Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zodiac-game.info on Chrome


  • This topic is locked This topic is locked
10 replies to this topic

#1 dIRECT0R

dIRECT0R

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 August 2016 - 05:03 AM

Straight to the point: a zodiac-game.info tab keeps opening up on my Chrome browser. Would be grateful for your help getting rid of it. Nothing else seems to be wrong on the computer. I do use uTorrent but have stopped now.

 

Here's the FRST.txt:

Attached Files

  • Attached File  FRST.txt   88.81KB   5 downloads


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 25 August 2016 - 07:36 AM

Hi dIRECT0R :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

warning.gifP2P Program Warning!
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

It looks like I'm missing your Addition.txt log. Malwarebytes updated their database yesterday to include the detection of Zodiac-Game.info, so we'll run it and let it take care of it.

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
After running Malwarebytes, restart your computer. Do you still get the Zodiac-game.info pop-up?

We'll also run JRT to look for remnants (since I see that you've ran AdwCleaner already), and then grab a fresh pair of FRST logs.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
Your next reply should include:
  • Copy/pasted content of the Malwarebytes clean log;
  • Answer to my question about the Zodiac-game.info pop-up on startup;
  • Copy/pasted content of JRT.txt;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 dIRECT0R

dIRECT0R
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 August 2016 - 09:20 AM

Understood entirely, thank you very much indeed for your time. Malwarebytes clean log:

 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25-Aug-16
Scan Time: 3:28 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.25.06
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: dIRECTOR
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337152
Time Elapsed: 6 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.StartPage.USACVAR, HKU\S-1-5-21-3551307456-931010309-4015344645-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dIRECTOR, explorer.exe http://sd-steam.info, Quarantined, [d9711e31bfdb0b2b0cf774629e66c63a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
Trojan.BitCoinMiner, C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2\ISSCH\issch.exe, Delete-on-Reboot, [29214609d0cae056d2462ca4887c05fb], 
PUP.Optional.BitCoinMiner, C:\Program Files\Windows Multimedia Platform\Services and Controller app.exe, Quarantined, [dd6d3d12cfcbac8af3a3c7fe8c783ac6], 
Trojan.BitCoinMiner.MSIL, C:\Users\dIRECTOR\AppData\Local\Microsoft\setup.exe, Quarantined, [9eac78d7d3c72b0b50b932a4b252f808], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

Answer: After scanning with Malwarebytes and restarting I did not immediately encounter any popups, but upon finishing with JRT and FRST, the popup did appear once again (just as I was writing this post, in fact). I did not encounter it for some 45 minutes, whereas usually it does appear fairly quickly upon Windows startup (if that matters).

In short, its still there.

 

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64 
Ran by dIRECTOR (Administrator) on 25-Aug-16 at 16:03:02.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9A34EE14642B90CCFB814C61E978F753 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25-Aug-16 at 16:04:10.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by dIRECTOR (administrator) on PC (25-08-2016 16:06:32)
Running from C:\Users\dIRECTOR\Desktop\Security
Loaded Profiles: dIRECTOR (Available Profiles: dIRECTOR)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
() C:\Windows\System32\PnkBstrA.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-28] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-29] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-10] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [uTorrent] => C:\Users\dIRECTOR\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-12] (BitTorrent Inc.)
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [WarThunderLauncher] => D:\Games\WarThunder\launcher.exe [6081584 2016-08-05] (Gaijin Entertainment)
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [GoogleChromeAutoLaunch_9A34EE14642B90CCFB814C61E978F753] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\RunOnce: [Uninstall C:\Users\dIRECTOR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dIRECTOR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 83.139.103.3 83.139.121.8
Tcpip\..\Interfaces\{2191931d-93aa-491b-9a4e-ea4ba705fbcb}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{2191931d-93aa-491b-9a4e-ea4ba705fbcb}: [DhcpNameServer] 83.139.103.3 83.139.121.8
Tcpip\..\Interfaces\{21c5942a-52e5-4e10-8d59-6d1b26945ab8}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{4CF3D47B-138E-4EEE-B96B-7E7DB65CC7D6}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-3551307456-931010309-4015344645-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3551307456-931010309-4015344645-1002 -> {EECF470F-4198-4870-A2D9-578486BE204A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-18] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-18] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3551307456-931010309-4015344645-1002 -> hxxp://google.com/ncr
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-18] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Games\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-06-09] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3551307456-931010309-4015344645-1002: @my.com/Games -> C:\Users\dIRECTOR\AppData\Local\MyComGames\NPMyComDetector.dll [2016-04-05] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-3551307456-931010309-4015344645-1002: ubisoft.com/uplaypc -> D:\Games\Tom Clancys HAWX 2\orbitlauncher\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ncr
CHR StartupUrls: Default -> "hxxps://www.google.com/ncr"
CHR Profile: C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-08-18]
CHR Extension: (Google Docs) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-06]
CHR Extension: (YouTube) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock for Youtube™) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-05-06]
CHR Extension: (Google Search) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-05-06]
CHR Extension: (Word Online) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-05-06]
CHR Extension: (Heroes & Generals) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2016-05-06]
CHR Extension: (Google Docs Offline) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-06]
CHR Extension: (AdBlock) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2016-05-06]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2016-05-06]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2016-05-06]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2016-05-06]
CHR Extension: (SparkChess 9) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2016-05-06]
CHR Extension: (Google Maps) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-05-06]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdpnidfhfjfbafmpppcplcejgepadbo [2016-05-06]
CHR Extension: (Bing2Google) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgoehlfmhfafaiepckjikpphoklijedl [2016-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (My Chrome Theme) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-05-06]
CHR Extension: (Click&Clean App) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-08-18]
CHR Extension: (Gmail) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-24]
CHR Extension: (Enhancer for YouTube™) - C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2016-08-02]
 
Opera: 
=======
OPR StartupUrls:  "hxxp://www.viceice.com/" 
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-07-18] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [817536 2015-02-01] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-08] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-17] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-01-17] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [741056 2015-11-30] (@ByELDI) [File not signed]
S3 TunngleService; D:\Game support\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-05-11] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [101376 2016-05-11] (Advanced Micro Devices)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S3 bulkadi; C:\Windows\System32\drivers\bulkrazer_x64.sys [25088 2011-02-10] (Windows ® Codename Longhorn DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-11] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 16:04 - 2016-08-25 16:04 - 00000696 _____ C:\Users\dIRECTOR\Desktop\JRT.txt
2016-08-25 16:04 - 2016-08-25 16:04 - 00000000 ____D C:\Users\dIRECTOR\Desktop\JRT
2016-08-25 16:04 - 2016-08-25 16:04 - 00000000 _____ C:\Users\dIRECTOR\Desktop\JRT (2).txt
2016-08-25 16:00 - 2016-08-25 16:00 - 00000000 ___HD C:\OneDriveTemp
2016-08-25 15:58 - 2016-08-25 15:59 - 00001620 _____ C:\Users\dIRECTOR\Desktop\Malwarebytes.txt
2016-08-25 15:58 - 2016-08-25 15:58 - 00000000 ____D C:\Users\dIRECTOR\Desktop\Malwarebytes
2016-08-25 15:26 - 2016-08-25 15:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-25 15:26 - 2016-08-25 15:26 - 00001174 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-25 15:26 - 2016-08-25 15:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-25 15:26 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-25 15:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-25 15:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-25 11:27 - 2016-08-25 16:06 - 00000000 ____D C:\FRST
2016-08-25 10:28 - 2016-08-25 10:28 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\valsghlu.sys
2016-08-25 10:20 - 2016-08-25 10:24 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-08-25 10:20 - 2016-08-25 10:20 - 00000728 _____ C:\Users\dIRECTOR\Desktop\Fallout 4.lnk
2016-08-25 09:23 - 2016-08-25 09:23 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\Ethash
2016-08-25 09:19 - 2015-10-20 10:16 - 00000146 _____ C:\Users\dIRECTOR\Desktop\Windows Defender.lnk
2016-08-25 08:44 - 2016-08-25 08:44 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thief 1 HD
2016-08-25 00:45 - 2016-08-25 09:03 - 00001256 _____ C:\Users\dIRECTOR\Desktop\Thief.lnk
2016-08-24 17:51 - 2016-08-25 09:45 - 00000000 ____D C:\Users\dIRECTOR\Desktop\New folder
2016-08-24 17:25 - 2016-08-24 17:25 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf32.dll
2016-08-24 17:25 - 2016-08-24 17:25 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf16.dll
2016-08-24 17:25 - 2016-08-24 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief Gold
2016-08-24 17:25 - 1998-09-02 10:28 - 01088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\danim.dll
2016-08-24 17:25 - 1998-09-02 10:28 - 00155408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRT.dll
2016-08-24 17:25 - 1998-09-02 10:28 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unam4ie.exe
2016-08-24 17:25 - 1998-09-02 10:28 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRTREND.dll
2016-08-24 17:25 - 1998-09-02 10:02 - 00194320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qcut.dll
2016-08-24 17:25 - 1998-08-27 06:51 - 00182032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft3.dll
2016-08-24 17:25 - 1998-08-20 13:02 - 00140800 _____ (The Duck Corporation) C:\WINDOWS\SysWOW64\tm20dec.ax
2016-08-24 17:25 - 1998-08-20 12:38 - 00217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\strmdll.dll
2016-08-24 17:25 - 1998-08-17 11:21 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciqtz.drv
2016-08-24 17:25 - 1998-08-17 11:21 - 00010240 _____ C:\WINDOWS\SysWOW64\vidx16.dll
2016-08-24 17:25 - 1998-08-17 11:21 - 00005672 _____ C:\WINDOWS\SysWOW64\quartz.vxd
2016-08-24 16:10 - 2016-08-24 16:11 - 00000773 _____ C:\Users\Public\Desktop\Starbound.lnk
2016-08-24 16:10 - 2016-08-24 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starbound [GOG.com]
2016-08-24 15:56 - 2016-08-24 15:56 - 00000722 _____ C:\Users\Public\Desktop\Inside.lnk
2016-08-24 15:56 - 2016-08-24 15:56 - 00000000 ____D C:\Users\dIRECTOR\AppData\LocalLow\Playdead
2016-08-24 15:22 - 2016-08-24 16:06 - 00001327 _____ C:\Users\dIRECTOR\Desktop\Blues and Bullets.lnk
2016-08-24 15:06 - 2016-08-24 15:06 - 00000000 ____D C:\Users\dIRECTOR\Desktop\BloodNBonesServer 1 - Copy
2016-08-24 13:47 - 2016-08-06 06:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-08-24 13:47 - 2016-08-06 06:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-24 13:47 - 2016-08-06 06:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-24 13:47 - 2016-08-06 05:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-08-24 13:47 - 2016-08-06 05:35 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-08-24 13:47 - 2016-08-06 05:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-08-24 13:47 - 2016-08-06 05:24 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-24 13:47 - 2016-08-06 05:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-08-24 13:46 - 2016-08-06 06:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-08-24 13:46 - 2016-08-06 06:32 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-08-24 13:46 - 2016-08-06 06:32 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-08-24 13:46 - 2016-08-06 06:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-24 13:46 - 2016-08-06 06:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-08-24 13:46 - 2016-08-06 06:30 - 07814496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-24 13:46 - 2016-08-06 06:30 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-08-24 13:46 - 2016-08-06 06:30 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-08-24 13:46 - 2016-08-06 06:30 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-08-24 13:46 - 2016-08-06 06:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-08-24 13:46 - 2016-08-06 06:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-08-24 13:46 - 2016-08-06 06:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-08-24 13:46 - 2016-08-06 06:26 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-08-24 13:46 - 2016-08-06 06:24 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-08-24 13:46 - 2016-08-06 06:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-24 13:46 - 2016-08-06 06:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-24 13:46 - 2016-08-06 06:18 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-08-24 13:46 - 2016-08-06 06:18 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-24 13:46 - 2016-08-06 06:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-24 13:46 - 2016-08-06 06:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-08-24 13:46 - 2016-08-06 06:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-08-24 13:46 - 2016-08-06 06:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-24 13:46 - 2016-08-06 06:16 - 01099104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-08-24 13:46 - 2016-08-06 06:16 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-08-24 13:46 - 2016-08-06 06:16 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-08-24 13:46 - 2016-08-06 06:16 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-08-24 13:46 - 2016-08-06 06:16 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-08-24 13:46 - 2016-08-06 06:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-24 13:46 - 2016-08-06 06:16 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-08-24 13:46 - 2016-08-06 06:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-08-24 13:46 - 2016-08-06 06:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-24 13:46 - 2016-08-06 06:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-08-24 13:46 - 2016-08-06 06:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-24 13:46 - 2016-08-06 06:08 - 02537816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-08-24 13:46 - 2016-08-06 06:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-24 13:46 - 2016-08-06 06:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-24 13:46 - 2016-08-06 06:08 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-08-24 13:46 - 2016-08-06 06:08 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-24 13:46 - 2016-08-06 06:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-08-24 13:46 - 2016-08-06 06:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-24 13:46 - 2016-08-06 06:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-08-24 13:46 - 2016-08-06 06:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-24 13:46 - 2016-08-06 06:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-08-24 13:46 - 2016-08-06 06:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-08-24 13:46 - 2016-08-06 06:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-24 13:46 - 2016-08-06 05:50 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-24 13:46 - 2016-08-06 05:49 - 22570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-24 13:46 - 2016-08-06 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-24 13:46 - 2016-08-06 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-08-24 13:46 - 2016-08-06 05:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-08-24 13:46 - 2016-08-06 05:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-08-24 13:46 - 2016-08-06 05:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-08-24 13:46 - 2016-08-06 05:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-24 13:46 - 2016-08-06 05:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-24 13:46 - 2016-08-06 05:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-08-24 13:46 - 2016-08-06 05:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-08-24 13:46 - 2016-08-06 05:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-08-24 13:46 - 2016-08-06 05:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-08-24 13:46 - 2016-08-06 05:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-08-24 13:46 - 2016-08-06 05:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-08-24 13:46 - 2016-08-06 05:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-08-24 13:46 - 2016-08-06 05:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-08-24 13:46 - 2016-08-06 05:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-08-24 13:46 - 2016-08-06 05:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-24 13:46 - 2016-08-06 05:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-08-24 13:46 - 2016-08-06 05:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-08-24 13:46 - 2016-08-06 05:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-08-24 13:46 - 2016-08-06 05:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-08-24 13:46 - 2016-08-06 05:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-08-24 13:46 - 2016-08-06 05:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-08-24 13:46 - 2016-08-06 05:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-08-24 13:46 - 2016-08-06 05:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-08-24 13:46 - 2016-08-06 05:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-08-24 13:46 - 2016-08-06 05:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-08-24 13:46 - 2016-08-06 05:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-08-24 13:46 - 2016-08-06 05:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-08-24 13:46 - 2016-08-06 05:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-08-24 13:46 - 2016-08-06 05:43 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-08-24 13:46 - 2016-08-06 05:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-24 13:46 - 2016-08-06 05:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-08-24 13:46 - 2016-08-06 05:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-24 13:46 - 2016-08-06 05:42 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-08-24 13:46 - 2016-08-06 05:42 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-08-24 13:46 - 2016-08-06 05:42 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-08-24 13:46 - 2016-08-06 05:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-08-24 13:46 - 2016-08-06 05:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-24 13:46 - 2016-08-06 05:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-24 13:46 - 2016-08-06 05:40 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-08-24 13:46 - 2016-08-06 05:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-08-24 13:46 - 2016-08-06 05:40 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-08-24 13:46 - 2016-08-06 05:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-08-24 13:46 - 2016-08-06 05:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-08-24 13:46 - 2016-08-06 05:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-08-24 13:46 - 2016-08-06 05:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-08-24 13:46 - 2016-08-06 05:39 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-24 13:46 - 2016-08-06 05:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-08-24 13:46 - 2016-08-06 05:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-24 13:46 - 2016-08-06 05:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-24 13:46 - 2016-08-06 05:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-24 13:46 - 2016-08-06 05:38 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-24 13:46 - 2016-08-06 05:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-24 13:46 - 2016-08-06 05:37 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-24 13:46 - 2016-08-06 05:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-24 13:46 - 2016-08-06 05:36 - 19422720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-24 13:46 - 2016-08-06 05:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-08-24 13:46 - 2016-08-06 05:35 - 09127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-24 13:46 - 2016-08-06 05:35 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-24 13:46 - 2016-08-06 05:34 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-24 13:46 - 2016-08-06 05:34 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-08-24 13:46 - 2016-08-06 05:34 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-08-24 13:46 - 2016-08-06 05:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-08-24 13:46 - 2016-08-06 05:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-08-24 13:46 - 2016-08-06 05:33 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-24 13:46 - 2016-08-06 05:33 - 01304576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-08-24 13:46 - 2016-08-06 05:33 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-08-24 13:46 - 2016-08-06 05:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-08-24 13:46 - 2016-08-06 05:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-08-24 13:46 - 2016-08-06 05:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-08-24 13:46 - 2016-08-06 05:32 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-08-24 13:46 - 2016-08-06 05:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-24 13:46 - 2016-08-06 05:31 - 03244032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-08-24 13:46 - 2016-08-06 05:31 - 02710528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-08-24 13:46 - 2016-08-06 05:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-08-24 13:46 - 2016-08-06 05:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-08-24 13:46 - 2016-08-06 05:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-08-24 13:46 - 2016-08-06 05:31 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-08-24 13:46 - 2016-08-06 05:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-24 13:46 - 2016-08-06 05:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-24 13:46 - 2016-08-06 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-08-24 13:46 - 2016-08-06 05:30 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-08-24 13:46 - 2016-08-06 05:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-24 13:46 - 2016-08-06 05:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-24 13:46 - 2016-08-06 05:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-08-24 13:46 - 2016-08-06 05:29 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-08-24 13:46 - 2016-08-06 05:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-08-24 13:46 - 2016-08-06 05:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-08-24 13:46 - 2016-08-06 05:28 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-08-24 13:46 - 2016-08-06 05:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-08-24 13:46 - 2016-08-06 05:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-08-24 13:46 - 2016-08-06 05:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-08-24 13:46 - 2016-08-06 05:27 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-08-24 13:46 - 2016-08-06 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-08-24 13:46 - 2016-08-06 05:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-08-24 13:46 - 2016-08-06 05:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-24 13:46 - 2016-08-06 05:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-24 13:46 - 2016-08-06 05:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-08-24 13:46 - 2016-08-06 05:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-24 13:46 - 2016-08-06 05:24 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-24 13:46 - 2016-08-06 05:24 - 02314752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-24 13:46 - 2016-08-06 05:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-24 13:46 - 2016-08-06 05:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-24 13:46 - 2016-08-06 05:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-08-24 13:46 - 2016-08-06 05:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-24 13:46 - 2016-08-06 05:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-24 13:46 - 2016-08-06 05:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-24 13:46 - 2016-08-06 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-08-24 13:46 - 2016-08-06 05:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-08-24 13:46 - 2016-08-06 05:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-08-24 13:46 - 2016-08-06 05:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-08-24 13:46 - 2016-08-06 05:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-24 13:46 - 2016-08-06 05:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-24 13:46 - 2016-08-06 05:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-24 13:46 - 2016-08-05 11:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-08-24 13:46 - 2016-08-05 11:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-24 13:46 - 2016-08-05 11:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-08-24 13:46 - 2016-08-05 11:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-08-24 13:46 - 2016-08-05 10:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-08-24 13:46 - 2016-08-05 10:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-08-24 13:46 - 2016-08-05 10:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-08-24 13:46 - 2016-08-05 10:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-08-24 13:46 - 2016-08-05 10:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-08-24 13:46 - 2016-08-05 10:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-08-24 13:46 - 2016-08-05 10:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-08-24 13:46 - 2016-08-05 10:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-08-24 13:46 - 2016-08-05 10:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-08-24 13:46 - 2016-08-05 10:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-08-24 13:46 - 2016-08-05 10:07 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-08-24 13:46 - 2016-08-05 10:07 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-08-21 17:15 - 2016-08-25 16:00 - 00000000 ____D C:\Users\dIRECTOR\AppData\LocalLow\uTorrent
2016-08-21 10:38 - 2016-08-21 10:59 - 00000000 ____D C:\Users\dIRECTOR\Desktop\BloodNBonesServer 2
2016-08-18 20:16 - 2016-08-18 20:16 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-18 15:47 - 2016-08-24 15:05 - 00000000 ____D C:\Users\dIRECTOR\Desktop\BloodNBonesServer 1
2016-08-18 15:10 - 2016-08-18 15:10 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Sun
2016-08-18 15:10 - 2016-08-18 15:10 - 00000000 ____D C:\Users\dIRECTOR\.oracle_jre_usage
2016-08-18 14:59 - 2016-08-24 11:31 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-08-18 14:59 - 2016-08-24 11:31 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-08-18 14:59 - 2016-08-18 14:59 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-08-18 14:46 - 2016-08-18 15:01 - 00000000 ____D C:\ProgramData\McAfee
2016-08-18 14:46 - 2016-08-18 14:49 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-18 14:46 - 2016-08-18 14:46 - 00003952 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-08-18 14:46 - 2016-08-18 14:46 - 00000030 _____ C:\AVScanner.ini
2016-08-18 14:35 - 2016-08-24 13:06 - 00000000 ____D C:\ProgramData\Tunngle
2016-08-18 14:35 - 2016-08-18 14:35 - 00000719 _____ C:\Users\Public\Desktop\Tunngle.lnk
2016-08-18 14:35 - 2016-04-26 15:10 - 00048824 _____ (Tunngle.net GmbH) C:\WINDOWS\system32\Drivers\tap0901t.sys
2016-08-15 10:06 - 2016-08-15 10:06 - 00001274 _____ C:\Users\dIRECTOR\Desktop\Gothic Armada.lnk
2016-08-15 02:46 - 2016-08-14 15:52 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-15 02:44 - 2016-08-19 20:44 - 00000000 ____D C:\Windows.old
2016-08-15 02:44 - 2016-08-15 02:44 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-15 02:44 - 2016-08-15 02:44 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-15 02:44 - 2016-08-15 02:44 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-15 02:44 - 2016-08-15 02:44 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-15 02:44 - 2016-08-15 02:44 - 00000000 ____D C:\Program Files\CMAK
2016-08-15 02:44 - 2016-08-15 02:44 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-15 02:44 - 2016-07-16 05:29 - 06346752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons001d.dll
2016-08-15 02:44 - 2016-07-16 05:27 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData001d.dll
2016-08-15 02:44 - 2016-07-16 05:24 - 04435968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS6.dll
2016-08-15 02:44 - 2016-07-16 04:45 - 06346752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons001d.dll
2016-08-15 02:44 - 2016-07-16 04:42 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData001d.dll
2016-08-15 02:44 - 2016-07-16 04:38 - 04384256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS6.dll
2016-08-15 02:43 - 2016-08-15 02:43 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-15 02:42 - 2016-08-15 02:42 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-15 02:42 - 2016-08-15 02:42 - 00000000 ____D C:\Program Files\MSBuild
2016-08-15 02:42 - 2016-08-15 02:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-15 02:42 - 2016-08-15 02:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-15 02:42 - 2016-05-26 00:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-15 02:42 - 2016-05-26 00:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-15 02:42 - 2016-05-26 00:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-15 02:42 - 2016-05-25 21:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-15 02:42 - 2016-05-25 21:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-15 02:42 - 2016-05-25 21:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-14 15:54 - 2016-08-14 15:54 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-14 15:52 - 2016-08-18 09:10 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\ConnectedDevicesPlatform
2016-08-14 15:52 - 2016-08-14 15:52 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-14 15:52 - 2016-08-14 15:52 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-14 15:52 - 2016-08-14 15:52 - 00000020 ___SH C:\Users\dIRECTOR\ntuser.ini
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-14 15:52 - 2016-08-14 15:52 - 00000000 ____D C:\ProgramData\USOShared
2016-08-14 15:51 - 2016-08-25 16:02 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-08-14 15:51 - 2016-08-25 16:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-14 15:51 - 2016-08-18 14:46 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-08-14 15:51 - 2016-08-14 15:51 - 00003764 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-08-14 15:51 - 2016-08-14 15:51 - 00003424 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-14 15:51 - 2016-08-14 15:51 - 00003384 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-08-14 15:51 - 2016-08-14 15:51 - 00003288 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AE46132E-FBAC-45C3-9AD1-3A42298AEFE2}
2016-08-14 15:51 - 2016-08-14 15:51 - 00003272 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1413142491
2016-08-14 15:51 - 2016-08-14 15:51 - 00003200 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-14 15:51 - 2016-08-14 15:51 - 00003162 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet
2016-08-14 15:51 - 2016-08-14 15:51 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3551307456-931010309-4015344645-1002
2016-08-14 15:51 - 2016-08-14 15:51 - 00002908 _____ C:\WINDOWS\System32\Tasks\InstallShield Update Service
2016-08-14 15:51 - 2016-08-14 15:51 - 00002764 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-dIRECT87@hotmail.com
2016-08-14 15:51 - 2016-08-14 15:51 - 00002528 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2016-08-14 15:51 - 2016-08-14 15:51 - 00002456 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3551307456-931010309-4015344645-500
2016-08-14 15:51 - 2016-08-14 15:51 - 00002386 _____ C:\WINDOWS\System32\Tasks\{C109D53C-70D8-4BA0-8938-26DF9F2A080E}
2016-08-14 15:51 - 2016-08-14 15:51 - 00002366 _____ C:\WINDOWS\System32\Tasks\{D6EF3E1B-2B0D-439B-992D-B45F478AA84B}
2016-08-14 15:51 - 2016-08-14 15:51 - 00002338 _____ C:\WINDOWS\System32\Tasks\{F41B5BE7-4452-4409-88FA-7BFFAF38A0E5}
2016-08-14 15:51 - 2016-08-14 15:51 - 00002336 _____ C:\WINDOWS\System32\Tasks\DX
2016-08-14 15:51 - 2016-08-14 15:51 - 00002316 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2016-08-14 15:51 - 2016-08-14 15:51 - 00002268 _____ C:\WINDOWS\System32\Tasks\{1B81E3C3-2C96-47E1-9772-B374257664D1}
2016-08-14 15:51 - 2016-08-14 15:51 - 00002114 _____ C:\WINDOWS\System32\Tasks\White List
2016-08-14 15:51 - 2016-08-14 15:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2016-08-14 15:51 - 2014-09-17 05:11 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-843881424-720627605-3023905475-1001
2016-08-14 15:51 - 2014-09-17 04:58 - 00002324 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-843881424-720627605-3023905475-500
2016-08-14 15:51 - 2014-09-13 04:52 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1249393018-3325297585-1563771189-500
2016-08-14 15:50 - 2016-08-14 15:50 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-14 15:50 - 2016-08-14 15:50 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-08-14 15:50 - 2016-08-14 15:50 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-14 15:50 - 2016-08-14 15:50 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-08-14 15:50 - 2016-08-14 15:50 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-14 15:48 - 2016-08-14 15:50 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-14 15:48 - 2016-07-16 13:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-14 15:47 - 2016-08-25 15:25 - 00000000 ____D C:\Users\dIRECTOR
2016-08-14 15:47 - 2016-08-21 20:30 - 00000000 ____D C:\Program Files (x86)\Razer
2016-08-14 15:47 - 2016-08-14 15:48 - 00000000 ____D C:\ProgramData\Razer
2016-08-14 15:47 - 2016-08-14 15:47 - 00000000 _SHDL C:\Users\dIRECTOR\My Documents
2016-08-14 15:47 - 2016-08-14 15:47 - 00000000 _SHDL C:\Users\dIRECTOR\Documents\My Videos
2016-08-14 15:47 - 2016-08-14 15:47 - 00000000 _SHDL C:\Users\dIRECTOR\Documents\My Pictures
2016-08-14 15:47 - 2016-08-14 15:47 - 00000000 _SHDL C:\Users\dIRECTOR\Documents\My Music
2016-08-14 15:46 - 2016-08-25 16:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-14 15:46 - 2016-08-25 15:59 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-14 15:46 - 2016-08-25 11:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-14 15:46 - 2016-08-24 11:31 - 00000000 ____D C:\Program Files\Intel
2016-08-14 15:46 - 2016-08-18 09:10 - 00338296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-14 15:46 - 2016-08-14 15:50 - 00000000 ____D C:\Program Files\AMD
2016-08-14 15:46 - 2016-08-14 15:46 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-14 15:46 - 2016-08-14 15:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-08-14 15:46 - 2016-08-14 15:46 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-14 15:46 - 2016-08-14 15:46 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-14 15:46 - 2016-08-14 15:46 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-14 15:46 - 2016-08-14 15:46 - 00000000 ____D C:\Program Files\Realtek
2016-08-14 15:46 - 2016-08-14 15:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-08-14 15:46 - 2016-08-14 15:46 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-08-13 16:30 - 2016-08-14 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2016-08-11 22:43 - 2016-08-11 22:43 - 00000858 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2016-08-11 20:38 - 2016-08-16 23:13 - 00000000 ____D C:\Users\dIRECTOR\Documents\Rise of the Tomb Raider
2016-08-11 20:38 - 2016-08-11 20:38 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Crystal Dynamics
2016-08-11 20:13 - 2016-08-11 20:13 - 00000850 _____ C:\Users\Public\Desktop\Rise of the Tomb Raider.lnk
2016-08-10 21:22 - 2016-08-10 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-09 15:43 - 2016-08-25 11:05 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\Microsoft Windows
2016-08-09 04:42 - 2016-08-09 04:42 - 00000840 _____ C:\Users\dIRECTOR\Desktop\Batman.lnk
2016-08-08 13:09 - 2016-08-08 13:09 - 00007818 _____ C:\Users\dIRECTOR\AppData\Local\recently-used.xbel
2016-08-05 12:03 - 2016-08-14 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-08-02 09:49 - 2016-08-02 09:49 - 00000000 ____D C:\ProgramData\LogiShrd
2016-08-02 09:48 - 2016-08-02 09:48 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\Logitech
2016-08-02 09:46 - 2016-08-14 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-08-02 09:46 - 2016-08-02 09:47 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2016-07-26 05:18 - 2016-07-26 05:18 - 00015816 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzStats.IPC.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 16:06 - 2015-01-23 21:22 - 00000000 ___RD C:\Users\dIRECTOR\Desktop\Security
2016-08-25 16:03 - 2016-04-12 18:35 - 01165260 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-25 16:03 - 2014-10-02 08:08 - 00000000 __RDO C:\Users\dIRECTOR\OneDrive
2016-08-25 16:02 - 2014-10-02 09:10 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\uTorrent
2016-08-25 16:00 - 2014-12-07 21:32 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Skype
2016-08-25 16:00 - 2014-10-02 08:56 - 00000000 __SHD C:\Users\dIRECTOR\IntelGraphicsProfiles
2016-08-25 15:59 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-25 15:59 - 2016-05-06 15:53 - 00000000 ____D C:\Avenger
2016-08-25 15:58 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-08-25 14:47 - 2016-04-13 17:57 - 00000795 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-08-25 14:05 - 2014-10-04 09:56 - 00000000 ___RD C:\Games
2016-08-25 11:34 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-25 09:49 - 2014-12-04 18:09 - 00001043 _____ C:\Users\dIRECTOR\Desktop\Thief II.lnk
2016-08-25 02:00 - 2014-10-07 12:47 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\Adobe
2016-08-25 00:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-25 00:00 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-24 17:39 - 2016-02-13 15:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-24 17:37 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-24 17:37 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-24 17:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-24 17:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-24 17:36 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-24 17:36 - 2014-12-08 20:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-24 17:25 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-24 17:25 - 2013-08-22 15:25 - 00000203 _____ C:\WINDOWS\win.ini
2016-08-24 15:06 - 2014-10-25 21:04 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Tunngle
2016-08-24 13:04 - 2016-02-28 21:28 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\ftblauncher
2016-08-24 11:35 - 2014-10-03 06:22 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-08-24 11:33 - 2016-04-12 19:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-24 11:33 - 2014-12-07 21:32 - 00000000 ____D C:\ProgramData\Skype
2016-08-23 16:55 - 2015-01-26 22:21 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2016-08-23 10:24 - 2016-07-25 22:56 - 00000000 ____D C:\Users\dIRECTOR\Documents\The Witcher 3
2016-08-18 20:16 - 2016-04-12 18:42 - 00002408 _____ C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 15:10 - 2015-03-09 12:31 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-08-18 15:10 - 2015-03-09 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-18 15:10 - 2014-10-07 07:11 - 00000000 ____D C:\ProgramData\Oracle
2016-08-18 15:09 - 2014-10-07 07:11 - 00000000 ____D C:\Program Files\Java
2016-08-18 14:59 - 2014-10-03 16:55 - 00000000 ____D C:\ProgramData\Intel
2016-08-18 14:49 - 2014-10-25 21:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-18 14:46 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-18 14:46 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-17 21:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-15 03:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-15 02:45 - 2016-07-16 13:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-15 02:44 - 2016-07-16 16:15 - 00000000 ____D C:\WINDOWS\OCR
2016-08-15 02:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-15 02:42 - 2016-07-16 13:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-08-15 02:42 - 2016-07-16 13:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-08-15 02:42 - 2016-07-16 13:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-08-15 02:42 - 2016-07-16 13:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-08-15 02:42 - 2016-07-16 13:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-08-14 18:04 - 2014-10-05 18:59 - 00000000 ____D C:\ProgramData\Origin
2016-08-14 16:26 - 2014-10-02 08:07 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\Packages
2016-08-14 15:52 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-14 15:52 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-14 15:52 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-14 15:52 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-14 15:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-14 15:51 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-14 15:51 - 2016-04-12 18:36 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-14 15:50 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-14 15:50 - 2016-04-30 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Banner Saga 2 [GOG.com]
2016-08-14 15:50 - 2016-04-23 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Close Combat Last Stand Arnhem
2016-08-14 15:50 - 2016-04-20 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-14 15:50 - 2016-04-14 08:32 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-08-14 15:50 - 2016-04-05 04:15 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2016-08-14 15:50 - 2016-04-05 03:33 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2016-08-14 15:50 - 2016-03-24 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardew Valley [GOG.com]
2016-08-14 15:50 - 2016-03-19 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Democracy 3 [GOG.com]
2016-08-14 15:50 - 2016-03-11 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales from the Borderlands. Complete Season
2016-08-14 15:50 - 2016-03-11 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERHOT [GOG.com]
2016-08-14 15:50 - 2016-03-09 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icewind Dale Enhanced Edition
2016-08-14 15:50 - 2016-03-09 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baldur's Gate II - Enhanced Edition [GOG.com]
2016-08-14 15:50 - 2016-03-09 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadowrun Dragonfall [GOG.com]
2016-08-14 15:50 - 2016-03-06 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadowrun Hong Kong Extended Edition [GOG.com]
2016-08-14 15:50 - 2016-03-06 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wasteland 2
2016-08-14 15:50 - 2016-03-06 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wasteland 2 - Director's Cut [GOG.com]
2016-08-14 15:50 - 2016-02-13 15:04 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-14 15:50 - 2016-01-09 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2016-08-14 15:50 - 2015-12-27 22:38 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV
2016-08-14 15:50 - 2015-12-25 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkest Hour
2016-08-14 15:50 - 2015-11-27 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-08-14 15:50 - 2015-11-13 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2016-08-14 15:50 - 2015-11-08 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2016-08-14 15:50 - 2015-10-31 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prison Architect [GOG.com]
2016-08-14 15:50 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-14 15:50 - 2015-10-26 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebel Galaxy [GOG.com]
2016-08-14 15:50 - 2015-09-25 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Phantom Pain
2016-08-14 15:50 - 2015-06-29 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-08-14 15:50 - 2015-06-11 16:56 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MOS v1.6.1
2016-08-14 15:50 - 2015-06-11 16:49 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MOS v1.50
2016-08-14 15:50 - 2015-06-05 16:40 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MOS v1.4
2016-08-14 15:50 - 2015-04-15 17:53 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV - Full v1.11.0
2016-08-14 15:50 - 2015-04-11 22:45 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXIW Texture Pack
2016-08-14 15:50 - 2015-03-05 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-08-14 15:50 - 2015-02-28 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halo Combat Evolved
2016-08-14 15:50 - 2015-02-20 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunless Sea [GOG.com]
2016-08-14 15:50 - 2015-02-20 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hand of Fate [GOG.com]
2016-08-14 15:50 - 2015-01-24 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.5
2016-08-14 15:50 - 2015-01-16 21:02 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)
2016-08-14 15:50 - 2015-01-16 20:54 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
2016-08-14 15:50 - 2015-01-06 17:51 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-08-14 15:50 - 2014-12-04 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief2
2016-08-14 15:50 - 2014-12-04 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief 2
2016-08-14 15:50 - 2014-12-03 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarthMod Empire
2016-08-14 15:50 - 2014-12-02 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarthMod Napoleon
2016-08-14 15:50 - 2014-11-28 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Advanced Warfare
2016-08-14 15:50 - 2014-11-22 08:39 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-08-14 15:50 - 2014-10-30 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien Isolation
2016-08-14 15:50 - 2014-10-19 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-08-14 15:50 - 2014-10-17 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments
2016-08-14 15:50 - 2014-10-14 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-14 15:50 - 2014-10-10 14:43 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2016-08-14 15:50 - 2014-10-07 12:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-14 15:50 - 2014-10-07 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-08-14 15:50 - 2014-10-06 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ancient Space
2016-08-14 15:50 - 2014-10-05 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV Res Publica
2016-08-14 15:50 - 2014-10-04 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-08-14 15:50 - 2014-10-04 05:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-08-14 15:50 - 2014-10-04 03:43 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-14 15:50 - 2014-10-04 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-14 15:50 - 2014-10-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls II Crown of the Ivory King
2016-08-14 15:50 - 2014-10-03 16:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-14 15:48 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-14 15:48 - 2016-04-12 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-14 15:48 - 2016-04-12 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-08-14 15:48 - 2016-03-10 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overhaul Games
2016-08-14 15:48 - 2015-12-16 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
2016-08-14 15:48 - 2015-07-01 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2016-08-14 15:48 - 2015-04-11 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
2016-08-14 15:48 - 2015-02-11 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso
2016-08-14 15:48 - 2015-01-27 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-14 15:48 - 2015-01-18 04:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-14 15:48 - 2014-12-02 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2016-08-14 15:48 - 2014-11-14 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2016-08-14 15:48 - 2014-11-13 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2016-08-14 15:48 - 2014-11-01 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2016-08-14 15:48 - 2014-11-01 00:12 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2016-08-14 15:48 - 2014-10-22 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-08-14 15:48 - 2014-10-14 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-08-14 15:48 - 2014-10-11 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Banner Saga [GOG.com]
2016-08-14 15:48 - 2014-10-06 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-14 15:48 - 2014-10-03 17:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-14 15:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-14 15:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-14 15:47 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-14 15:47 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-14 15:47 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-14 15:46 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-14 15:18 - 2014-10-02 08:11 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-14 02:18 - 2014-10-02 08:11 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-12 07:04 - 2014-10-06 12:07 - 00000000 ____D C:\Users\dIRECTOR\Documents\Electronic Arts
2016-08-11 19:54 - 2014-10-14 19:58 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-11 12:50 - 2014-10-03 00:56 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\Ubisoft Game Launcher
2016-08-11 11:42 - 2015-09-28 18:53 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\FiraxisLive
2016-08-10 21:25 - 2014-09-17 05:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 21:22 - 2014-09-17 05:12 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 15:50 - 2015-10-01 17:05 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2
2016-08-09 09:12 - 2015-05-19 03:44 - 00001422 _____ C:\Users\dIRECTOR\Desktop\The Witcher 3.lnk
2016-08-09 04:52 - 2014-10-05 15:11 - 00000000 ____D C:\Users\dIRECTOR\Documents\Telltale Games
2016-08-08 23:18 - 2014-10-02 08:12 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 23:18 - 2014-10-02 08:12 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-05 15:21 - 2014-10-02 08:10 - 00000000 ___RD C:\Users\dIRECTOR\Documents\My Games
2016-08-05 14:22 - 2015-12-08 18:59 - 00000000 ____D C:\Users\dIRECTOR\AppData\Local\AMD
2016-07-29 13:21 - 2014-10-07 15:34 - 00000000 ____D C:\Users\dIRECTOR\AppData\Roaming\inkscape
2016-07-28 16:39 - 2016-07-25 00:16 - 00000535 _____ C:\Users\Public\Desktop\Hearts of Iron IV.lnk
2016-07-27 21:25 - 2014-09-17 05:15 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-04-13 16:55 - 2016-04-13 16:55 - 0000000 _____ () C:\Program Files (x86)\ATI Technologies
2016-05-04 15:01 - 2016-05-04 15:01 - 240398848 _____ () C:\Users\dIRECTOR\AppData\Roaming\Launcher.dat
2016-05-04 15:01 - 2016-05-04 15:01 - 0000009 _____ () C:\Users\dIRECTOR\AppData\Roaming\update.dat
2016-05-04 15:02 - 2016-05-06 15:25 - 0000004 _____ () C:\Users\dIRECTOR\AppData\Roaming\Microsoft\notaut.txt
2014-10-27 20:54 - 2014-10-27 20:54 - 0000000 ___SH () C:\Users\dIRECTOR\AppData\Local\LumaEmu
2016-08-08 13:09 - 2016-08-08 13:09 - 0007818 _____ () C:\Users\dIRECTOR\AppData\Local\recently-used.xbel
2016-08-14 15:46 - 2016-08-14 15:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\dIRECTOR\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\dIRECTOR\AppData\Local\Temp\libeay32.dll
C:\Users\dIRECTOR\AppData\Local\Temp\msvcr120.dll
C:\Users\dIRECTOR\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
C:\Users\dIRECTOR\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-24 17:34
 
==================== End of FRST.txt ============================

 

 

 
 
 

Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by dIRECTOR (25-08-2016 16:06:49)
Running from C:\Users\dIRECTOR\Desktop\Security
Windows 10 Pro Version 1607 (X64) (2016-08-14 13:52:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3551307456-931010309-4015344645-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3551307456-931010309-4015344645-1006 - Limited - Enabled)
DefaultAccount (S-1-5-21-3551307456-931010309-4015344645-503 - Limited - Disabled)
dIRECTOR (S-1-5-21-3551307456-931010309-4015344645-1002 - Administrator - Enabled) => C:\Users\dIRECTOR
Guest (S-1-5-21-3551307456-931010309-4015344645-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3551307456-931010309-4015344645-1008 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Alpha Protocol» version 1.1 (HKLM-x32\...\«Alpha Protocol»_is1) (Version: 1.1 - R.G. Catalyst)
«Pillars of Eternity» 3.01.977 (HKLM-x32\...\«Pillars of Eternity»_is1) (Version: 3.01.977 - Paradox)
«Shadowrun Returns» 1.2.7 (HKLM-x32\...\«Shadowrun Returns»_is1) (Version: 1.2.7 - Harebrained Holdings)
«Total War™: SHOGUN 2» (HKLM-x32\...\«Total War™: SHOGUN 2»_is1) (Version:  - The Creative Assembly)
µTorrent (HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\uTorrent) (Version: 3.4.6.42178 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
ACP Application (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Alien Isolation, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0.0.0 - RePack by SEYTER)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ancient Space (HKLM-x32\...\Ancient Space_is1) (Version:  - )
Anno 2205 (HKLM-x32\...\Anno 2205_is1) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Armored Warfare MyCom (HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Armored Warfare MyCom) (Version: 1.78 - My.com B.V.)
Assassins Creed 4 Black Flag version 1.06.0.0 (HKLM-x32\...\Assassins Creed 4 Black Flag_is1) (Version: 1.06.0.0 - Mr DJ)
Baldur's Gate - Enhanced Edition (HKLM-x32\...\Baldur's Gate - Enhanced Edition_is1) (Version:  - )
Baldur's Gate II - Enhanced Edition (HKLM-x32\...\1207666373_is1) (Version: 2.0.0.1 - GOG.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Blues and Bullets Episode 2 (HKLM-x32\...\Blues and Bullets Episode 2_is1) (Version:  - )
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
Cataclysm (HKLM-x32\...\Cataclysm) (Version:  - )
Catalyst Control Center Next Localization BR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cities Skylines Snowfall (HKLM-x32\...\Cities Skylines Snowfall_is1) (Version:  - )
Close Combat Last Stand Arnhem (HKLM-x32\...\Close Combat Last Stand Arnhem5.60) (Version: 5.60 - Matrix Games)
Crusader Kings II version 2.5.2.0 (HKLM-x32\...\Crusader Kings II_is1) (Version: 2.5.2.0 - Mr DJ)
Crysis 3 (HKLM-x32\...\Crysis 3_is1) (Version: 1.3.0.0 - R.G. Revenants)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls II Crown of the Ivory King (HKLM-x32\...\Dark Souls II Crown of the Ivory King_is1) (Version:  - )
DARK SOULS III version final (HKLM-x32\...\DARK SOULS III_is1) (Version: final - Asaya)
Darkest Hour (HKLM-x32\...\{09D5819F-0F1A-4480-A112-B5CCA58D9773}_is1) (Version:  - Darkest Hour Team)
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0 Platinum) (Version: 8.0 Platinum - )
DarthMod Napoleon (HKLM-x32\...\DarthMod Napoleon) (Version:  - )
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Dead Rising 3 Apocalypse Edition version 1.0u2 Update 2 (HKLM-x32\...\Dead Rising 3 Apocalypse Edition_is1) (Version: 1.0u2 Update 2 - GMT-MAX.ORG)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Democracy 3 - Extremism (HKLM-x32\...\Democracy 3: Extremism_is1) (Version: 2.9.0.15 - GOG.com)
Democracy 3 - Social Engineering (HKLM-x32\...\Democracy 3: Social Engineering_is1) (Version: 2.9.0.15 - GOG.com)
Democracy 3 (HKLM-x32\...\1207659953_is1) (Version: 2.10.0.16 - GOG.com)
Deus Ex - Invisible War (HKLM-x32\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - )
Deus Ex - Invisible War Unified Texture Pack, ver. 1.0 (HKLM-x32\...\Deus Ex: Invisible War Unified Texture Pack ver.1.0) (Version:  - John P.)
Deus Ex Human Revolution (HKLM-x32\...\Deus Ex Human Revolution_is1) (Version:  - )
Diaspora version 1.0 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.0 - Diaspora Development)
Divinity Original Sin Enhanced Edition v.2.0.104.737 (HKLM-x32\...\Divinity Original Sin Enhanced Edition_is1) (Version:  - )
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Elite Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Endless Legend (HKLM-x32\...\RW5kbGVzc0xlZ2VuZA==_is1) (Version: 1 - )
Europa Universalis IV Mare Nostrum (HKLM-x32\...\Europa Universalis IV Mare Nostrum_is1) (Version:  - )
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
Fallout4 v.1.6.9.0.1 (HKLM-x32\...\Fallout4_is1) (Version:  - )
Firewatch version Firewatch (HKLM-x32\...\Firewatch_is1) (Version: Firewatch - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freespace 2 (HKLM-x32\...\Freespace 2_is1) (Version:  - GOG.com)
FTL version 1.5.13 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.5.13 - Subset Games)
Galactic Civilizations II - Ultimate Edition (HKLM-x32\...\Galactic Civilizations II - Ultimate Edition) (Version:  - Kalypso Media)
GIF Viewer (HKLM-x32\...\GIF Viewer) (Version:  - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grey Goo (HKLM-x32\...\Grey Goo_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Gunpoint Exclusive Edition 1.0 (HKLM-x32\...\Gunpoint Exclusive Edition 1.0) (Version: 1.0 - Focus Home Interactive)
Halo Combat Evolved (HKLM-x32\...\Halo Combat Evolved) (Version:  - )
Hand of Fate (HKLM-x32\...\1424100574_is1) (Version: 2.0.0.1 - GOG.com)
Hearts of Iron 4 (HKLM-x32\...\Hearts of Iron 4_is1) (Version:  - )
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Homeworld Deserts of Kharak (HKLM-x32\...\Homeworld Deserts of Kharak_is1) (Version:  - )
Homeworld Remastered Collection (HKLM-x32\...\SG9tZXdvcmxkUmVtYXN0ZXJlZENvbGxlY3Rpb24=_is1) (Version: 1 - )
Icewind Dale Enhanced Edition (HKLM-x32\...\Icewind Dale Enhanced Edition_is1) (Version:  - )
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Inside (HKLM-x32\...\{9BD4503F-F711-491D-984A-AB4ABD66B8C2}_is1) (Version:  - Playdead)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\Kerbal Space Program_is1) (Version:  - )
K-Lite Codec Pack 11.9.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.6 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)
Men of War: Assault Squad 2 (HKLM-x32\...\TWVub2ZXYXJBc3NhdWx0U3F1YWQy_is1) (Version: 1 - )
Metal Gear Solid V Phantom Pain, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Metal Gear Solid V Phantom Pain_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Metro: Last Light Redux (HKLM-x32\...\Metro: Last Light Redux_is1) (Version:  - Deep Silver)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{20DEB77C-21D6-4D22-BB47-233E47613D57}) (Version: 1.1.0322 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth - Shadow of Mordor (HKLM-x32\...\Middle-earth - Shadow of Mordor_is1) (Version: v1.2 - WB Games)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version:  - )
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
My.com Game Center (HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\MyComGames) (Version: 3.175 - My.com B.V.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Planescape Torment (HKLM-x32\...\Planescape Torment_is1) (Version:  - GOG.com)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Daybreak Games)
PlanetSide 2 (HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Prison Architect (HKLM-x32\...\1441974651_is1) (Version: 2.1.0.3 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Razer Megalodon Firmware Updater (HKLM-x32\...\{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}) (Version: 2.12.02 - Razer USA Ltd.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.810 - Razer Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM-x32\...\1435582019_is1) (Version: 2.0.0.1 - GOG.com)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shadowrun - Hong Kong - Extended Edition (HKLM-x32\...\1436866438_is1) (Version: 2.4.0.8 - GOG.com)
Shadowrun Dragonfall - Director's Cut (HKLM-x32\...\1207660913_is1) (Version: 2.0.4.6 - GOG.com)
Sherlock Holmes Crimes and Punishments (HKLM-x32\...\Sherlock Holmes Crimes and Punishments_is1) (Version:  - )
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Sid Meiers Civilization Beyond Earth version 1.1.2.4035 (HKLM-x32\...\Sid Meiers Civilization Beyond Earth_is1) (Version: 1.1.2.4035 - Mr DJ)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SOMA (HKLM-x32\...\SOMA_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.0 - Aspyr)
Starbound (HKLM-x32\...\1452598881_is1) (Version: 2.5.0.7 - GOG.com)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.3.0.5 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM-x32\...\Stellaris_is1) (Version:  - )
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.0.0.1 - GOG.com)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Tales from the Borderlands. Complete Season, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Tales from the Borderlands. Complete Season_is1) (Version: 1.0.0.0 - RePack by SEYTER)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Banner Saga 2 (HKLM-x32\...\1775067436_is1) (Version: 2.0.0.2 - GOG.com)
The Sims 4 Deluxe Edition version 1.5.139.1020 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.5.139.1020 - Mr DJ)
The Sims 4 Luxury Party Stuff DLC (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
The Walking Dead - Season 2 (HKLM-x32\...\The Walking Dead - Season 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version:  - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.0.10.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.21.0.0 - GOG.com)
Thief 2 (HKLM-x32\...\Thief2DeinstallKey) (Version:  - )
Thief 2 HD Mod 0.9.5 (HKLM-x32\...\Thief2) (Version:  - )
Thief Gold (HKLM-x32\...\ThiefGoldDeinstallKey) (Version:  - )
Thief Gold HD Mod 1.2 (HKLM-x32\...\Thief1HD) (Version:  - )
Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Third Age - Total War 3.0 (Part 1of2)) (Version:  - )
Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Third Age - Total War 3.0 (Part 2of2)) (Version:  - )
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{888DD888-82BE-4D85-BCB2-2E042CD3E844}) (Version: 1.05.157 - Ubisoft)
Tom Clancy's Splinter Cell Conviction (HKLM-x32\...\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}) (Version: 1.04.000 - Ubisoft)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Tropico 5 v.1.10 (HKLM-x32\...\Tropico 5_is1) (Version:  - )
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Verdun (HKLM\...\Steam App 242860) (Version:  - M2H)
Vulkan Run Time Libraries 1.0.11.0 (HKLM\...\VulkanRT1.0.11.0) (Version: 1.0.11.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-4) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.8.0 (HKLM\...\VulkanRT1.0.8.0) (Version: 1.0.8.0 - LunarG, Inc.)
War Thunder CDK 0.1 (HKLM-x32\...\{ed8deea4-29fe-1932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
War Thunder Launcher 1.0.1.480 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Wasteland 2 - Director's Cut (HKLM-x32\...\1444386007_is1) (Version: 2.0.0.1 - GOG.com)
Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )
Watch Dogs Deluxe Edition version 1.05.324 (HKLM-x32\...\Watch Dogs Deluxe Edition_is1) (Version: 1.05.324 - GMT-MAX.ORG)
Watch_Dogs Bad Blood DLC (HKLM-x32\...\V2F0Y2hfRG9ncw==_is1) (Version: 1 - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Wolfenstein: The New Order Update 1 (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
World of Warships (HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3551307456-931010309-4015344645-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dIRECTOR\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B258CA8-F5F4-4609-AF63-09755D34D823} - System32\Tasks\{D6EF3E1B-2B0D-439B-992D-B45F478AA84B} => pcalua.exe -a "D:\Browser downloads\d3dwindower-english\D3DWindower-English.exe" -d "D:\Browser downloads\d3dwindower-english"
Task: {1100C7BF-E652-4984-8B90-7612D11C022B} - \bthudtask -> No File <==== ATTENTION
Task: {175C467F-F623-44B3-A07A-C7183D7A6804} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-11-30] (@ByELDI)
Task: {183C2BAB-BF21-4CC3-B232-DD97BE147A38} - System32\Tasks\Opera scheduled Autoupdate 1413142491 => C:\Program Files (x86)\Opera\launcher.exe
Task: {1C3DDDA6-07A4-400D-AB21-5652E3E4FE2D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2733205C-D57D-4BC4-B233-B4A44B31268E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2D7433B0-8037-4A84-9762-FAFD0858B511} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {2DFA7079-CCE5-48A3-AE46-0A98A30F4F87} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-18] (Adobe Systems Incorporated)
Task: {342EB0BC-0201-4CA1-A311-D92C6B8FED98} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-08] ()
Task: {34F64CFE-EA57-4443-AE4D-CB0129312DE1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {396F365D-E9A4-4617-A5BC-D8D9A1115150} - System32\Tasks\White List => D:\Games\Planescape Torment\Torment.exe [2016-05-04] (Black Isle Studios)
Task: {3EF9730C-78F4-449B-9520-C30F62FE01DF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {455E9CEE-BBFF-4E2C-8273-A6F7031A3C7E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4AE55A73-EBB8-457A-9CC4-63FE9197EEC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {562C3533-50E1-4D7F-AD7C-5570520AB293} - System32\Tasks\{C109D53C-70D8-4BA0-8938-26DF9F2A080E} => pcalua.exe -a "E:\μTorrent\Microsoft Office 2013 Professional Plus\Autorun.exe" -d "E:\μTorrent\Microsoft Office 2013 Professional Plus"
Task: {5751F61C-F9DA-4373-860D-5A208DE05831} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {619B0A72-A4D3-4BB8-9B28-BD9999E4EE4E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\dIRECTOR\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {6939DC9F-78C4-47BB-96F4-EEDB8BA5B920} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6E577658-8E22-442F-89B0-E2073114AD97} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7E482C73-1574-418A-91AA-0D918C1C4F8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {7FD6A7C6-1890-4C26-A22C-76F8B05BB3BF} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3551307456-931010309-4015344645-1002 -> No File <==== ATTENTION
Task: {8A167E28-3E4A-42E1-9C5D-F7AE04E37BD8} - System32\Tasks\{F41B5BE7-4452-4409-88FA-7BFFAF38A0E5} => pcalua.exe -a "D:\Games\Close Combat Last Stand Arnhem\autorun.exe" -d "D:\Games\Close Combat Last Stand Arnhem"
Task: {8F557325-627A-41C3-8F91-FB3EFC3E906A} - \Optimize Start Menu Cache Files-S-1-5-21-3551307456-931010309-4015344645-1001 -> No File <==== ATTENTION
Task: {9CE755A2-770C-4D7C-86DE-8DCA2B697B1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9CF6CDDC-45EE-4A37-9374-8F167F5DCC14} - System32\Tasks\{1B81E3C3-2C96-47E1-9772-B374257664D1} => pcalua.exe -a "D:\Games\Freespace 2\FreeSpace2.exe" -d "D:\Games\Freespace 2"
Task: {A45C223E-3BA1-4CF5-BA2B-F32E6144FDAC} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2014-10-03] (MSfree Inc.)
Task: {AD4AA01B-68A8-4BAF-B9C3-399DCA08A8F6} - System32\Tasks\InstallShield Update Service => C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2\ISSCH\issch.exe
Task: {B973ADE5-A426-4FD3-B079-FAAE1E8D2494} - System32\Tasks\DX => hxxp://kb-ribaki.org
Task: {C00004D1-B974-4CFF-B41F-53A81F334053} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C7BD0A33-2D57-4930-954D-2E21B90A517A} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-dIRECT87@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-28] (Adobe Systems Incorporated)
Task: {CE451AD6-3693-4828-9718-AD73D9D89584} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CE535875-F26F-4662-99A2-7687D10354D0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CEA4A47C-BFBE-4EAE-B6AF-B54984BE2858} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CF5FA0F0-0D7E-40F2-B5F9-5ED00EC36D84} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E2F3E0ED-9110-44DA-B1DD-9CC7559F8B2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {F61C93ED-7BC2-4F15-B264-DE8ACAD4093E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-19] ()
Task: {F833D892-060D-48F0-91C0-6B18ACFD3FC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F9FEA238-CC43-4728-AE98-5B2EC9D76DD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FDEBD143-5392-4F1B-A1D1-5F9B2564F390} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-08-18] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\dIRECTOR\Desktop\New folder\Third Age.lnk -> D:\Games\Medieval II Total War\mods\Third_Age_3\Third Age.bat ()
Shortcut: C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)\Third Age - Total War.lnk -> D:\Games\Medieval II Total War\mods\Third_Age_3\Third Age.bat ()
Shortcut: C:\Users\dIRECTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\dIRECTOR\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-05 02:11 - 2015-11-05 02:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-12-25 14:14 - 2015-01-17 12:35 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-18 20:15 - 2016-08-18 20:15 - 01864384 _____ () C:\Users\dIRECTOR\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-06-14 12:37 - 2016-06-14 12:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-04 03:42 - 2011-03-02 21:40 - 00164864 _____ () D:\Program Files\WinRAR\rarext.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () D:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-08-14 16:25 - 2016-08-14 16:26 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-14 16:25 - 2016-08-14 16:26 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-14 16:25 - 2016-08-14 16:26 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-24 13:47 - 2016-08-06 05:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-24 13:46 - 2016-08-06 05:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-24 13:47 - 2016-08-06 05:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-24 13:47 - 2016-08-06 05:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-24 13:47 - 2016-08-06 05:21 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-08-24 13:47 - 2016-08-06 05:23 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-24 13:47 - 2016-08-06 05:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-20 20:43 - 2014-03-20 20:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-14 18:53 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-14 18:53 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\dIRECTOR\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\valsghlu.sys:changelist [1194]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2016-08-18 14:46 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\dIRECTOR\Pictures\damask-wallpaper-patterns-images (1).png
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1F0AD9D2-14ED-4E75-91B2-81949FBDB490}] => (Allow) D:\Games\ABZU\Steam\bin\steamwebhelper.exe
FirewallRules: [{D2CA02D4-A917-4FD3-ABFA-83DB2D9BCB6F}] => (Allow) D:\Games\ABZU\Steam\bin\steamwebhelper.exe
FirewallRules: [{4B960915-34D8-42AF-A073-E69C790EF958}] => (Allow) D:\Games\ABZU\Steam\Steam.exe
FirewallRules: [{F8C8FD00-0FCD-480D-967E-A3C6BBBFF23A}] => (Allow) D:\Games\ABZU\Steam\Steam.exe
FirewallRules: [{DECEB8F4-0751-4632-A142-CD69FF68AAA3}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EB5BEB7B-EC01-4F7B-9822-53DEF127B30F}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [UDP Query User{C1898BE7-F0F9-4D84-ABDA-C1C16C692392}D:\games\xcom 2\binaries\win64\xcom2.exe] => (Block) D:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{B0078139-9A06-4308-B775-2BC5652657D9}D:\games\xcom 2\binaries\win64\xcom2.exe] => (Block) D:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{02017E92-03C3-4C05-AE94-6E79FA7C17E8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{62E5402D-C3EB-4836-B2D2-85A381E75F13}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{4A4ED530-B8DE-40E4-9E44-37D10E83749B}] => (Allow) D:\Games\Total War WARHAMMER\Steam\bin\steamwebhelper.exe
FirewallRules: [{81392BC5-FEE3-41FC-B389-6FE877B8A5B8}] => (Allow) D:\Games\Total War WARHAMMER\Steam\bin\steamwebhelper.exe
FirewallRules: [{0301FD2F-766D-44F8-B39F-9DB89796990E}] => (Allow) D:\Games\Total War WARHAMMER\Steam\Steam.exe
FirewallRules: [{2C44DF53-BCA3-4688-8238-D380300290D4}] => (Allow) D:\Games\Total War WARHAMMER\Steam\Steam.exe
FirewallRules: [{793001C9-3C90-4DAC-BF8D-E941D775D7FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B0C86710-A9F0-4077-99FA-CE4714A20C25}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{EF594FA7-5E63-45A5-B513-60F980248A33}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{CD63AD83-A641-40F9-8702-185F8470E341}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{84DD9B01-82E0-4BD4-807E-697ECC3D177D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [UDP Query User{CE9EBC77-4BD7-46D6-A96F-AE2A94083549}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{42C4B1C1-4C00-4F1D-8F15-4A92C38EA9D0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{6A1F385C-A216-43BB-AF29-5358339A69EA}] => (Allow) D:\Games\Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{7E6FC3EF-1AE3-4D1C-BED1-9C17C4BDC3A8}] => (Allow) D:\Games\Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [UDP Query User{BF7779D7-9F88-43F4-BC09-C36CF1FF8FA6}D:\games\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Block) D:\games\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [TCP Query User{8D03BA5A-1424-42E8-BF13-5B915C1764E0}D:\games\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe] => (Block) D:\games\battlefleet gothic - armada\battlefleetgothic\binaries\win64\battlefleetgothic-win64-shipping.exe
FirewallRules: [{50C766CD-0FC8-4ED0-9292-3C253FF6E595}] => (Allow) D:\Games\Crusader Kings II\CK2game.exe
FirewallRules: [{09713D25-9D2F-4ABD-8B38-2C7C9C20AB3D}] => (Allow) D:\Games\Crusader Kings II\CK2game.exe
FirewallRules: [{9A8B43C4-1CFB-49A0-8C6F-AC72CC4C8C64}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D4A57DA4-0E06-44C8-B3A8-90512896FC16}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FFD53A08-0616-4CE4-A6E1-DA6BF18C1E74}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{4E7799D2-8085-441D-AF09-8A3794890BEF}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{37CAAC55-D47A-4F30-8E08-34810328A155}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{81FA0BAE-B91A-44C7-BBC0-D1AEE49C8152}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{DBE1D704-2A9D-4FA2-A6F5-9CD98C192390}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2E5CBDBC-4258-4105-904A-02BD75FC5911}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23D953ED-0A39-42ED-B2C1-40BE2A7AD1F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEB87AF5-FBA3-4A62-9988-C1CE74252062}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{026ABBFC-F6AD-49D5-833F-85CC16662C4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9591492C-2F78-4970-A0D2-1116C8DDDA7E}] => (Allow) LPort=1688
FirewallRules: [UDP Query User{780A4C02-B8CC-4601-A2CA-C8939E85160B}D:\games\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) D:\games\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [TCP Query User{E0A7844C-2F8E-43B9-98F5-91197F78C0DA}D:\games\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) D:\games\armored warfare mycom\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{81179250-6B90-421A-A4C7-C0175D6F55C0}C:\users\director\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\director\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{204829A3-B8B8-45FC-9BFD-4F47647C0F47}C:\users\director\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\director\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{529D66EB-D0B2-45BE-A548-70DCA7C5CEEB}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{930FCE14-C565-479B-9E42-80A999804263}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{C9F9518F-DC9D-4355-A536-47A9C7DEB435}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{20EC2CC5-FD09-42B7-8EFD-0CBF75967D6F}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [UDP Query User{231C6317-0A32-4EDC-8A74-BA38BE56900B}D:\games\shadowrun hong kong\srhk.exe] => (Block) D:\games\shadowrun hong kong\srhk.exe
FirewallRules: [TCP Query User{13A0611A-6E2E-4F3A-AC2D-B2C68887FEBA}D:\games\shadowrun hong kong\srhk.exe] => (Block) D:\games\shadowrun hong kong\srhk.exe
FirewallRules: [UDP Query User{85D003FB-29EE-4EB5-BE1E-2D1C84220FA5}D:\games\shadowrun dragonfall\dragonfall.exe] => (Block) D:\games\shadowrun dragonfall\dragonfall.exe
FirewallRules: [TCP Query User{B9BCB8C5-D138-4712-946C-CEF0596E60C9}D:\games\shadowrun dragonfall\dragonfall.exe] => (Block) D:\games\shadowrun dragonfall\dragonfall.exe
FirewallRules: [UDP Query User{13F1F634-C904-43F2-849B-1F5315C6DF3B}D:\games\shadowrun returns\shadowrun.exe] => (Block) D:\games\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{E50009F8-3931-4336-9871-8CEA7BEB8425}D:\games\shadowrun returns\shadowrun.exe] => (Block) D:\games\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{B6BF8886-875C-4908-A819-27398FBBD715}D:\games\divinity original sin enhanced edition\shipping\eocapp.exe] => (Block) D:\games\divinity original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{5E3ABD71-7B1F-4AC3-BEBF-10142BAC48A3}D:\games\divinity original sin enhanced edition\shipping\eocapp.exe] => (Block) D:\games\divinity original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{218B07B8-16E2-4CE0-AF21-6386456C2BB7}D:\games\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\games\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{098174C2-121F-4754-B5C0-5373925A6D74}D:\games\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\games\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{D11A1AC8-4C71-4326-9B6B-59604E26F0B7}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{90FA23B3-5E3D-44F2-AC01-0D66377CE2D1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [UDP Query User{86BEF819-9EDF-41B6-965A-209B42C48BC7}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F52FD29C-5ACA-46E9-9EF6-737C50AF3573}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{D0E42BDD-D7D5-4654-9DCE-21A676CA1F92}D:\games\firewatch\firewatch.exe] => (Block) D:\games\firewatch\firewatch.exe
FirewallRules: [TCP Query User{BC730360-4D99-4567-9442-30E0F8C4476E}D:\games\firewatch\firewatch.exe] => (Block) D:\games\firewatch\firewatch.exe
FirewallRules: [UDP Query User{073F6DA3-444F-4A86-A7F3-C8C9EB3ABCAE}D:\games\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{4F5F1231-4E0B-45D9-A964-7804AEE3EED4}D:\games\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{73295E6B-8E85-460B-AF69-9C08324C5ED6}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{6C804398-4D0A-4A66-8113-3D0F69F64F3E}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [UDP Query User{09DED00A-25B9-45CE-AAEA-18412C6A1836}D:\games\warthunder\win64\aces.exe] => (Allow) D:\games\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{EFC608FA-B6C1-41B8-B0CF-E5F855A820A6}D:\games\warthunder\win64\aces.exe] => (Allow) D:\games\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{CD9002D8-AFA6-410C-8511-BA73E390FE6B}D:\games\warthunder\win64\aces64.exe] => (Allow) D:\games\warthunder\win64\aces64.exe
FirewallRules: [TCP Query User{8863F337-7B65-45A3-A364-032CD72D38D1}D:\games\warthunder\win64\aces64.exe] => (Allow) D:\games\warthunder\win64\aces64.exe
FirewallRules: [{7598F53B-9BF9-4239-BC4C-F6440861F56E}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{88180211-4F5A-465F-8DFD-8F369AB559A9}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{B746D906-21CE-4AA4-AB63-975D93629FF5}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{651477AC-31E6-43F6-9698-7B21A12BC3D7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{8CD358B0-9617-4427-9929-62575C0EAC90}] => (Allow) D:\Games\World_of_Warships\WorldofWarships.exe
FirewallRules: [{258FBA70-D6BE-4CCD-AE92-EBBB257C233F}] => (Allow) D:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{2C1A427D-C35B-4C76-9967-B516F7157ABB}] => (Allow) D:\Games\Heroes & Generals\live\hng.exe
FirewallRules: [{525D0672-FBF0-4C0E-A7D0-0DD3B63643AD}] => (Allow) D:\Games\Heroes & Generals\live\hng.exe
FirewallRules: [UDP Query User{30B5B612-B465-4FD8-A81D-3B599C69C76E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5BE8F80C-CB2E-423C-961B-298995907F90}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1CB02AFA-928C-4CA5-BE6E-262734EAE495}D:\games\warthunder\launcher.exe] => (Allow) D:\games\warthunder\launcher.exe
FirewallRules: [TCP Query User{255EC53D-009F-4675-B65C-32E321E9C222}D:\games\warthunder\launcher.exe] => (Allow) D:\games\warthunder\launcher.exe
FirewallRules: [{70E802E9-A57C-48FC-AE74-D8DB594EAEEB}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{585A2FE4-A1F6-47FA-B0EB-96E8EF09B0D4}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{762B31ED-4137-46AB-9BD1-1F8A4AEC91A2}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9193739C-26DF-42E2-B171-C7F6124E5296}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [UDP Query User{ABB3DBF4-ECCA-4269-A592-55491DC1B0E4}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [TCP Query User{A223CD7E-944D-4DA1-A280-E0A7C0B83078}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{9ED04FEF-EBE1-44AE-89A4-D8CB7C78D45F}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{C1BEF81C-A8F5-4CD2-A56B-81DE3E75C63C}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{0FAD8FAE-69F4-4088-8A0D-1BB83FCFA5C2}] => (Allow) D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{73590E12-61BD-4D09-BA02-E0D4AC94994C}] => (Allow) D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe
FirewallRules: [{4AB3696C-BD6E-43C2-A79E-5DA92EA9F3B6}] => (Allow) D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{6968D702-B7EC-495E-9460-F1A76151E18A}] => (Allow) D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe
FirewallRules: [{CF0B0A0B-3D89-4A6F-BE73-847F9632E792}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{C42020D4-7BD9-4A49-A4A3-1AC63C23228A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{E35076D5-9AA4-44C0-8D74-374120235D51}] => (Allow) D:\Game support\Tunngle\Tunngle.exe
FirewallRules: [{41553DFE-B7CD-43FC-BEF0-854A61366BFD}] => (Allow) D:\Game support\Tunngle\Tunngle.exe
FirewallRules: [{22688398-CED8-4FBE-88F0-EADCFB7CD6FE}] => (Allow) D:\Game support\Tunngle\TnglCtrl.exe
FirewallRules: [{ECE3C6C6-33C1-487D-A0BB-BB8FF4F4F095}] => (Allow) D:\Game support\Tunngle\TnglCtrl.exe
FirewallRules: [{9F518650-F66E-48EF-B687-0B56517BA2AC}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{1DC47E35-78BD-4B96-BD01-7CEA04242038}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [UDP Query User{F9273E94-D5FC-4620-B60E-37410AC4D5DB}D:\games\warthunder\aces.exe] => (Allow) D:\games\warthunder\aces.exe
FirewallRules: [TCP Query User{240AE181-99DE-4419-98DE-8C14F44A1BC8}D:\games\warthunder\aces.exe] => (Allow) D:\games\warthunder\aces.exe
FirewallRules: [{EDB91956-31A8-4FC3-9727-7A39760F3CE5}] => (Allow) LPort=8090
FirewallRules: [{FFC4AB43-197F-46F3-A996-B4BCA2356DBE}] => (Allow) LPort=20443
FirewallRules: [{7BC960EF-A4E3-4B95-8CAB-97636995B8CE}] => (Allow) LPort=33333
FirewallRules: [{1F8EA37A-2B45-48B9-9699-D0D435C1B542}] => (Allow) LPort=6881
FirewallRules: [{9472C263-ECE8-4865-8D2E-33B7700F2ED6}] => (Allow) LPort=27022
FirewallRules: [{493F02B6-5151-4825-B563-BB4C281CA04B}] => (Allow) LPort=7853
FirewallRules: [{323502E9-AE87-4620-A7F4-B61661BBD4E9}] => (Allow) LPort=7852
FirewallRules: [{4DCD8B11-3BB4-4986-90CE-AA8A53AEFCFA}] => (Allow) LPort=7850
FirewallRules: [{05CBAA84-4291-4C9A-853E-9E7FA8AB3858}] => (Allow) LPort=3478
FirewallRules: [{165BF404-27A4-4EFC-8E8A-DC522F640806}] => (Allow) LPort=20010
FirewallRules: [{5FD2B638-AAE0-4742-A837-022B518C7782}] => (Allow) LPort=443
FirewallRules: [{271DD9D3-52C5-4A1A-8D64-CA3D275D6375}] => (Allow) LPort=80
FirewallRules: [{1DB9EAA6-20A9-4FB1-9EE8-DE9A581574D4}] => (Allow) D:\Games\WarThunder\launcher.exe
FirewallRules: [{18D87640-E324-4431-B0A2-52ACC66DF7AD}] => (Allow) D:\Games\WarThunder\launcher.exe
FirewallRules: [UDP Query User{57CDB3EE-ED3F-4DAB-ABCF-1360996719C3}D:\games\grey goo\goog.exe] => (Block) D:\games\grey goo\goog.exe
FirewallRules: [TCP Query User{1CE978A6-0849-4C6D-97E3-A9FB0888010C}D:\games\grey goo\goog.exe] => (Block) D:\games\grey goo\goog.exe
FirewallRules: [UDP Query User{8B8ED2C3-F477-4214-AEDC-7D3A1644CE27}D:\games\grey goo\instanceserverg.exe] => (Block) D:\games\grey goo\instanceserverg.exe
FirewallRules: [TCP Query User{7968A992-087D-4F1B-B999-FDAA9E3D52C5}D:\games\grey goo\instanceserverg.exe] => (Block) D:\games\grey goo\instanceserverg.exe
FirewallRules: [UDP Query User{E98E8FB3-B81F-44C1-B425-7176C057AEAE}D:\games\splinter cell chaos theory\system\splintercell3.exe] => (Block) D:\games\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [TCP Query User{5DB4BDB0-8E9D-4F0E-89BD-842407042245}D:\games\splinter cell chaos theory\system\splintercell3.exe] => (Block) D:\games\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{B7BE4747-338E-4DAF-8BD0-F29113BCE98C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6B350303-EBC2-46A1-81A7-5D9E4E630CD9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A1E157F4-6F62-470C-9053-188FCE88D72F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{56E150C0-CC1C-4716-82EC-AC77C9812D71}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{A624D1E9-4EF8-4A74-980A-2CD9A96F4BCC}D:\games\freespace 2\diaspora\fs2_open_diaspora_r1.exe] => (Block) D:\games\freespace 2\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [TCP Query User{76569963-6234-4DB0-9388-7BACC196A1F6}D:\games\freespace 2\diaspora\fs2_open_diaspora_r1.exe] => (Block) D:\games\freespace 2\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [UDP Query User{1192EBBA-68B5-44D6-952F-D2B60FD497B7}D:\games\freespace 2\fs2_open_3_7_0-debug.exe] => (Block) D:\games\freespace 2\fs2_open_3_7_0-debug.exe
FirewallRules: [TCP Query User{16B34650-829A-4D02-A9C3-A5A0C1ABE9ED}D:\games\freespace 2\fs2_open_3_7_0-debug.exe] => (Block) D:\games\freespace 2\fs2_open_3_7_0-debug.exe
FirewallRules: [UDP Query User{20739ABE-DD95-40E0-AE80-0B0F64D5B73F}D:\games\freespace 2\fs2_open_3_7_0.exe] => (Block) D:\games\freespace 2\fs2_open_3_7_0.exe
FirewallRules: [TCP Query User{F68A799E-4334-4D01-860F-3EB267D3CCCF}D:\games\freespace 2\fs2_open_3_7_0.exe] => (Block) D:\games\freespace 2\fs2_open_3_7_0.exe
FirewallRules: [UDP Query User{98CA29ED-D132-4B91-8C3F-C8B790358441}D:\games\freespace 2\fs2.exe] => (Block) D:\games\freespace 2\fs2.exe
FirewallRules: [TCP Query User{0E2BCDA6-98F0-41AB-A053-AD39EE29E438}D:\games\freespace 2\fs2.exe] => (Block) D:\games\freespace 2\fs2.exe
FirewallRules: [{75F3D95D-0265-4600-B9EC-D99CBF2DC8DC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F503FBE5-B14A-4D15-B960-647FE095E4A9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7B46BB60-6657-4C79-9910-40B13079082F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B4B56E3F-C406-4245-9E9B-FDE5D5650831}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{D6B1D5F8-3110-42A0-A10B-C62816A524B1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{33EE7CE6-41AD-489C-ACCB-F55B78FFC01A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E7F3E866-713D-4C0F-BD44-08DA4D4530BE}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{E83D4526-B716-4C52-A5C7-901F9C101297}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [UDP Query User{8203CA35-2B9D-410C-BA7B-2A01FEDDF2F4}D:\games\dawn of war\soulstorm.exe] => (Block) D:\games\dawn of war\soulstorm.exe
FirewallRules: [TCP Query User{BACCF917-3E91-4BAC-BDA9-66702B7EFE04}D:\games\dawn of war\soulstorm.exe] => (Block) D:\games\dawn of war\soulstorm.exe
FirewallRules: [{F4A95792-5EF7-42CD-B62D-961E4E9FE4B1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{4D55E345-5DBA-40DD-84B0-DDE27CA31832}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{DD47EBA7-4ECF-4BBE-B803-71076806738B}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{FCD73853-63DD-4C01-8F88-124BF74C0579}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [UDP Query User{6BA53170-FC04-4E1C-9CB3-73C92DC4F61E}D:\games\alien isolation\ai.exe] => (Block) D:\games\alien isolation\ai.exe
FirewallRules: [TCP Query User{A3247E4E-41B0-409C-9B00-5EBCB4881D28}D:\games\alien isolation\ai.exe] => (Block) D:\games\alien isolation\ai.exe
FirewallRules: [{1D5C0D63-00A4-4C91-885D-5FEE3ABD4BA0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9681CC84-8BB7-45AA-9151-C420E387DC36}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3DFE62C9-BEF9-4C73-B482-F5E97A190BAC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E2C30068-2640-45BD-B584-F7A16A275C3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E6FB68AE-6109-470A-8FF1-831B75007526}] => (Block) D:\Games\Total War Shogun 2\Shogun2.exe
FirewallRules: [{5EE9D439-0DA6-4FEC-81DF-F10F53756BDD}] => (Block) D:\Games\Total War Shogun 2\Shogun2.exe
FirewallRules: [{66AF0EFC-8C02-42A9-A736-34A0B3F7E8E1}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{DDE8EA53-C13E-4F4A-BC82-66DC8CA98731}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{880E416F-506C-4ADE-A33D-A6F0EB764D34}] => (Block) D:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{CB0EF13C-B008-4F96-97DF-071F2F95B10E}] => (Block) D:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [UDP Query User{D4A5CDFB-321B-4D25-9BA6-0AE30FD33BE2}D:\games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\games\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{50410617-2651-499A-B623-A9C46F24F88B}D:\games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\games\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{F8D47341-67B9-4147-A0BD-5381EC47A2F1}D:\games\the witcher 2\bin\witcher2.exe] => (Block) D:\games\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{97BDFEBB-334C-4C9C-B3AC-1D3A851D745B}D:\games\the witcher 2\bin\witcher2.exe] => (Block) D:\games\the witcher 2\bin\witcher2.exe
FirewallRules: [{BDAD8A68-8009-4923-B8A3-13CC5B52A52E}] => (Allow) D:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{78E07755-524F-4A46-BD36-3365C3A87001}] => (Allow) D:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{43D30E87-FD0B-4A39-A000-F4FAEFE2C5C9}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0EED54D5-B5EF-408A-8E18-8C67E3E9FEBE}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{50ACA76B-08AA-410B-B885-283775E56B58}C:\users\director\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\director\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{5AC247FA-0132-4E93-AD70-EC20567E788D}C:\users\director\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\director\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{679CA2BC-5A54-4C79-A956-BABD28D303C3}] => (Allow) C:\Users\dIRECTOR\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8726BBF-0036-4E13-9A1C-8BEEC0F956E7}] => (Allow) C:\Users\dIRECTOR\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52382D30-85A7-4973-8FEF-30E69BE56C0E}] => (Allow) C:\Users\dIRECTOR\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB1D75B9-8A6F-42A0-A9D0-C0526CC889A0}] => (Allow) C:\Users\dIRECTOR\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F922EE11-8997-401E-9BDB-B9088360E7CF}] => (Allow) C:\Users\dIRECTOR\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{641A8089-3A07-456C-84AF-AE4B8437E307}] => (Allow) C:\Users\dIRECTOR\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{05D034DB-AA40-4900-93B0-032BC6F1CB33}] => (Allow) D:\Game support\Tunngle\TnglCtrl.exe
FirewallRules: [{ECC57054-4AFE-4357-B792-D530060FF2D7}] => (Allow) D:\Game support\Tunngle\TnglCtrl.exe
FirewallRules: [{0DDA1464-F9E6-4692-930C-D7BEAB60D263}] => (Allow) D:\Game support\Tunngle\Tunngle.exe
FirewallRules: [{89A3C36C-D6FD-48A8-B93A-DD6E8627458B}] => (Allow) D:\Game support\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{E3393EA3-5ABE-4D35-A86B-5A284C7807F6}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{668D8180-D0C2-4C63-A197-68DE3E5D94D6}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{1765DEE4-51C3-45C4-84B3-143A6706F359}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{FEFCF8FE-C4E6-46B8-B28D-39A1DCF62E84}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{40BB1855-5D4E-4419-957C-3BFF6FA5DB07}D:\games\warthunder\win32\aces.exe] => (Allow) D:\games\warthunder\win32\aces.exe
FirewallRules: [UDP Query User{1BA32A01-4B6D-4F3E-AD22-FBA4EC934FB1}D:\games\warthunder\win32\aces.exe] => (Allow) D:\games\warthunder\win32\aces.exe
 
==================== Restore Points =========================
 
24-08-2016 19:51:43 Scheduled Checkpoint
25-08-2016 16:03:02 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/25/2016 04:06:28 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/25/2016 04:05:30 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/25/2016 04:04:22 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/25/2016 04:03:12 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/25/2016 04:03:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/25/2016 03:59:41 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/25/2016 11:37:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/25/2016 11:27:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.8.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 13d8
 
Start Time: 01d1feb2d5460ba3
 
Termination Time: 4294967295
 
Application Path: C:\Users\dIRECTOR\Desktop\Security\FRST64.exe
 
Report Id: 27ce1e2d-6aa6-11e6-8343-74d435b7a948
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/25/2016 09:00:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mplayer2.exe, version: 6.0.2.902, time stamp: 0x35ed5db7
Faulting module name: mplayer2.exe, version: 6.0.2.902, time stamp: 0x35ed5db7
Exception code: 0xc0000005
Fault offset: 0x000075a3
Faulting process id: 0xaa4
Faulting application start time: 0xmplayer2.exe0
Faulting application path: mplayer2.exe1
Faulting module path: mplayer2.exe2
Report Id: mplayer2.exe3
Faulting package full name: mplayer2.exe4
Faulting package-relative application ID: mplayer2.exe5
 
Error: (08/24/2016 07:51:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (08/25/2016 04:02:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/25/2016 04:00:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdDrv service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/25/2016 03:30:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/25/2016 03:25:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdDrv service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/25/2016 11:40:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/25/2016 11:37:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdDrv service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/25/2016 11:37:18 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/25/2016 11:37:18 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/25/2016 11:37:18 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/25/2016 11:37:18 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: CortanaUI.AppXn2sqjsh234msy8bk0yaj2y6fzvwv5t10.mca
 
 
CodeIntegrity:
===================================
  Date: 2016-08-25 16:02:40.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-25 16:02:40.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-25 14:57:01.224
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-25 14:57:01.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-25 14:54:58.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-25 14:54:58.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-25 11:25:16.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-25 11:25:16.219
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-24 19:52:24.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-24 19:52:24.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 30%
Total physical RAM: 8085.31 MB
Available physical RAM: 5600.18 MB
Total Virtual: 21909.31 MB
Available Virtual: 19184.5 MB
 
==================== Drives ================================
 
Drive c: (SSD) (Fixed) (Total:222.79 GB) (Free:46.67 GB) NTFS
Drive d: (Main Disk) (Fixed) (Total:1863.01 GB) (Free:191.47 GB) NTFS
Drive e: (Storage Disk) (Fixed) (Total:1863.01 GB) (Free:104.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6D93D0A2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 08DF1A2C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1C622839)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


Edited by dIRECT0R, 25 August 2016 - 09:29 AM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 25 August 2016 - 09:42 AM

Alright, there's a few things to address so we'll run a first FRST fix, and we'll also run Emsisoft Emergency Kit to look for remnants since Malwarebytes detected Bitcoin miners on your system.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [dIRECTOR] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
    HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [GoogleChromeAutoLaunch_9A34EE14642B90CCFB814C61E978F753] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
    
    FF Plugin HKU\S-1-5-21-3551307456-931010309-4015344645-1002: ubisoft.com/uplaypc -> D:\Games\Tom Clancys HAWX 2\orbitlauncher\npuplaypc.dll [No File]
    
    OPR StartupUrls:  "hxxp://www.viceice.com/" 
    
    Task: {0B258CA8-F5F4-4609-AF63-09755D34D823} - System32\Tasks\{D6EF3E1B-2B0D-439B-992D-B45F478AA84B} => pcalua.exe -a "D:\Browser downloads\d3dwindower-english\D3DWindower-English.exe" -d "D:\Browser downloads\d3dwindower-english"
    Task: {1100C7BF-E652-4984-8B90-7612D11C022B} - \bthudtask -> No File <==== ATTENTION
    Task: {1C3DDDA6-07A4-400D-AB21-5652E3E4FE2D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2733205C-D57D-4BC4-B233-B4A44B31268E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {3EF9730C-78F4-449B-9520-C30F62FE01DF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {455E9CEE-BBFF-4E2C-8273-A6F7031A3C7E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {4AE55A73-EBB8-457A-9CC4-63FE9197EEC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {562C3533-50E1-4D7F-AD7C-5570520AB293} - System32\Tasks\{C109D53C-70D8-4BA0-8938-26DF9F2A080E} => pcalua.exe -a "E:\µTorrent\Microsoft Office 2013 Professional Plus\Autorun.exe" -d "E:\µTorrent\Microsoft Office 2013 Professional Plus"
    Task: {6939DC9F-78C4-47BB-96F4-EEDB8BA5B920} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {6E577658-8E22-442F-89B0-E2073114AD97} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {7FD6A7C6-1890-4C26-A22C-76F8B05BB3BF} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3551307456-931010309-4015344645-1002 -> No File <==== ATTENTION
    Task: {8A167E28-3E4A-42E1-9C5D-F7AE04E37BD8} - System32\Tasks\{F41B5BE7-4452-4409-88FA-7BFFAF38A0E5} => pcalua.exe -a "D:\Games\Close Combat Last Stand Arnhem\autorun.exe" -d "D:\Games\Close Combat Last Stand Arnhem"
    Task: {8F557325-627A-41C3-8F91-FB3EFC3E906A} - \Optimize Start Menu Cache Files-S-1-5-21-3551307456-931010309-4015344645-1001 -> No File <==== ATTENTION
    Task: {9CE755A2-770C-4D7C-86DE-8DCA2B697B1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {AD4AA01B-68A8-4BAF-B9C3-399DCA08A8F6} - System32\Tasks\InstallShield Update Service => C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2\ISSCH\issch.exe
    Task: {B973ADE5-A426-4FD3-B079-FAAE1E8D2494} - System32\Tasks\DX => hxxp://kb-ribaki.org
    Task: {C00004D1-B974-4CFF-B41F-53A81F334053} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CE451AD6-3693-4828-9718-AD73D9D89584} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {CE535875-F26F-4662-99A2-7687D10354D0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {CEA4A47C-BFBE-4EAE-B6AF-B54984BE2858} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {CF5FA0F0-0D7E-40F2-B5F9-5ED00EC36D84} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
    Task: {F833D892-060D-48F0-91C0-6B18ACFD3FC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\valsghlu.sys:changelist [1194]
    
    C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2
    C:\Users\dIRECTOR\AppData\Roaming\Launcher.dat
    C:\Users\dIRECTOR\AppData\Roaming\update.dat
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
After running the fix, EEK and restarting your computer, do you still get the Zodiac-game.info pop-up? How's your computer running now?

Your next reply(ies) should include:
  • Copy/pasted content of the FRST fixlog.txt;
  • Copy/pasted content of EEK's clean log;
  • Answer to my question about your computer's current state;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 dIRECT0R

dIRECT0R
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 August 2016 - 12:28 PM

fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by dIRECTOR (25-08-2016 19:04:08) Run:2
Running from C:\Users\dIRECTOR\Desktop\Security
Loaded Profiles: dIRECTOR (Available Profiles: dIRECTOR)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [dIRECTOR] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\...\Run: [GoogleChromeAutoLaunch_9A34EE14642B90CCFB814C61E978F753] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
 
FF Plugin HKU\S-1-5-21-3551307456-931010309-4015344645-1002: ubisoft.com/uplaypc -> D:\Games\Tom Clancys HAWX 2\orbitlauncher\npuplaypc.dll [No File]
 
OPR StartupUrls:  "hxxp://www.viceice.com/" 
 
Task: {0B258CA8-F5F4-4609-AF63-09755D34D823} - System32\Tasks\{D6EF3E1B-2B0D-439B-992D-B45F478AA84B} => pcalua.exe -a "D:\Browser downloads\d3dwindower-english\D3DWindower-English.exe" -d "D:\Browser downloads\d3dwindower-english"
Task: {1100C7BF-E652-4984-8B90-7612D11C022B} - \bthudtask -> No File <==== ATTENTION
Task: {1C3DDDA6-07A4-400D-AB21-5652E3E4FE2D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2733205C-D57D-4BC4-B233-B4A44B31268E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3EF9730C-78F4-449B-9520-C30F62FE01DF} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {455E9CEE-BBFF-4E2C-8273-A6F7031A3C7E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4AE55A73-EBB8-457A-9CC4-63FE9197EEC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {562C3533-50E1-4D7F-AD7C-5570520AB293} - System32\Tasks\{C109D53C-70D8-4BA0-8938-26DF9F2A080E} => pcalua.exe -a "E:\µTorrent\Microsoft Office 2013 Professional Plus\Autorun.exe" -d "E:\µTorrent\Microsoft Office 2013 Professional Plus"
Task: {6939DC9F-78C4-47BB-96F4-EEDB8BA5B920} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6E577658-8E22-442F-89B0-E2073114AD97} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7FD6A7C6-1890-4C26-A22C-76F8B05BB3BF} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3551307456-931010309-4015344645-1002 -> No File <==== ATTENTION
Task: {8A167E28-3E4A-42E1-9C5D-F7AE04E37BD8} - System32\Tasks\{F41B5BE7-4452-4409-88FA-7BFFAF38A0E5} => pcalua.exe -a "D:\Games\Close Combat Last Stand Arnhem\autorun.exe" -d "D:\Games\Close Combat Last Stand Arnhem"
Task: {8F557325-627A-41C3-8F91-FB3EFC3E906A} - \Optimize Start Menu Cache Files-S-1-5-21-3551307456-931010309-4015344645-1001 -> No File <==== ATTENTION
Task: {9CE755A2-770C-4D7C-86DE-8DCA2B697B1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AD4AA01B-68A8-4BAF-B9C3-399DCA08A8F6} - System32\Tasks\InstallShield Update Service => C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2\ISSCH\issch.exe
Task: {B973ADE5-A426-4FD3-B079-FAAE1E8D2494} - System32\Tasks\DX => hxxp://kb-ribaki.org
Task: {C00004D1-B974-4CFF-B41F-53A81F334053} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CE451AD6-3693-4828-9718-AD73D9D89584} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CE535875-F26F-4662-99A2-7687D10354D0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CEA4A47C-BFBE-4EAE-B6AF-B54984BE2858} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CF5FA0F0-0D7E-40F2-B5F9-5ED00EC36D84} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {F833D892-060D-48F0-91C0-6B18ACFD3FC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\valsghlu.sys:changelist [1194]
 
C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2
C:\Users\dIRECTOR\AppData\Roaming\Launcher.dat
C:\Users\dIRECTOR\AppData\Roaming\update.dat
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\Software\Microsoft\Windows\CurrentVersion\Run\\dIRECTOR => value not found.
HKU\S-1-5-21-3551307456-931010309-4015344645-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9A34EE14642B90CCFB814C61E978F753 => value removed successfully
"HKU\S-1-5-21-3551307456-931010309-4015344645-1002\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully
D:\Games\Tom Clancys HAWX 2\orbitlauncher\npuplaypc.dll => not found.
OPR StartupUrls:  "hxxp://www.viceice.com/" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B258CA8-F5F4-4609-AF63-09755D34D823}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B258CA8-F5F4-4609-AF63-09755D34D823}" => key removed successfully
C:\WINDOWS\System32\Tasks\{D6EF3E1B-2B0D-439B-992D-B45F478AA84B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D6EF3E1B-2B0D-439B-992D-B45F478AA84B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1100C7BF-E652-4984-8B90-7612D11C022B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1100C7BF-E652-4984-8B90-7612D11C022B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bthudtask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C3DDDA6-07A4-400D-AB21-5652E3E4FE2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C3DDDA6-07A4-400D-AB21-5652E3E4FE2D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2733205C-D57D-4BC4-B233-B4A44B31268E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2733205C-D57D-4BC4-B233-B4A44B31268E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EF9730C-78F4-449B-9520-C30F62FE01DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EF9730C-78F4-449B-9520-C30F62FE01DF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{455E9CEE-BBFF-4E2C-8273-A6F7031A3C7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{455E9CEE-BBFF-4E2C-8273-A6F7031A3C7E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AE55A73-EBB8-457A-9CC4-63FE9197EEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AE55A73-EBB8-457A-9CC4-63FE9197EEC2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{562C3533-50E1-4D7F-AD7C-5570520AB293}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{562C3533-50E1-4D7F-AD7C-5570520AB293}" => key removed successfully
C:\WINDOWS\System32\Tasks\{C109D53C-70D8-4BA0-8938-26DF9F2A080E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C109D53C-70D8-4BA0-8938-26DF9F2A080E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6939DC9F-78C4-47BB-96F4-EEDB8BA5B920}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6939DC9F-78C4-47BB-96F4-EEDB8BA5B920}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E577658-8E22-442F-89B0-E2073114AD97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E577658-8E22-442F-89B0-E2073114AD97}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FD6A7C6-1890-4C26-A22C-76F8B05BB3BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FD6A7C6-1890-4C26-A22C-76F8B05BB3BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3551307456-931010309-4015344645-1002" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A167E28-3E4A-42E1-9C5D-F7AE04E37BD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A167E28-3E4A-42E1-9C5D-F7AE04E37BD8}" => key removed successfully
C:\WINDOWS\System32\Tasks\{F41B5BE7-4452-4409-88FA-7BFFAF38A0E5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F41B5BE7-4452-4409-88FA-7BFFAF38A0E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F557325-627A-41C3-8F91-FB3EFC3E906A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F557325-627A-41C3-8F91-FB3EFC3E906A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3551307456-931010309-4015344645-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CE755A2-770C-4D7C-86DE-8DCA2B697B1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CE755A2-770C-4D7C-86DE-8DCA2B697B1C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD4AA01B-68A8-4BAF-B9C3-399DCA08A8F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD4AA01B-68A8-4BAF-B9C3-399DCA08A8F6}" => key removed successfully
C:\WINDOWS\System32\Tasks\InstallShield Update Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InstallShield Update Service" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B973ADE5-A426-4FD3-B079-FAAE1E8D2494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B973ADE5-A426-4FD3-B079-FAAE1E8D2494}" => key removed successfully
C:\WINDOWS\System32\Tasks\DX => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DX" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C00004D1-B974-4CFF-B41F-53A81F334053}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C00004D1-B974-4CFF-B41F-53A81F334053}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE451AD6-3693-4828-9718-AD73D9D89584}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE451AD6-3693-4828-9718-AD73D9D89584}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE535875-F26F-4662-99A2-7687D10354D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE535875-F26F-4662-99A2-7687D10354D0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEA4A47C-BFBE-4EAE-B6AF-B54984BE2858}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEA4A47C-BFBE-4EAE-B6AF-B54984BE2858}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF5FA0F0-0D7E-40F2-B5F9-5ED00EC36D84}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF5FA0F0-0D7E-40F2-B5F9-5ED00EC36D84}" => key removed successfully
C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F833D892-060D-48F0-91C0-6B18ACFD3FC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F833D892-060D-48F0-91C0-6B18ACFD3FC5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
C:\WINDOWS\system32\Drivers\valsghlu.sys => ":changelist" ADS removed successfully.
C:\Users\dIRECTOR\AppData\Roaming\Guild Wars 2 => moved successfully
C:\Users\dIRECTOR\AppData\Roaming\Launcher.dat => moved successfully
C:\Users\dIRECTOR\AppData\Roaming\update.dat => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 259715261 B
Java, Flash, Steam htmlcache => 338117669 B
Windows/system/drivers => 1155306 B
Edge => 63300626 B
Chrome => 364692624 B
Firefox => 0 B
Opera => 401408 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -652 B
dIRECTOR => 102809436 B
 
RecycleBin => 3064055 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:04:42 ====

 

 

 
 
EEK's clean log:

Emsisoft Emergency Kit - Version 11.9
Quarantine log
 
Date Source Event Detection
25-Aug-16 7:15:03 PM C:\WINDOWS\SECOH-QAD.dll Moved to quarantine Riskware.NetTool (A)
 
 
 

 

 

Answer: I've been running the browser for an hour or so, no zodiac popup. Not discerning any difference in performance, but then I did not detect any slowdown prior either.

I'm not quite certain at the moment whether the popup is gone for good, as its appearances are irregular. So far so good, though, sincerest thanks.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 25 August 2016 - 12:44 PM

I doubt it'll comeback, since I don't see any traces of it left (there was only one task that could have called it, but it has been deleted). If you want, I can leave you till tomorrow to see if it comeback or not, and we'll go from there.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 dIRECT0R

dIRECT0R
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 August 2016 - 01:27 PM

I doubt it'll comeback, since I don't see any traces of it left (there was only one task that could have called it, but it has been deleted). If you want, I can leave you till tomorrow to see if it comeback or not, and we'll go from there.

Thanks a lot, you've been a massive help, and this site is absolutely marvelous. If it does pop back up by tomorrow I'll notify you, if not, once again - heartfelt thanks.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 25 August 2016 - 01:29 PM

No problem dIRECT0R, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 dIRECT0R

dIRECT0R
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 26 August 2016 - 10:55 AM

No problems whatsoever, its definitely gone. Assistance greatly appreciated.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 26 August 2016 - 11:07 AM

That's good to know :) Lastly, your Adobe AIR and Adobe Flash Player 16 NPAPI programs are outdated and vulnerable, so they should be uninstalled. You can also uninstall the 22 PPAPI one since you use Google Chrome and therefore have no need for them.

This being said, since I don't see any traces of malware left in your logs, and you confirmed that the pop-up was indeed gone, I guess we're done here! We'll just run DelFix to delete the tools that were used for that clean-up and the logs they produced.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and dqVs5wj.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on BleepingComputer and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 30 August 2016 - 08:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users