics
2016-07-22 17:34 - 2016-07-22 17:34 - 00000000 ____D C:\Program Files\Realtek
2016-07-22 17:34 - 2015-08-09 04:50 - 00096752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-07-22 17:34 - 2015-08-09 04:50 - 00092648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-07-22 17:11 - 2016-07-22 17:11 - 00915584 _____ (Magical Jelly Bean ) C:\Users\Tom\Downloads\KeyFinderInstaller.exe
2016-07-22 17:04 - 2016-07-22 17:25 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-22 14:17 - 2016-07-22 14:17 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Avira
2016-07-22 09:04 - 2016-07-22 14:06 - 00000000 ____D C:\AdwCleaner
2016-07-22 09:03 - 2016-07-22 18:03 - 00023296 _____ C:\Users\Tom\Downloads\FRST.txt
2016-07-22 09:03 - 2016-07-22 18:02 - 00000000 ____D C:\FRST
2016-07-22 09:03 - 2016-07-22 09:04 - 00085250 _____ C:\Users\Tom\Downloads\Addition.txt
2016-07-21 17:09 - 2016-07-21 17:09 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Wireshark
2016-07-21 17:06 - 2016-07-22 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-07-21 17:06 - 2016-07-22 08:27 - 00000000 ____D C:\Program Files\Wireshark
2016-07-21 17:06 - 2016-07-22 08:27 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-07-21 14:11 - 2016-07-21 14:11 - 00000000 ____D C:\Users\Tom\Documents\NCSOFT
2016-07-21 13:11 - 2016-07-21 13:11 - 00000000 ____D C:\Users\Tom\AppData\Roaming\NCSOFT
2016-07-21 07:52 - 2016-07-21 08:02 - 00000000 ____D C:\Users\Tom\AppData\Local\UBERMOSH
2016-07-20 21:36 - 2016-07-20 21:36 - 15430083 _____ C:\Users\Tom\Downloads\5.1.0-beta Launcher for 2.03.0788 (fixed2)-1-5-1-0beta(1).zip
2016-07-20 20:53 - 2016-07-20 20:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-20 20:53 - 2016-07-11 12:13 - 01887800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvCamera64.dll
2016-07-20 20:53 - 2016-07-11 12:13 - 01595840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvCamera32.dll
2016-07-20 20:53 - 2016-05-04 12:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-07-20 20:53 - 2016-05-04 12:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-07-20 20:53 - 2016-05-04 12:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-07-20 20:53 - 2016-05-04 12:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-07-20 20:52 - 2016-07-11 12:13 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 35115968 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 31640512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 25414080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 19220352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 17321352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 16790552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 14371384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 13581880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-07-20 20:52 - 2016-07-11 12:13 - 10691632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 10656112 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 10234336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 09020656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 08742360 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 08615336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 03840096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 03542072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 03393576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 03099072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 01939000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436881.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436881.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 01001016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00930360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00909880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00852024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00694672 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00583736 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00544120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00459320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00444472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00394808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00177952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00155768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-07-20 20:52 - 2016-07-11 12:13 - 00039124 _____ C:\WINDOWS\system32\nvinfo.pb
2016-07-20 20:52 - 2016-07-11 12:13 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-07-20 20:52 - 2016-07-11 12:13 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-07-11 14:12 - 2016-06-24 09:54 - 00452849 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160711-141233.backup
2016-07-08 12:39 - 2016-06-30 08:44 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436869.dll
2016-07-08 12:39 - 2016-06-30 08:44 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436869.dll
2016-07-07 18:16 - 2016-07-07 18:16 - 00000000 ____D C:\Users\Tom\AppData\Roaming\OBS
2016-07-07 17:40 - 2016-07-22 17:38 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-07-07 17:40 - 2016-07-07 18:53 - 00000000 ____D C:\Users\Tom\AppData\Local\Ubisoft Game Launcher
2016-07-07 17:40 - 2016-07-07 17:40 - 00001238 _____ C:\Users\Tom\Desktop\Uplay.lnk
2016-07-07 17:40 - 2016-07-07 17:40 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-07-06 18:50 - 2016-07-06 18:51 - 140783556 _____ C:\Users\Tom\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_en-US(1).exe
2016-07-04 20:16 - 2016-07-04 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-29 20:14 - 2016-06-29 20:14 - 00103881 _____ C:\Users\Tom\Downloads\Payslip - Thomas Methorst 4_01_2016-10_01_2016.pdf
2016-06-29 20:13 - 2016-06-29 20:13 - 00062336 _____ C:\Users\Tom\Downloads\Payslip__from_Terra_Search_Pty_Ltd(1).pdf
2016-06-26 20:50 - 2016-06-26 20:50 - 01224080 _____ ( ) C:\Users\Tom\Downloads\hwmonitor_1.29.exe
2016-06-25 16:11 - 2016-06-25 16:11 - 10905817 _____ C:\Users\Tom\Downloads\GD Stash-2-0-99h.zip
2016-06-24 20:30 - 2015-09-01 01:37 - 02134528 _____ (LinGon) C:\Users\Tom\Downloads\OurDarkerPurpose+3Tr-LNG_v480.1.11.exe
2016-06-24 20:29 - 2016-06-24 20:29 - 01894042 _____ C:\Users\Tom\Downloads\ourdarkerpurposetrainer.zip
2016-06-24 12:25 - 2016-06-24 12:31 - 00000000 ____D C:\Users\Tom\Desktop\Tor Browser
2016-06-24 12:25 - 2016-06-24 12:25 - 00000802 _____ C:\Users\Tom\Desktop\Start Tor Browser.lnk
2016-06-24 09:54 - 2016-06-12 20:42 - 00452733 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160624-095425.backup
2016-06-23 10:03 - 2016-06-23 10:10 - 00000000 ____D C:\Users\Tom\AppData\Local\HyperLightDrifter
2016-06-23 09:29 - 2016-07-22 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake II - Quad Damage [GOG.com]
2016-06-23 09:27 - 2016-07-22 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper Light Drifter [GOG.com]
2016-06-23 09:26 - 2016-06-23 09:26 - 00000000 ____D C:\Users\Tom\AppData\LocalLow\Failbetter Games
2016-06-23 09:19 - 2003-06-12 23:25 - 00007062 _____ C:\WINDOWS\SysWOW64\audiopid.vxd
2016-06-23 09:03 - 2016-06-23 09:04 - 00000000 ____D C:\Users\Tom\AppData\Local\nuclearthrone
2016-06-23 08:52 - 2016-06-03 03:51 - 00050352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-23 08:52 - 2016-05-30 01:04 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-23 08:50 - 2015-07-23 00:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2016-06-23 08:50 - 2015-07-22 23:52 - 01633792 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-06-23 08:49 - 2015-11-20 00:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-06-23 08:49 - 2015-11-20 00:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-06-23 08:49 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 03:33 - 2013-08-23 01:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-07-23 03:29 - 2014-11-22 11:15 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-07-23 03:29 - 2014-11-22 11:15 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-07-23 03:29 - 2014-11-22 11:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-07-23 03:29 - 2014-11-22 11:15 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-07-23 03:29 - 2013-08-22 21:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-07-23 03:29 - 2013-08-22 21:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-07-23 03:29 - 2013-08-22 21:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-07-23 03:29 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-07-23 03:29 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-07-23 03:29 - 2013-08-22 13:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-07-23 03:29 - 2013-08-22 13:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-07-23 03:29 - 2013-08-22 13:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-07-23 03:29 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-07-23 03:29 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-07-23 03:01 - 2016-02-18 19:53 - 00000000 ____D C:\Users\Tom\Desktop\5.1.0-beta Launcher for 2.03.0788 (fixed2)-1-5-1-0beta
2016-07-23 03:01 - 2015-10-03 09:03 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2016-07-23 03:01 - 2015-08-23 19:05 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Battle.net
2016-07-23 03:01 - 2015-07-12 18:20 - 00000000 ____D C:\Program Files\NordVPN
2016-07-23 03:01 - 2015-07-10 20:03 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2016-07-23 03:01 - 2015-07-10 19:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-23 03:01 - 2015-07-10 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\Warframe
2016-07-23 03:00 - 2015-10-06 13:10 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-23 03:00 - 2015-09-20 22:23 - 00000000 ____D C:\Program Files\Java
2016-07-23 03:00 - 2015-07-12 22:20 - 00000000 ____D C:\ProgramData\Oracle
2016-07-23 03:00 - 2015-07-10 20:02 - 00000000 ____D C:\ProgramData\Avira
2016-07-23 03:00 - 2015-07-10 20:02 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-23 03:00 - 2014-11-13 09:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-22 17:59 - 2015-10-03 14:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\FileAdvisor
2016-07-22 17:58 - 2016-05-30 11:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-22 17:58 - 2015-07-10 14:59 - 00000000 ____D C:\Users\Tom\AppData\Local\ClassicShell
2016-07-22 17:58 - 2015-07-10 13:20 - 00000000 __SHD C:\Users\Tom\IntelGraphicsProfiles
2016-07-22 17:57 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-22 17:53 - 2015-07-10 13:25 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3256585615-2926279296-1792539217-1001
2016-07-22 17:52 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-22 17:47 - 2015-07-15 07:55 - 00000401 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-07-22 17:47 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-22 17:47 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2016-07-22 17:44 - 2014-11-22 11:01 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-22 17:42 - 2016-01-01 09:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-22 17:41 - 2016-05-29 21:27 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-07-22 17:41 - 2013-08-23 01:36 - 00000000 __RSD C:\WINDOWS\Media
2016-07-22 17:41 - 2013-08-23 01:36 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-22 17:41 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\Registration
2016-07-22 17:40 - 2013-08-23 00:44 - 00359896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-22 17:39 - 2016-06-09 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barony - Cursed Edition [GOG.com]
2016-07-22 17:39 - 2016-05-30 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-07-22 17:39 - 2016-05-30 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-22 17:39 - 2016-05-15 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
2016-07-22 17:39 - 2016-04-22 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.5
2016-07-22 17:39 - 2016-03-17 20:49 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2016-07-22 17:39 - 2016-02-11 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2016-07-22 17:39 - 2016-02-05 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2016-07-22 17:39 - 2016-02-01 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-07-22 17:39 - 2016-02-01 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-07-22 17:39 - 2016-01-28 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-07-22 17:39 - 2016-01-21 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-07-22 17:39 - 2015-12-25 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-22 17:39 - 2015-12-18 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-07-22 17:39 - 2015-11-21 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-22 17:39 - 2015-11-21 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-07-22 17:39 - 2015-11-05 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-07-22 17:39 - 2015-11-03 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-07-22 17:39 - 2015-10-20 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-07-22 17:39 - 2015-10-03 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
2016-07-22 17:39 - 2015-10-03 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2016-07-22 17:39 - 2015-10-02 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-07-22 17:39 - 2015-09-19 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Combat Tracker
2016-07-22 17:39 - 2015-09-18 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-22 17:39 - 2015-09-18 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-22 17:39 - 2015-09-05 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2016-07-22 17:39 - 2015-08-30 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-22 17:39 - 2015-08-23 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-07-22 17:39 - 2015-07-29 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2016-07-22 17:39 - 2015-07-28 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-07-22 17:39 - 2015-07-24 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-07-22 17:39 - 2015-07-14 15:45 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2016-07-22 17:39 - 2015-07-12 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\NordVPN
2016-07-22 17:39 - 2015-07-11 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-07-22 17:39 - 2015-07-11 10:21 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-22 17:39 - 2015-07-11 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-22 17:39 - 2015-07-10 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-07-22 17:39 - 2015-07-10 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-22 17:39 - 2015-07-10 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2016-07-22 17:39 - 2015-07-10 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-22 17:39 - 2015-07-10 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-07-22 17:39 - 2015-07-10 14:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-07-22 17:39 - 2014-11-22 10:22 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-07-22 17:39 - 2014-11-22 10:22 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-07-22 17:39 - 2014-11-22 10:22 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-07-22 17:39 - 2014-11-13 09:25 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-07-22 17:39 - 2014-11-13 09:21 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-07-22 17:39 - 2014-11-13 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-22 17:39 - 2013-08-23 01:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\spool
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\InputMethod
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\Help
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\FileManager
2016-07-22 17:39 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-22 17:39 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-07-22 17:39 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Default.migrated
2016-07-22 17:39 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-22 17:39 - 2013-08-22 23:25 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-22 17:38 - 2015-07-10 13:20 - 00000000 ____D C:\Users\Tom\AppData\Local\Packages
2016-07-22 17:38 - 2013-08-23 01:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-22 17:36 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-07-22 17:10 - 2016-01-18 18:53 - 00000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2016-07-22 16:20 - 2015-07-10 20:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-22 16:20 - 2013-08-23 01:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-22 16:19 - 2015-07-10 20:04 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TS3Client
2016-07-22 11:19 - 2015-08-23 19:05 - 00000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2016-07-21 18:28 - 2016-06-09 21:18 - 00007616 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2016-07-21 17:00 - 2015-09-08 12:10 - 00000000 ____D C:\Users\Tom\.oracle_jre_usage
2016-07-14 19:42 - 2016-01-01 09:14 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-14 19:05 - 2015-07-29 16:51 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 19:05 - 2015-07-29 16:51 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 12:14 - 2015-07-11 10:16 - 00000000 ____D C:\Users\Tom\Documents\My Games
2016-07-11 11:13 - 2015-10-03 09:03 - 00003518 _____ C:\WINDOWS\System32\Tasks\FileAdvisorCheck
2016-07-10 09:29 - 2016-05-15 14:49 - 00017920 ___SH C:\Users\Tom\Desktop\Thumbs.db
2016-07-07 12:27 - 2015-07-10 18:45 - 00000000 ____D C:\Users\Tom\Desktop\Game Shortcuts
2016-07-05 18:55 - 2015-07-11 10:15 - 00000000 ____D C:\Users\Tom\Documents\Job stuff
2016-06-30 08:44 - 2016-05-25 21:24 - 03828968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET34D7.tmp
2016-06-30 08:44 - 2016-05-25 21:24 - 03387080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SET4469.tmp
2016-06-29 20:27 - 2016-04-14 15:54 - 00506895 _____ C:\Users\Tom\Documents\updated loan SS.ods
2016-06-26 21:30 - 2015-07-29 10:49 - 00000000 ____D C:\Users\Tom\AppData\Roaming\MPC-HC
2016-06-26 20:51 - 2016-01-21 10:35 - 00000963 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2016-06-25 10:37 - 2015-07-15 20:07 - 00000000 ____D C:\ProgramData\Stardock
2016-06-24 21:20 - 2016-04-15 16:38 - 00000000 ____D C:\Users\Tom\AppData\Local\OurDarkerPurpose
2016-06-24 13:08 - 2015-11-05 09:17 - 00000000 ____D C:\Program Files\PeerBlock
2016-06-24 12:25 - 2016-03-17 20:49 - 00000000 ____D C:\Users\Tom\AppData\Local\PrivaZer
2016-06-24 11:12 - 2015-07-12 12:57 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Skype
2016-06-24 10:11 - 2015-07-12 12:57 - 00000000 ____D C:\ProgramData\Skype
2016-06-24 07:39 - 2014-11-13 09:21 - 00001414 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-06-23 10:11 - 2015-10-20 13:26 - 00000000 ____D C:\Users\Tom\AppData\Local\ElevatedDiagnostics
2016-06-23 09:19 - 2014-11-13 09:26 - 00000000 ____D C:\Program Files (x86)\Creative
2016-06-22 21:36 - 2015-07-10 20:34 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-06-09 21:18 - 2016-07-21 18:28 - 0007616 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2015-11-22 09:48 - 2015-11-22 09:48 - 0000127 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-22 17:34

==================== End of FRST.txt ============================


Edited by Funnytom, 22 July 2016 - 03:15 AM.


#3 Funnytom

Funnytom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 22 July 2016 - 03:16 AM

Apologies for all of the posts here; here are the contents of the Addition.txt file. 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by Tom (2016-07-22 18:03:09)
Running from C:\Users\Tom\Downloads
Windows 8.1 (Update) (X64) (2016-07-22 07:47:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3256585615-2926279296-1792539217-500 - Administrator - Disabled)
Guest (S-1-5-21-3256585615-2926279296-1792539217-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3256585615-2926279296-1792539217-1007 - Limited - Enabled)
Tom (S-1-5-21-3256585615-2926279296-1792539217-1001 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version:  - )
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version:  - Arcen Games, LLC)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
Alien Breed 2: Assault (HKLM-x32\...\Steam App 22650) (Version:  - Team17 Software Ltd.)
Alien Breed 3: Descent (HKLM-x32\...\Steam App 22670) (Version:  - Team17 Software Ltd.)
Alien Breed: Impact (HKLM-x32\...\Steam App 22610) (Version:  - Team17 Software Ltd. )
Angels Fall First (HKLM\...\Steam App 367270) (Version:  - Strangely Interactive Ltd)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashes of the Singularity (Beta) (HKLM-x32\...\Steam App 228880) (Version:  - Oxide Games)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Barony - Cursed Edition (HKLM-x32\...\1797331296_is1) (Version: 2.0.0.2 - GOG.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefleet Gothic: Armada (HKLM\...\Steam App 363680) (Version:  - Tindalos Interactive)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broforce (HKLM-x32\...\Steam App 274190) (Version:  - Free Lives)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version:  - Double Fine Productions)
calibre 64bit (HKLM\...\{A80512D3-A72D-4DAF-B7DF-3804F9FAB1CE}) (Version: 2.44.1 - Kovid Goyal)
Carmageddon: Reincarnation (HKLM-x32\...\Steam App 249380) (Version:  - Stainless Games Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
ComicRack v0.9.178 (HKLM\...\ComicRack) (Version: v0.9.178 - cYo Soft)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
DC Universe Online (HKLM-x32\...\Steam App 24200) (Version:  - Daybreak Games)
DC Universe Online Live (HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\DG0-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Destination Sol (HKLM-x32\...\Steam App 342980) (Version:  - Milosh Petrov)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dwarfs!? (HKLM-x32\...\Steam App 35480) (Version:  - Power of 2)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{74AB6665-AFFE-4419-BC7D-7EB3A68DE5BC}) (Version: 3.2.13.0 - Egis Technology Inc.)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Eraser 6.2.0.2969 (HKLM\...\{66AB13EA-E7D2-4CFC-9B66-8E9EE44C89EE}) (Version: 6.2.2969 - The Eraser Project)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)
File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version:  - )
Fingerprint Driver (x32 Version: 3.2.13.0 - Egis Technology Inc.) Hidden
Grim Dawn (HKLM-x32\...\Steam App 219990) (Version:  - Crate Entertainment)
Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version:  - Double Fine Productions)
Guardians of Orion (HKLM-x32\...\Steam App 407840) (Version:  - Trek Industries, Inc)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Reloaded Games)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version:  - Arkedo)
Hotkey 3.16.29 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 3.16.29 - )
Hyper Light Drifter (HKLM-x32\...\1452863689_is1) (Version: 2.0.0.2 - GOG.com)
Hyperspace Invaders II: Pixel Edition (HKLM\...\Steam App 397690) (Version:  - Entity Medialab)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ffe1e99f-18b9-4654-9d48-7cb15af8776d}) (Version: 17.15.0 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.14 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
Kingdoms of Amalur: Reckoningâ„¢ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
LUFTRAUSERS (HKLM-x32\...\Steam App 233150) (Version:  - Vlambeer)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MechWarrior Online (HKLM-x32\...\Steam App 342200) (Version:  - Piranha Games Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nihilumbra (HKLM-x32\...\Steam App 252670) (Version:  - Beautifun Games)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
ORION: Prelude (HKLM\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\DGC-PlanetSide 2) (Version: 1.0.3.191 - Daybreak Game Company)
Pony Island (HKLM\...\Steam App 405640) (Version:  - Daniel Mullins Games)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.47.0.0 - Goversoft LLC)
Quake II - Quad Damage (HKLM-x32\...\1441704824_is1) (Version: 2.0.0.3 - GOG.com)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21255 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revolution Ace (HKLM-x32\...\Steam App 274560) (Version:  - Laser Guided Games, LLC)
Ring Runner: Flight of the Sages (HKLM-x32\...\Steam App 258010) (Version:  - Triple.B.Titles)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Satellite Reign (HKLM-x32\...\Steam App 268870) (Version:  - 5 Lives Studios)
Savage Resurrection (HKLM\...\Steam App 366440) (Version:  - S2 Games, LLC)
Saviors (HKLM-x32\...\Steam App 314450) (Version:  - Sharpened Edge Studios)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skypeâ„¢ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.04 - Creative Technology Limited)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version:  - MinMax Games Ltd.)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Starpoint Gemini 2 (HKLM\...\Steam App 236150) (Version:  - Little Green Men Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steel Rain (HKLM\...\Steam App 387240) (Version:  - PolarityFlow)
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version:  - Born Ready Games Ltd.)
Sublevel Zero (HKLM-x32\...\Steam App 327880) (Version:  - Sigtrap Games)
Super Amazing Wagon Adventure (HKLM-x32\...\Steam App 250500) (Version:  - sparsevector)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Sven Co-op (HKLM-x32\...\Steam App 225840) (Version:  - Sven Co-op Team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.0 - Synaptics Incorporated)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version:  - Croteam)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
UBERMOSH (HKLM\...\Steam App 357070) (Version:  - Walter Machado)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Warhammer: End Times - Vermintide (HKLM-x32\...\Steam App 235540) (Version:  - Fatshark)
Waveform (HKLM-x32\...\Steam App 204180) (Version:  - Eden Industries)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
Windward (HKLM-x32\...\Steam App 326410) (Version:  - Tasharen Entertainment Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zombie Army Trilogy (HKLM-x32\...\Steam App 301640) (Version:  - Rebellion)
Zombie Driver (HKLM-x32\...\Steam App 31410) (Version:  - EXOR Studios)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B054632-49AA-4E0C-BE71-BE88E1BF3B3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3A2FE2D2-D6FE-4C95-A31F-0F026F6F28B9} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2014-02-24] (File Type Advisor)
Task: {77011829-84AD-46A4-8946-2E6D78CD2DA0} - System32\Tasks\{C83CB799-7D97-4C5A-A481-BD35CA092765} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=battle.net --displayname="Battle.net"
Task: {78F27432-A8AD-43EC-9ECF-63F2C2A12E16} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7A84313A-1150-4427-9A2C-8B8B10943DD6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {7B8597E1-18CB-4D51-9C03-15E1B0C8A221} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {84375347-76D7-4622-B1D4-9D6EC3F56988} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {86547E7B-51AB-4450-AAA9-BE5DE83A189B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A2DF23FB-9300-4439-9D7E-610CEEF48CF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AA68E3E0-CBFE-49A6-90DC-490E9A389610} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B329B4B6-4AF3-469B-9E34-FDA5CFFB17A3} - System32\Tasks\{E4C19CE2-1668-404F-A54B-7FDE6DDAFE7A} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.105&amp;LastError=404
Task: {B345D23F-47BC-4FBD-8A27-6C0DD93FE777} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-22] (Microsoft Corporation)
Task: {B61020BB-D1D0-42C7-AFE8-99ACAA64ABC8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {BBDBA850-2185-47B9-9A07-AD8795E8CDC9} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2016-03-17] (Goversoft LLC)
Task: {BC0E3E87-B2F7-4E17-A06F-2175D9BD826B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BE0EA503-6187-40AD-8F5E-A35E5E640CB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {C0EBC0CF-CFBD-4E69-A71E-9EC316FE34BC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C3ADCD12-A720-4572-BD0E-E410AFC42467} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-10] (Synaptics Incorporated)
Task: {CECD2CD0-2C35-45A0-9C86-D93E99E0B489} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D1D9A846-0D52-40A4-BE59-9C1339880507} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2014-11-22] (Microsoft Corporation)
Task: {DE0CC18B-FBE3-42B3-BE83-9EB2D5309517} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E3D58918-7009-4815-9EEC-2451269B2E8C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {E3F86A47-86E2-45BA-9DDD-4B94B0C9F29D} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2014-02-24] (                                                            )
Task: {E4B0F7D7-AC3A-4229-84FC-F8E1C8457242} - System32\Tasks\{077868E2-1CEF-49C7-A195-69B9BCFD9FB6} => pcalua.exe -a "D:\Games\Warlords Battlecry 3\Warlords Battlecry III Hero Selection.exe" -d "D:\Games\Warlords Battlecry 3"
Task: {E8E809D0-6A35-4BFF-97EB-0CFCFB727F76} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {FBD260B1-4D4D-44CF-91E2-23A4BDAE575B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (1).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-22 17:35 - 2016-07-11 09:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-11-13 03:40 - 2009-11-13 03:40 - 00027648 _____ () C:\WINDOWS\System32\ssy2cl6.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-02 18:57 - 2016-06-15 06:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-22 21:36 - 2016-06-15 06:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-30 19:11 - 2016-06-15 06:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-02 18:57 - 2016-06-15 06:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-11-05 10:11 - 2015-11-05 10:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-07-11 10:21 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-03-17 20:49 - 2016-03-17 20:49 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2015-08-09 04:50 - 2015-08-09 04:50 - 00404376 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-03-30 19:11 - 2016-06-15 06:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-29 21:11 - 2016-06-15 06:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-30 19:11 - 2016-06-15 06:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-30 19:11 - 2016-06-15 06:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-30 19:11 - 2016-06-15 06:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-30 19:11 - 2016-06-15 06:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-02 10:28 - 2015-07-02 10:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-02 10:28 - 2015-07-02 10:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-05-30 11:18 - 2013-01-25 11:08 - 00089600 _____ () C:\WINDOWS\SYSTEM32\CmdRtr64.DLL
2016-05-30 11:18 - 2013-01-25 11:06 - 00328704 _____ () C:\WINDOWS\SYSTEM32\APOMgr64.DLL
2015-07-10 18:49 - 2016-06-15 06:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-05 18:53 - 2016-04-30 06:10 - 00785920 _____ () D:\Games\Steam\SDL2.dll
2016-02-03 08:52 - 2015-07-04 02:12 - 04962816 _____ () D:\Games\Steam\v8.dll
2016-07-09 17:44 - 2016-07-09 11:06 - 02317904 _____ () D:\Games\Steam\video.dll
2016-02-03 08:52 - 2015-07-04 02:12 - 01556992 _____ () D:\Games\Steam\icui18n.dll
2016-02-03 08:52 - 2015-07-04 02:12 - 01187840 _____ () D:\Games\Steam\icuuc.dll
2016-03-09 17:48 - 2016-02-09 09:14 - 02549760 _____ () D:\Games\Steam\libavcodec-56.dll
2016-03-09 17:48 - 2016-02-09 09:14 - 00491008 _____ () D:\Games\Steam\libavformat-56.dll
2016-03-09 17:48 - 2016-02-09 09:14 - 00332800 _____ () D:\Games\Steam\libavresample-2.dll
2016-03-09 17:48 - 2016-02-09 09:14 - 00442880 _____ () D:\Games\Steam\libavutil-54.dll
2016-03-09 17:48 - 2016-02-09 09:14 - 00485888 _____ () D:\Games\Steam\libswscale-3.dll
2016-07-09 17:44 - 2016-07-09 11:06 - 00829520 _____ () D:\Games\Steam\bin\chromehtml.DLL
2016-07-08 10:25 - 2016-07-07 08:00 - 00266560 _____ () D:\Games\Steam\openvr_api.dll
2016-06-23 12:34 - 2016-06-23 12:34 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-06-17 18:54 - 2016-06-15 05:14 - 49826080 _____ () D:\Games\Steam\bin\libcef.dll
2014-03-20 10:43 - 2014-03-20 10:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\123simsen.com -> www.123simsen.com

There are 7910 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2016-06-24 09:54 - 00452849 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15537 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 78.46.223.24 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "NetWorx"
HKLM\...\StartupApproved\Run32: => "Sound Blaster X-Fi MB 3"
HKLM\...\StartupApproved\Run32: => "Eraser"
HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3256585615-2926279296-1792539217-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6EA7C0C6-6A87-4A07-86E4-C63C98B56AA6}] => (Allow) D:\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{1607A370-79FE-490A-ACBF-387EAB961210}] => (Allow) D:\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F79EECD1-CB74-439E-9008-2A7E5702A7C9}] => (Allow) D:\Games\Steam\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{2CCB32DB-8C07-4AC0-AED3-09716103ECFA}] => (Allow) D:\Games\Steam\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{72DBB7CB-3F81-4E7A-BF71-967D478FA446}] => (Allow) D:\Games\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{15BAADC6-1068-43D1-87AA-90693B73CD77}] => (Allow) D:\Games\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{8DAFDCEE-7E2B-41F4-91A3-2667FDCB25EE}] => (Allow) D:\Games\Steam\steamapps\common\Angels Fall First\Binaries\Win64\AFFGame.exe
FirewallRules: [{17EC8FC2-432C-475C-9221-58410FBEAEB6}] => (Allow) D:\Games\Steam\steamapps\common\Angels Fall First\Binaries\Win64\AFFGame.exe
FirewallRules: [{66F2905D-A067-4185-A2A8-DD57BA0EEF37}] => (Allow) D:\Games\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{0640BD58-6FFC-487D-A77F-584D75A88449}] => (Allow) D:\Games\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{C4063A32-3464-4D8B-86F0-A510910B8DF6}] => (Allow) D:\Games\Steam\steamapps\common\Pony Island\PonyIsland.exe
FirewallRules: [{4143105F-4041-445B-B69A-5E644D715465}] => (Allow) D:\Games\Steam\steamapps\common\Pony Island\PonyIsland.exe
FirewallRules: [{220CA73B-2F71-487B-BD89-061F2FB58725}] => (Allow) D:\Games\Steam\steamapps\common\Angels Fall First\Binaries\AFFLift.exe
FirewallRules: [{879AB3E3-7586-4779-A8D8-A928F9147FDD}] => (Allow) D:\Games\Steam\steamapps\common\Angels Fall First\Binaries\AFFLift.exe
FirewallRules: [UDP Query User{06D607AD-7814-4AA0-886A-8003A499A419}D:\games\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{C3515AA8-DD60-4F86-829B-5C332432982A}D:\games\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [{624AF241-806E-42D4-9D3D-021C9F3A9C61}] => (Allow) D:\Games\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{F421D28F-9D5F-41D8-B4C6-4681DD6397A6}] => (Allow) D:\Games\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [UDP Query User{8B7BB8ED-56CE-4F30-88D1-1CD453F8F1D2}D:\games\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{C27B00E0-B252-4338-BAB2-E53EC4026B82}D:\games\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{1F9F5BC4-5F8D-4E81-A793-B212A5E8CD9C}D:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{63554A15-AE99-4CAB-A69A-86130AB7154C}D:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{189F818B-8F8B-462A-980A-31994C6D39CB}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{B784042B-5CB3-4A38-81E2-927AA91FFB6D}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{64916A27-0207-46A0-99F1-41DA1B75A0B4}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{B9FC548C-E377-44B1-ACEE-89DA3915EF64}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{5DEAAE01-13DA-4FE8-B054-CCA10C764C14}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{0F65FED9-1322-49DA-8966-4466D0DCCD2A}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{D2DF906B-8C0D-4CCC-B31A-5BBDB6588875}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{5C02759A-6E20-4954-AD77-8A5689E73189}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{E78B8953-4B21-4A9B-99D2-51C67C4FB1DD}] => (Allow) D:\Games\Steam\steamapps\common\KingsandHeroes\Archon\Binaries\Win64\ArchonClient-Win64-Shipping.exe
FirewallRules: [{EB7F5E85-E657-4002-86B9-E99722C13FBC}] => (Allow) D:\Games\Steam\steamapps\common\KingsandHeroes\Archon\Binaries\Win64\ArchonClient-Win64-Shipping.exe
FirewallRules: [{87FEFAA0-1AE3-4311-B9E9-FD70B069FB8B}] => (Allow) D:\Games\Steam\steamapps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{1FABEBFA-8576-4F7B-A292-CF6954338FE0}] => (Allow) D:\Games\Steam\steamapps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{A677F3CD-856F-49BD-A7B2-F9B61A552E61}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{E36D7B37-34BE-432E-A0D9-06FD438FAED7}] => (Allow) D:\Games\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{14F2B5EC-9BB7-4217-9633-1D0ABBBD4B9D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{40BE9779-12F5-4491-B5F8-D5034509DB38}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0C3627DD-0077-4F61-974D-B8B6F8B71B40}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0AFE1CD1-4CBA-4946-B7A9-38705D3F38B6}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{AC8E3D0E-2E42-4127-B009-0331FD91D833}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{468621F9-CD04-43BC-8A39-B4C34FAC00B2}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CFAA912D-1969-4119-A338-A37B00B57E3A}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{4A15C723-5094-46E6-825C-90DEF875CA18}] => (Allow) D:\Games\Steam\steamapps\common\AI War Fleet Command\AIWar.exe
FirewallRules: [{0E5596AE-354A-471C-91DA-DAF703CAC2BD}] => (Allow) D:\Games\Steam\steamapps\common\AI War Fleet Command\AIWar.exe
FirewallRules: [{273172B8-03CD-48CB-95CD-DE8078119F44}] => (Allow) D:\Games\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{BC6D4221-3ACD-4152-8800-B6F16188966C}] => (Allow) D:\Games\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{733C3E69-43DF-473C-A05F-76AA5F6C76D6}] => (Allow) D:\Games\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{A17EF2D5-8D61-4FDB-A6C7-180F014E8824}] => (Allow) D:\Games\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{15BAEE57-491D-4B12-8F0B-FB3BE57CF643}] => (Allow) D:\Games\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{77BFFD97-C256-44AC-938A-40A813047AC7}] => (Allow) D:\Games\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{C85C6E3F-B497-421A-9E99-DF01393B1DC2}] => (Allow) D:\Games\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{E9EC90EF-C33D-4677-B396-28E2C8FD39EB}] => (Allow) D:\Games\Steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{2882F2F6-0AB9-420D-895C-761535FA3DDC}] => (Allow) D:\Games\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{7BCA3DB1-99A7-49BC-8393-2DC0E6FA3AA5}] => (Allow) D:\Games\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [TCP Query User{D0A9F9AC-665B-420B-BF2B-664067E752B9}D:\games\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\games\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [UDP Query User{4D9E6590-36B6-4CCF-BD72-24C61D763EF7}D:\games\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) D:\games\steam\steamapps\common\elite dangerous\products\forc-fdev-d-1010\elitedangerous32.exe
FirewallRules: [{3BFE1C09-1244-4026-8B4B-3BE632BFFA28}] => (Allow) D:\Games\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{CE6BD7A0-DE51-4F5C-9DEF-8E5C6923472F}] => (Allow) D:\Games\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{7E943473-4627-4B67-B86D-C75BDE5DE096}] => (Allow) D:\Games\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{288CB450-FB2F-405F-9EAA-AC6F66C071CB}] => (Allow) D:\Games\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{B524FEF1-6E0A-41D4-9535-A7DACDB58C14}] => (Allow) D:\Games\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{B90E7595-18AD-4778-B9D7-69037BDCC79C}] => (Allow) D:\Games\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{B2159135-1D6B-4F90-9EF0-B1116A87D7F0}] => (Allow) D:\Games\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [{B80756C7-BB13-4EBC-BB17-BF18CB19FF8B}] => (Allow) D:\Games\Steam\steamapps\common\Destination Sol\sol.exe
FirewallRules: [TCP Query User{8608144E-9E50-4AF0-AE10-D68C5D4CF7DD}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{AB26F4F5-C159-44F8-8F2B-758C4D32D37B}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{FA9B0D6F-696E-4F86-9240-9A8614B8875F}] => (Allow) D:\Games\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{2E87BFC0-43A9-45A0-AD7B-6CE4BC8314FA}] => (Allow) D:\Games\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [TCP Query User{528A753D-D73D-416F-951A-22DB42FAB578}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F09D3754-0821-41FD-9ADE-E0C2EA3E833C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{79BEBDEF-AC96-4E8A-AAB4-863095EDD808}] => (Allow) D:\Games\Steam\steamapps\common\Zombie Driver\Release\ZombieDriver.exe
FirewallRules: [{255ABA65-F6F4-4863-8C0D-ADA6FE17FCAB}] => (Allow) D:\Games\Steam\steamapps\common\Zombie Driver\Release\ZombieDriver.exe
FirewallRules: [{4C6D0849-2B44-4167-BF92-9FBBD7801B9B}] => (Allow) D:\Games\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{A588B0BF-54A6-4E03-8055-51BB1BEC7079}] => (Allow) D:\Games\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{5C2A06C2-C56C-4FD7-8E00-6F047C12CDED}] => (Allow) D:\Games\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{794A87BF-6466-4E3B-8890-31CF5CF4B8DE}] => (Allow) D:\Games\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{C6586B64-CBD7-4F4C-A431-56B755AEB32E}] => (Allow) D:\Games\Steam\steamapps\common\Alien Breed Impact\Binaries\AlienBreed-Impact.exe
FirewallRules: [{2DE17CFA-DBA5-4044-A251-864D8ED7D238}] => (Allow) D:\Games\Steam\steamapps\common\Alien Breed 2 Assault\Binaries\AlienBreed2Assault.exe
FirewallRules: [{5E6B4E7E-8A36-434B-8B4E-19489FBDB927}] => (Allow) D:\Games\Steam\steamapps\common\Alien Breed 2 Assault\Binaries\AlienBreed2Assault.exe
FirewallRules: [{A532D9F3-1F20-4EFC-917D-0AE1CD6C4510}] => (Allow) D:\Games\Steam\steamapps\common\Alien Breed 3 Descent\Binaries\AlienBreed3Descent.exe
FirewallRules: [{036E0674-3240-4EB4-A9FC-E1B472BD68D0}] => (Allow) D:\Games\Steam\steamapps\common\Alien Breed 3 Descent\Binaries\AlienBreed3Descent.exe
FirewallRules: [{307EFA08-F069-4897-B4EC-C8999D07FFB6}] => (Allow) D:\Games\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{58A09174-F487-468A-924D-02A2715810C4}] => (Allow) D:\Games\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{7C2C619E-6295-40D6-B31D-FE02B91E48A8}] => (Allow) D:\Games\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{DCDF96E8-80CB-480F-99DB-82F1A540C8AD}] => (Allow) D:\Games\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{019B344A-8D1F-49DE-82A1-12ABCEE6A038}] => (Allow) D:\Games\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{A30193C7-CBA0-4E00-9143-8735676199BE}] => (Allow) D:\Games\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{9F193A00-CC96-4EC6-B938-6B8F869146EC}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CFAFEDF-B947-41C8-BC05-EF0421FF391D}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5532A526-327D-4228-97FD-108C7B8FF9ED}] => (Allow) D:\Games\Steam\steamapps\common\Nihilumbra\Nihilumbra.exe
FirewallRules: [{1B292F6F-EDE0-4E18-8B42-70AC516CB61D}] => (Allow) D:\Games\Steam\steamapps\common\Nihilumbra\Nihilumbra.exe
FirewallRules: [{8C3A6607-6FB9-4ECD-B4B9-E1878DB43401}] => (Allow) D:\Games\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [{78DD6FFE-47E2-4128-9A70-3537D444D1A4}] => (Allow) D:\Games\Steam\steamapps\common\Super Amazing Wagon Adventure\WagonAdventure.exe
FirewallRules: [{CF248D25-8B0B-424E-9B0C-E1AE0E199515}] => (Allow) D:\Games\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{255487FE-B73B-4C0E-961A-929F71525477}] => (Allow) D:\Games\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{3C51E4BF-3C6F-482C-BC01-90C61BC63B4C}] => (Allow) D:\Games\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{F6FAF6E8-0558-4BDF-B3B6-E54A323DB11B}] => (Allow) D:\Games\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{1F017E18-907A-4DDA-90C9-58007B0130E0}] => (Allow) D:\Games\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{BE256EDD-E436-44BA-8289-7F57A2F91E07}] => (Allow) D:\Games\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2C25C29C-F269-4FB4-9997-D8676BA9476E}] => (Allow) D:\Games\Steam\steamapps\common\Luftrausers\bin\Luftrausers.exe
FirewallRules: [{CF1EB0A8-7EC9-4983-8B65-7CF298EA4EC8}] => (Allow) D:\Games\Steam\steamapps\common\Luftrausers\bin\Luftrausers.exe
FirewallRules: [{FEF8469E-F204-4744-9961-5DA698E48D9C}] => (Allow) D:\Games\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{808C7737-9EE0-4D81-9CB9-879D19A8EDE0}] => (Allow) D:\Games\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{F49D8AFA-6621-47F2-8D2C-45E892DDDD4B}] => (Allow) D:\Games\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{D6D00C53-EFC7-4688-A704-2ED4ED8A9DB0}] => (Allow) D:\Games\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{07762F5D-A412-4310-9596-4EEFCDB20E32}] => (Allow) D:\Games\Steam\steamapps\common\Space Pirates and Zombies\SpazGame.exe
FirewallRules: [{26DAA821-6F65-4F17-9082-57C5F543764F}] => (Allow) D:\Games\Steam\steamapps\common\Space Pirates and Zombies\SpazGame.exe
FirewallRules: [TCP Query User{CDE3A12D-98C0-44A9-8214-882740BB9409}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{68E8C331-9211-455D-8C8B-375F20D22251}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{B4BB153D-F43C-435D-89F9-E744A5F9DB38}D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{F0A7C0EE-631B-4F27-A74E-F5726FC71BB9}D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{E374E428-B07F-4792-A6E9-F9F142881642}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{61AB9D8A-062F-44A6-BA40-6542F0887503}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{CDD76EF9-D71E-4446-B985-EA511C656DD5}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E1C82C72-71E2-43B9-BB53-595B7545FE58}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{4DC42A8A-182B-43DC-A7E1-D6D08CD21D66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1A477156-177E-466B-8007-538941362DFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6972640D-4E62-4FA4-9303-B3A0A293A328}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DBD5EF24-9928-41A2-8445-2B35CD13EFA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{90F287A8-1797-4B14-AD6C-4DC58EFE02BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D45F5429-5020-4E04-AD67-C20BEDEADBD0}] => (Allow) D:\Games\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{83F2CFB5-B216-4E78-9FF9-820750CB4113}] => (Allow) D:\Games\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{6EB7AF0C-A603-47DA-B1AD-3629FFF6B0CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D663553-5FA6-4B75-BA58-9502667E380E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{06A67AA9-5A62-4457-8DD0-B575BC2E1278}D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{EDED7AEB-813B-473C-801E-7A82C8AECA0C}D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [{3B9B0719-C54A-46BD-A4F9-80C07E1218D5}] => (Allow) D:\Games\Steam\steamapps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{76D63E6D-3257-4DF5-BE8D-9D3D7DDBA088}] => (Allow) D:\Games\Steam\steamapps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{A51EE70E-AF39-4CEF-92D9-62CB96280B39}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E490369B-A366-49B3-8F3E-39E6D887E4BC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{2A353E03-F3FB-4ED5-B62E-F1892AE2D1F8}D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{12442E02-090A-4C04-BC33-D138702F9402}D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [{06DD01C2-87A4-41E3-A1B1-E79094744059}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD666C73-6839-4DFB-933B-8B718E890702}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15FCD5A1-A8CD-4577-A624-1000786CB346}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46B7CB41-4A08-4675-B152-10DDA93A2375}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FEEA26F3-4A98-4EE5-B6B7-6FBBD2C9D8C7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{C65C0366-1A09-4F24-B543-D59124B8A36E}D:\games\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe
FirewallRules: [UDP Query User{1C783AE8-5D1B-40FF-AF9A-9AE5B583D478}D:\games\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\star trek online\star trek online\playtest\gameclient.exe
FirewallRules: [TCP Query User{0034F19F-998E-4C83-A75A-B11022CB803D}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{38C886DD-38E2-44A0-B5B5-10D618274A85}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{6FC2BE6F-E389-4E36-A7CD-0862E21E8506}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{60A1F437-BA8C-4C48-9C1E-24CAA06B7C78}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [{C9FD295F-F89B-4107-8588-5F9A45DDAC99}] => (Allow) D:\Games\Steam\steamapps\common\Carmageddon_Reincarnation\bin\Carmageddon_Reincarnation.exe
FirewallRules: [{3C613C19-322D-4EDE-958E-326A0E240920}] => (Allow) D:\Games\Steam\steamapps\common\Carmageddon_Reincarnation\bin\Carmageddon_Reincarnation.exe
FirewallRules: [{142D49A3-3B78-40E6-ACF4-0E050B8D7F93}] => (Allow) D:\Games\Steam\steamapps\common\Waveform\Waveform.exe
FirewallRules: [{A5B650C8-4E55-48F1-9E3B-21AE34278059}] => (Allow) D:\Games\Steam\steamapps\common\Waveform\Waveform.exe
FirewallRules: [{C40D1A83-7276-48B9-8D7F-7629F161FE59}] => (Allow) D:\Games\Steam\steamapps\common\Saviors\Saviors.exe
FirewallRules: [{06044052-CD96-48A0-B8D3-C1FA317AC011}] => (Allow) D:\Games\Steam\steamapps\common\Saviors\Saviors.exe
FirewallRules: [{B84902EA-FDBB-4EF3-9FF4-6559EF990B4C}] => (Allow) D:\Games\Steam\steamapps\common\Revolution Ace\Binaries\Win32\ShmupGame.exe
FirewallRules: [{B7E2B3F5-7296-41A6-A6E2-93D394635B1A}] => (Allow) D:\Games\Steam\steamapps\common\Revolution Ace\Binaries\Win32\ShmupGame.exe
FirewallRules: [{77C43F7F-0569-49DB-9BCE-4EE3DF040754}] => (Allow) D:\Games\Steam\steamapps\common\RingRunner\RingRunner.exe
FirewallRules: [{B1AC16B4-BDFD-48E0-B0E1-518E821B09BC}] => (Allow) D:\Games\Steam\steamapps\common\RingRunner\RingRunner.exe
FirewallRules: [{D6D24499-05C7-48A7-9FFA-4E88611B6D51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F5A8EE8-197F-4835-A80C-C16FE44956EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D9ECC11E-4F22-48F1-BFE9-C0C6D4A9A1B6}D:\games\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{27D04E21-5C28-45F5-AFED-8E50B718A7E8}D:\games\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{8AE1E302-2A98-434B-B854-BC6F44AD9403}D:\games\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{2912F342-E796-454A-B5E6-2BE874473D6A}D:\games\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{7402F639-325A-4F67-8567-CBC5D6ADDA47}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0E520EE2-418C-422F-8E56-F06BBB27E559}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{7E16A6AA-6E34-4FC0-AA54-C97FB5D8F04D}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{1E78E902-2FA7-42EB-A64A-7D57A2A98F4B}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{A6B55757-747C-40FF-BEC4-60D354A884F4}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{D19DC471-B9E0-42B8-B5CF-5425594565B7}] => (Allow) D:\Games\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [TCP Query User{B5F17829-B9BB-4A9C-890F-3154D58D2168}D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{2A022CBB-C69F-452E-926C-810B59230E6A}D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) D:\games\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{4B79565C-C648-4ABD-91D3-51EFEE95D01B}] => (Allow) D:\Games\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{C38C6C65-A43B-46BF-8E05-F9677F638D1B}] => (Allow) D:\Games\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{9A3F5802-8B5B-4E59-9762-E4CE80876205}] => (Allow) D:\Games\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [{0A39D161-CA81-4B71-A6F9-02A6AA778F0E}] => (Allow) D:\Games\Steam\steamapps\common\MechWarrior Online\Bin64\MWOClient.exe
FirewallRules: [TCP Query User{1005CCB2-A0D8-40ED-9053-172891B4C367}D:\games\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{0FD3DEF0-862D-44B6-8FDA-A84B0CAC42B7}D:\games\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{E0782C56-F36C-4172-B1D0-867CF881E5E9}D:\games\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{BC446885-3FC0-4C37-A6BB-33445F054EB9}D:\games\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{79551C54-CDB5-4DE2-9231-B3AC7408E5DE}] => (Allow) D:\Games\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{5A031F94-F1DA-468A-A130-2E90F6835FC4}] => (Allow) D:\Games\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{20DD71A5-6144-4411-90D9-598DD73C39A7}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{36523132-2101-4574-961E-3A1704CB7EEF}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D1305CD2-E6F2-49C6-B5DA-409DBAC89ECD}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{1A8B07D8-F485-4744-B635-7E0B97E91EB9}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{50F1A0C3-8C49-43CB-9CFB-99D084667A50}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{66B9086E-F24D-4CA5-9E13-DB21068BBB73}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{A5C99F24-430D-47D9-8C7F-F29BB88DD91D}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{5C2B122A-CDCC-4C04-9050-8337EE037C1A}] => (Allow) D:\Games\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{677E3CCE-2909-408B-88B4-865425295A6F}] => (Allow) D:\Games\Steam\steamapps\common\Sublevel Zero\SublevelZero.exe
FirewallRules: [{D6E5F86F-2E1E-4DA9-8914-3EB86326FA6B}] => (Allow) D:\Games\Steam\steamapps\common\Sublevel Zero\SublevelZero.exe
FirewallRules: [{AEC755F5-3BF5-48E9-961A-5A1EF0818BD7}] => (Allow) D:\Games\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{481A9168-3081-4EB9-AFE5-57B879D33F2B}] => (Allow) D:\Games\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{541BC16E-4515-4BCF-8035-30B6641283D8}] => (Allow) D:\Games\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{E6ED78E3-770D-4386-B748-C98836937B14}] => (Allow) D:\Games\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{50809566-C6F6-4DFA-8F67-49FA07980031}] => (Allow) D:\Games\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{04EAF769-E7A6-48BC-9D0C-B730BB063FDD}] => (Allow) D:\Games\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{DD29FE85-0EF2-4FE9-BE8B-DFEF6A6FEC88}] => (Allow) D:\Games\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [{DFF38CAC-DE7F-4EC0-9D2C-537EF16621E1}] => (Allow) D:\Games\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
FirewallRules: [TCP Query User{9CBC7CDC-31C6-445F-95E6-6D483EA43104}D:\games\planetside 2\planetside2_x64.exe] => (Allow) D:\games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{FD0976BE-6885-40AC-A69F-981949B3B9AC}D:\games\planetside 2\planetside2_x64.exe] => (Allow) D:\games\planetside 2\planetside2_x64.exe
FirewallRules: [{F6959EF5-3FF9-4339-90D6-16B5D2D0B953}] => (Allow) D:\Games\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{F5C15489-1F05-4405-897E-7C510E522669}] => (Allow) D:\Games\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{104C5182-4D82-4F2B-8A73-622752A0E290}] => (Allow) D:\Games\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{C51C118A-6F30-40B4-B59F-50E694C832B9}] => (Allow) D:\Games\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{535DB0AD-D866-402D-99B0-4DC4D73C1980}] => (Allow) D:\Games\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{0CCD8602-EE51-4874-960C-385EC7AB4CAC}] => (Allow) D:\Games\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [TCP Query User{B64FA120-D990-4D16-8219-6A374C22675D}D:\games\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{D559CB3D-4C5A-4F02-860D-6662F4239716}D:\games\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) D:\games\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{F710A83F-0A9B-4734-8674-73560E640EBB}] => (Allow) D:\Games\Steam\steamapps\common\Windward\Windward.exe
FirewallRules: [{00AF698D-A441-43A9-98C8-CCC98FA66093}] => (Allow) D:\Games\Steam\steamapps\common\Windward\Windward.exe
FirewallRules: [{2BAFAD67-8FB0-4093-B992-E2EEE6C7F4EF}] => (Allow) D:\Games\Steam\steamapps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [{573C0F9C-DCEA-4182-8F4B-85561AD7FBEF}] => (Allow) D:\Games\Steam\steamapps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [TCP Query User{DA219D08-AF59-4785-AE7D-16731DD59317}D:\games\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\games\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{53C6605E-5FDC-4CD1-B54B-EC47868D1CBA}D:\games\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\games\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{770F5770-31A6-4CB8-A483-68FEB51C81C0}] => (Allow) D:\Games\Steam\steamapps\common\Guardians of Orion\Orion.exe
FirewallRules: [{5EAFDFEF-3BE7-40B8-B538-08949E1ED86A}] => (Allow) D:\Games\Steam\steamapps\common\Guardians of Orion\Orion.exe
FirewallRules: [TCP Query User{1FAFD9CB-95E8-498F-B292-4DC5D4C8748F}D:\games\steam\steamapps\common\guardians of orion\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\guardians of orion\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{2EA72831-A480-4906-809A-955096457ACD}D:\games\steam\steamapps\common\guardians of orion\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\guardians of orion\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{FEFD5FF5-5FBF-4D99-A321-6CEA6E7EAABA}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{4092607E-C0EF-4E6D-AF5B-80DD2CA48F7A}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F9C9A6C7-D95F-4680-ADBC-0B171B189B88}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{3FC531BE-5908-41E1-9825-09D76158BC30}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2E19635A-6596-4CCC-94F2-4BE16ED7FDED}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D2FC3C67-8E78-46CB-9FBA-D9FAE726FC1B}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{72BBE0A8-3906-4B64-B3D1-92904E634AA3}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{65E3B355-5E23-4D92-814A-F3E8B9DC7F9D}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9E6AE5CB-B60B-408A-A89C-0E41C4EA2C90}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{CC2FF9AA-8B82-4DD7-85FD-B43640479B29}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AC325E90-88EC-42DC-BC1E-F9281BBBA7D3}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{823DAD60-1596-431B-9CCA-28F3562E6B1F}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{F8FAFC44-8D5A-49BF-BD19-D3433112A508}] => (Allow) D:\Games\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{18F84ECC-EE12-4F31-B279-83D5E280B928}] => (Allow) D:\Games\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6B5C0425-089F-4BDB-A186-61132DE2901F}] => (Allow) D:\Games\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{627AC84E-FFA4-43E2-BDEE-3ADBA1019ABD}] => (Allow) D:\Games\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{9FD1ADB3-158F-4497-83CA-90D865A078F8}] => (Allow) D:\Games\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{C4231440-5521-477D-B552-48A008542104}] => (Allow) D:\Games\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{81A0F2FD-5552-46CC-A7B9-2EB9C3BEDF90}] => (Allow) D:\Games\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{308EAC61-7D7A-4FFB-AB89-FFB99138554A}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{4EE99F6B-1913-474E-8988-3D975B2F77F6}] => (Allow) D:\Games\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe
FirewallRules: [{168EDD61-2EC0-4786-985F-603C86DE2E00}] => (Allow) D:\Games\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe
FirewallRules: [{0E2F037D-1568-497A-9689-D7DBC0D3FD9F}] => (Allow) D:\Games\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe
FirewallRules: [{6DC6AC3E-0CC2-4623-8E4F-D012C0874FBE}] => (Allow) D:\Games\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe
FirewallRules: [{FB5F44BD-96EB-4BC6-ACA6-5A44609B359B}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{A4C6FB34-765F-4D3A-AB12-BA9BF6ED45EF}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{475EB3C6-E821-4A4F-B91D-0B7E60ACF317}] => (Allow) D:\Games\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{EEAC8350-F83E-4B91-9F4A-29AA7995670C}] => (Allow) D:\Games\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{9C3B9E79-849F-4841-BF61-3612570EA2C1}] => (Allow) D:\Games\Steam\steamapps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{9AD68B13-5DD7-482E-92E9-27F96E6318BE}] => (Allow) D:\Games\Steam\steamapps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{11C93B23-EFC8-4949-B163-888E0AEC1ABC}] => (Allow) D:\Games\Steam\steamapps\common\HIIIPE\HIIIPE.exe
FirewallRules: [{4C90C530-4A2C-4E76-9A55-8EA98BFBEF9A}] => (Allow) D:\Games\Steam\steamapps\common\HIIIPE\HIIIPE.exe
FirewallRules: [{BDB790FC-E428-422E-ADA6-587C0DABB384}] => (Allow) D:\Games\Steam\steamapps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{5D5E3E72-BFBD-46EB-B3F0-1B069CD16D0A}] => (Allow) D:\Games\Steam\steamapps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [TCP Query User{BB105F29-163D-4E0C-9310-C3AA2AABFD24}D:\games\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4BF35E19-69BE-4128-9A14-38293350B90E}D:\games\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{05A96A03-62C5-4D51-9D2A-65E223D1F2E0}] => (Allow) D:\Games\Steam\steamapps\common\STEELRAIN\STEELRAIN.exe
FirewallRules: [{2DF46D26-B50B-43C3-BADA-26171B6EAC04}] => (Allow) D:\Games\Steam\steamapps\common\STEELRAIN\STEELRAIN.exe
FirewallRules: [TCP Query User{1C3AA2E3-73C5-4B67-AF3D-DAEBC1BF180A}D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [UDP Query User{32C414AC-A6F1-4F28-9EC3-BC3A7FEA480E}D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\battlefleet gothic armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [{625CEC31-5C02-4E94-8723-D124EC852726}] => (Allow) D:\Games\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{5ED1C4D8-5B7C-45C2-8FDC-CED197B0CE5B}] => (Allow) D:\Games\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [TCP Query User{4B111214-B013-4D91-A350-0D2F66F611AE}D:\games\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\games\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{3DD4575C-6A1D-4D30-A006-8DAF80E02F2A}D:\games\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\games\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{876FA256-4110-4E22-9616-1B9AEDC6C13F}D:\games\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [UDP Query User{757DDBED-CA21-4B23-AFC3-5B883D644236}D:\games\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [{8FFC30A4-9CDF-4640-BB77-E0322980DCA8}] => (Allow) D:\Games\Steam\steamapps\common\Revolution Ace\EQLauncher.exe
FirewallRules: [{35A38EB1-DD12-4686-966E-70FEBE54AA67}] => (Allow) D:\Games\Steam\steamapps\common\Revolution Ace\EQLauncher.exe
FirewallRules: [TCP Query User{772A531F-AB67-4228-9AE2-6804796C7A8D}D:\games\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\games\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{8AD941AA-E4B0-4398-A6CA-2BAD47C9B054}D:\games\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\games\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [TCP Query User{354EC88D-E881-47F2-A193-03CA3C610D36}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{E7A10FE8-0F5F-4DF3-815E-EFAA9775EB24}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{FC09D055-F758-4A60-9B09-A19D905A8B23}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{B4BBCF00-BF3C-46DC-ABDD-8B99E8541B84}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [{4B658B9D-5FEF-4D89-B355-4569D06A0E24}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{C1C1A049-D3F2-4109-A973-07EA7CDD95A7}] => (Allow) D:\Games\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [TCP Query User{94CDB88A-20AB-4B6E-8B86-32BF3F060045}D:\games\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [UDP Query User{44267B51-48C5-44E6-846B-1FF7C447B139}D:\games\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base42932\sc2_x64.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2016 05:56:04 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (07/22/2016 05:56:03 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (07/22/2016 05:56:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (07/22/2016 05:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: javaws.exe, version: 11.91.2.14, time stamp: 0x56fe2d73
Faulting module name: USER32.dll, version: 6.3.9600.17415, time stamp: 0x5450559e
Exception code: 0xc0000142
Fault offset: 0x00000000000ec5a0
Faulting process ID: 0x1e7d0
Faulting application start time: 0xjavaws.exe0
Faulting application path: javaws.exe1
Faulting module path: javaws.exe2
Report ID: javaws.exe3
Faulting package full name: javaws.exe4
Faulting package-relative application ID: javaws.exe5

Error: (07/22/2016 05:47:24 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (5732) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (07/22/2016 05:47:23 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1548) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (07/22/2016 05:41:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./ROOT/Microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (07/22/2016 05:41:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./ROOT/Microsoft/protectionManagement namespace does not exist. The query will be ignored.

Error: (07/22/2016 05:41:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider AVWMIEVTProv attempted to register query "select * from Event_Notification" whose target class "Event_Notification" in //./ROOT/CIMV2/Applications/Avira_AntiVir namespace does not exist. The query will be ignored.

Error: (07/22/2016 05:41:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from Event_Notification" whose target class "Event_Notification" in //./ROOT/CIMV2/Applications/Avira_AntiVir namespace does not exist. The query will be ignored.


System errors:
=============
Error: (07/22/2016 05:58:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (07/22/2016 05:57:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:40:18 on ‎22/‎07/‎2016 was unexpected.

Error: (07/22/2016 05:41:55 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (07/22/2016 05:41:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/22/2016 05:41:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/22/2016 05:41:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/22/2016 05:41:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/22/2016 05:41:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/22/2016 05:41:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/22/2016 05:41:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.



CodeIntegrity:
===================================
  Date: 2016-07-22 08:45:33.408
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 30%
Total physical RAM: 8076.14 MB
Available physical RAM: 5578.13 MB
Total Virtual: 11532.14 MB
Available Virtual: 8738.78 MB

==================== Drives ================================

Drive c: (Performance mSATA) (Fixed) (Total:232.54 GB) (Free:112.65 GB) NTFS
Drive d: (Storage HDD) (Fixed) (Total:931.51 GB) (Free:79.32 GB) NTFS
Drive f: (IR5_CCSA_X64FRE_EN-GB_DV9) (Removable) (Total:14.91 GB) (Free:10.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F6981C66)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EB19E6A8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 0013A7CC)
Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:57 AM

Posted 26 July 2016 - 03:12 PM

Greetings Funnytom and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Does this look familiar to you?

IP Information for 78.46.223.24 - Germany Falkenstein Hetzner Online Ag - Virtualisierung

Please do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
2016-06-24 20:30 - 2015-09-01 01:37 - 02134528 _____ (LinGon) C:\Users\Tom\Downloads\OurDarkerPurpose+3Tr-LNG_v480.1.11.exe
2016-06-24 20:29 - 2016-06-24 20:29 - 01894042 _____ C:\Users\Tom\Downloads\ourdarkerpurposetrainer.zip
Task: {0B054632-49AA-4E0C-BE71-BE88E1BF3B3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d 
Task: {78F27432-A8AD-43EC-9ECF-63F2C2A12E16} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d 
Task: {7A84313A-1150-4427-9A2C-8B8B10943DD6} - \Microsoft\Windows\Setup\gwx\rundetector 
Task: {84375347-76D7-4622-B1D4-9D6EC3F56988} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d 
Task: {86547E7B-51AB-4450-AAA9-BE5DE83A189B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent 
Task: {A2DF23FB-9300-4439-9D7E-610CEEF48CF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d 
Task: {AA68E3E0-CBFE-49A6-90DC-490E9A389610} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d 
Task: {BC0E3E87-B2F7-4E17-A06F-2175D9BD826B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d 
Task: {C0EBC0CF-CFBD-4E69-A71E-9EC316FE34BC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess 
Task: {CECD2CD0-2C35-45A0-9C86-D93E99E0B489} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig 
Task: {DE0CC18B-FBE3-42B3-BE83-9EB2D5309517} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent 
zip: C:\WINDOWS\Minidump
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a log on the desktop called Upload.zip. Please upload the file here
===================================================

Desktop Windows Manager Event Viewer logs

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • On the left side double click Windows logs to expand it
  • Left click on Application
  • Under Actions on the right side click Filter Current Log...
  • In Event Level: check Critical and Warning
  • In Event Sources click the down arrow the check the following:

Desktop Window Manager
DesktopWindowManager-diag

  • Click the down arrow again to close the drop down list
  • Click OK
  • Click Save Filtered Log File As...
  • Save the file on your Desktop as EventVwr
  • If necessary simply click OK on the Display Information window
  • Upload the EventVwr file here
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and upload the file here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize IP Address?
  • Fixlog
  • Uploaded Minidump zip file
  • Uploaded Event Viewer file
  • Uploaded system Summary file
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:57 AM

Posted 29 July 2016 - 11:32 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Funnytom

Funnytom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 30 July 2016 - 04:04 AM

Hi Oh My!.  Please accept my apologies for not responding earlier; I had thead notifications on but still managed to miss the first reply you posted.  The requested files have been uploaded to the links provided, and here are the contents of fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Tom (2016-07-30 18:50:54) Run:1
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2016-06-24 20:30 - 2015-09-01 01:37 - 02134528 _____ (LinGon) C:\Users\Tom\Downloads\OurDarkerPurpose+3Tr-LNG_v480.1.11.exe
2016-06-24 20:29 - 2016-06-24 20:29 - 01894042 _____ C:\Users\Tom\Downloads\ourdarkerpurposetrainer.zip
Task: {0B054632-49AA-4E0C-BE71-BE88E1BF3B3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
Task: {78F27432-A8AD-43EC-9ECF-63F2C2A12E16} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d
Task: {7A84313A-1150-4427-9A2C-8B8B10943DD6} - \Microsoft\Windows\Setup\gwx\rundetector
Task: {84375347-76D7-4622-B1D4-9D6EC3F56988} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d
Task: {86547E7B-51AB-4450-AAA9-BE5DE83A189B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {A2DF23FB-9300-4439-9D7E-610CEEF48CF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d
Task: {AA68E3E0-CBFE-49A6-90DC-490E9A389610} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d
Task: {BC0E3E87-B2F7-4E17-A06F-2175D9BD826B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
Task: {C0EBC0CF-CFBD-4E69-A71E-9EC316FE34BC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {CECD2CD0-2C35-45A0-9C86-D93E99E0B489} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {DE0CC18B-FBE3-42B3-BE83-9EB2D5309517} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
zip: C:\WINDOWS\Minidump
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Tom\Downloads\OurDarkerPurpose+3Tr-LNG_v480.1.11.exe => moved successfully
C:\Users\Tom\Downloads\ourdarkerpurposetrainer.zip => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B054632-49AA-4E0C-BE71-BE88E1BF3B3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B054632-49AA-4E0C-BE71-BE88E1BF3B3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78F27432-A8AD-43EC-9ECF-63F2C2A12E16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78F27432-A8AD-43EC-9ECF-63F2C2A12E16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A84313A-1150-4427-9A2C-8B8B10943DD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A84313A-1150-4427-9A2C-8B8B10943DD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84375347-76D7-4622-B1D4-9D6EC3F56988}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84375347-76D7-4622-B1D4-9D6EC3F56988}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86547E7B-51AB-4450-AAA9-BE5DE83A189B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86547E7B-51AB-4450-AAA9-BE5DE83A189B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2DF23FB-9300-4439-9D7E-610CEEF48CF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2DF23FB-9300-4439-9D7E-610CEEF48CF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA68E3E0-CBFE-49A6-90DC-490E9A389610}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA68E3E0-CBFE-49A6-90DC-490E9A389610}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC0E3E87-B2F7-4E17-A06F-2175D9BD826B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC0E3E87-B2F7-4E17-A06F-2175D9BD826B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0EBC0CF-CFBD-4E69-A71E-9EC316FE34BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0EBC0CF-CFBD-4E69-A71E-9EC316FE34BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CECD2CD0-2C35-45A0-9C86-D93E99E0B489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CECD2CD0-2C35-45A0-9C86-D93E99E0B489}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE0CC18B-FBE3-42B3-BE83-9EB2D5309517}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE0CC18B-FBE3-42B3-BE83-9EB2D5309517}" => key removed successfully
================== Zip: ===================
"C:\WINDOWS\Minidump" -> not found
=========== Zip: End ===========


The system needed a reboot.

==== End of Fixlog 18:51:00 ====

 

I did not recognize the IP address you posted in your reply.

 

Kind regards, 

 

Funnytom



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:57 AM

Posted 30 July 2016 - 11:40 AM

Greetings and no problem on the delay. Sometimes that happens.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Tcpip\..\Interfaces\{D2B156FC-AFDF-4480-8DE9-158DB85A7E4A}: [DhcpNameServer] 78.46.223.24 162.242.211.137
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Troubleshooting Through Device Manager

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Keyboards and Mice and other pointing devices sections by clicking + sign
  • Please list all the entries located under each category
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Device information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Funnytom

Funnytom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 31 July 2016 - 04:34 AM

Here are the contents of the fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Tom (2016-07-31 19:15:05) Run:2
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Tcpip\..\Interfaces\{D2B156FC-AFDF-4480-8DE9-158DB85A7E4A}: [DhcpNameServer] 78.46.223.24 162.242.211.137
emptytemp:
*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2B156FC-AFDF-4480-8DE9-158DB85A7E4A}\\DhcpNameServer => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10680788 B
Java, Flash, Steam htmlcache => 400720435 B
Windows/system/drivers => 13979237 B
Edge => 0 B
Chrome => 104448 B
Firefox => 382683759 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 134810 B
NetworkService => 0 B
Tom => 172623334 B

RecycleBin => 176739787 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:15:17 ====

 

And the devices are as follows:

 

In Keyboards: 

HID Keyboard Device

HID Keyboard Device

Standard PS/2 Keyboard

 

In Mice:

HID-compliant mouse

HID-compliant mouse

Synaptics PS/2 Port TouchPad

 

I haven't noticed any unusual keystrokes recently either.

 

Thanks again

 

Funnytom



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:57 AM

Posted 31 July 2016 - 03:27 PM

Greetings,

Thanks for the information. Let's do this while we monitor your computer.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Edited by Oh My!, 02 August 2016 - 09:14 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Funnytom

Funnytom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 02 August 2016 - 04:19 AM

Hi again, I downloaded and ran the ESET Scanner, but unfortunately I did not realize that the program did not automatically output the scan results, and hit fix without exporting the results!  Is there any way I can recover the log file from this?  I can re-run the scan but presumably it will not find anything a second time around.  I also attempted to download screen317's Security Check from the link you provided but the link came up with the connection timing out - can you provide another link for this program?  Also, I have not noticed any more unusual behavior at the moment. 

 

Thanks

 

Funnytom



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:57 AM

Posted 02 August 2016 - 09:15 AM

No need to post the ESET log or run it again.

Please try the Security Check link again. I modified it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Funnytom

Funnytom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 03 August 2016 - 06:50 AM

Here is the log from the SecurityCheck program:

 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Java version 32-bit out of Date!
 Adobe Flash Player     22.0.0.209  
 Mozilla Firefox (47.0)
 Google Chrome (44.0.2403.155)
 Google Chrome (44.0.2403.157)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:57 AM

Posted 03 August 2016 - 08:45 AM

That looks good. Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Funnytom

Funnytom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 03 August 2016 - 04:46 PM

I haven't noticed any other keystrokes or mouse clicks so I'd say all good.  Thanks very much for your assistance.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:57 AM

Posted 03 August 2016 - 05:01 PM

Excellent, you are most welcome.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users