Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sd.steam.info Pop up


  • This topic is locked This topic is locked
10 replies to this topic

#1 Skkarlos

Skkarlos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 27 August 2016 - 02:03 AM

Hello. I need help with this annoying pop up that started happening not long ago. It pops up on every default web searching app (Chrome, Edge, Firefox.....etc) and I cant fix it. I found my problem in registry, but everytime i delete it, black cmd pops up for split second and its back in there. Can i Fix it anyhow?  Any help is appreciated. :) Thanks

 

 

Also here is registry from Farbar Recovery Scan Tool just to make things easier:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by peter-PC (administrator) on DESKTOP-1KE81ON (27-08-2016 09:01:54)
Running from D:\Downloads
Loaded Profiles: peter-PC (Available Profiles: peter-PC)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamuseragent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Spotify Ltd) C:\Users\peter-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8781568 2015-12-22] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => D:\Win Optimizer\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2015-07-09] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1799104 2016-07-29] (NVIDIA Corporation)
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\Run: [Spotify Web Helper] => C:\Users\peter-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-10] (Spotify Ltd)
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\Run: [peter-PC] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-08-25]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f3de019b-281f-43e7-a156-6c08690d38e2}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1337669867-1433378721-860981328-1001 -> hxxp://google.sk/
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.6.0_neutral__d55gg7py3s0m0 [2016-08-06]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.sk/"
CHR Profile: C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Dokumenty Google) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Disk Google) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Adblock Plus) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Google Search) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Tabuľky Google) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (AdBlock) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (Morpheon Dark) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-08-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-13]
CHR Extension: (Gmail) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\peter-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-23] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2541192 2016-06-23] (ESET)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [449472 2016-07-29] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [449472 2016-07-29] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-07-29] (NVIDIA Corporation)
S4 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2122248 2016-06-12] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WO_LiveService2; D:\Win Optimizer\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2015-07-09] ()
S2 SpyHunter 4 Service; C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [153248 2016-06-23] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [208552 2016-06-23] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [61608 2016-06-23] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-23] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-22] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R2 LiveTuner2PM; D:\Win Optimizer\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-22] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b07608b795ac4102\nvlddmkm.sys [14199360 2016-08-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-07-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-07-04] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-15] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-07-27] (SteelSeries ApS)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-27 08:33 - 2016-08-27 09:01 - 00000000 ____D C:\FRST
2016-08-26 22:21 - 2016-08-26 22:21 - 00000000 ____D C:\Users\peter-PC\AppData\LocalLow\uTorrent
2016-08-25 21:20 - 2016-08-25 21:20 - 00000208 _____ C:\Users\peter-PC\Desktop\The Expendabros.url
2016-08-25 11:25 - 2016-08-25 11:25 - 00000208 _____ C:\Users\peter-PC\Desktop\Arma 2 DayZ Mod.url
2016-08-25 08:20 - 2016-08-26 08:09 - 00000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-08-24 19:36 - 2016-08-26 23:02 - 00000000 ____D C:\Users\peter-PC\AppData\Local\ArmA 2 OA
2016-08-24 19:36 - 2016-08-24 19:36 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2016-08-24 19:33 - 2016-08-25 11:34 - 00000000 ____D C:\Users\peter-PC\Documents\ArmA 2
2016-08-24 19:33 - 2016-08-24 19:36 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2016-08-24 19:33 - 2016-08-24 19:33 - 00000000 ____D C:\Users\peter-PC\AppData\Local\ArmA 2
2016-08-24 18:26 - 2016-08-24 18:26 - 00000613 _____ C:\Users\Public\Desktop\DZLauncher.lnk
2016-08-24 18:26 - 2016-08-24 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DZLauncher
2016-08-24 09:57 - 2016-08-06 06:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-08-24 09:57 - 2016-08-06 06:32 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-08-24 09:57 - 2016-08-06 06:32 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-08-24 09:57 - 2016-08-06 06:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-08-24 09:57 - 2016-08-06 06:30 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-08-24 09:57 - 2016-08-06 06:30 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-08-24 09:57 - 2016-08-06 06:30 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-08-24 09:57 - 2016-08-06 06:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-08-24 09:57 - 2016-08-06 06:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-08-24 09:57 - 2016-08-06 06:26 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-08-24 09:57 - 2016-08-06 06:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-24 09:57 - 2016-08-06 06:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-08-24 09:57 - 2016-08-06 06:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-08-24 09:57 - 2016-08-06 06:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-08-24 09:57 - 2016-08-06 06:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-24 09:57 - 2016-08-06 06:16 - 01099104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-08-24 09:57 - 2016-08-06 06:16 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-08-24 09:57 - 2016-08-06 06:16 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-08-24 09:57 - 2016-08-06 06:16 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-08-24 09:57 - 2016-08-06 06:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-24 09:57 - 2016-08-06 06:16 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-08-24 09:57 - 2016-08-06 06:16 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-08-24 09:57 - 2016-08-06 06:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-08-24 09:57 - 2016-08-06 06:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-08-24 09:57 - 2016-08-06 06:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-24 09:57 - 2016-08-06 06:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-24 09:57 - 2016-08-06 06:08 - 02537816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-08-24 09:57 - 2016-08-06 06:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-24 09:57 - 2016-08-06 06:08 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-08-24 09:57 - 2016-08-06 06:08 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-24 09:57 - 2016-08-06 06:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-24 09:57 - 2016-08-06 06:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-08-24 09:57 - 2016-08-06 06:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-08-24 09:57 - 2016-08-06 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-08-24 09:57 - 2016-08-06 05:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-08-24 09:57 - 2016-08-06 05:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-08-24 09:57 - 2016-08-06 05:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-08-24 09:57 - 2016-08-06 05:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-08-24 09:57 - 2016-08-06 05:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-08-24 09:57 - 2016-08-06 05:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-08-24 09:57 - 2016-08-06 05:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-08-24 09:57 - 2016-08-06 05:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-08-24 09:57 - 2016-08-06 05:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-08-24 09:57 - 2016-08-06 05:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-08-24 09:57 - 2016-08-06 05:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-08-24 09:57 - 2016-08-06 05:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-08-24 09:57 - 2016-08-06 05:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-08-24 09:57 - 2016-08-06 05:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-08-24 09:57 - 2016-08-06 05:43 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-08-24 09:57 - 2016-08-06 05:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-08-24 09:57 - 2016-08-06 05:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-24 09:57 - 2016-08-06 05:42 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-08-24 09:57 - 2016-08-06 05:42 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-08-24 09:57 - 2016-08-06 05:41 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-08-24 09:57 - 2016-08-06 05:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-08-24 09:57 - 2016-08-06 05:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-08-24 09:57 - 2016-08-06 05:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-08-24 09:57 - 2016-08-06 05:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-08-24 09:57 - 2016-08-06 05:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-24 09:57 - 2016-08-06 05:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-24 09:57 - 2016-08-06 05:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-08-24 09:57 - 2016-08-06 05:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-08-24 09:57 - 2016-08-06 05:40 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-08-24 09:57 - 2016-08-06 05:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-08-24 09:57 - 2016-08-06 05:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-08-24 09:57 - 2016-08-06 05:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-08-24 09:57 - 2016-08-06 05:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-24 09:57 - 2016-08-06 05:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-24 09:57 - 2016-08-06 05:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-24 09:57 - 2016-08-06 05:37 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-24 09:57 - 2016-08-06 05:35 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-08-24 09:57 - 2016-08-06 05:34 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-08-24 09:57 - 2016-08-06 05:34 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-08-24 09:57 - 2016-08-06 05:34 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-08-24 09:57 - 2016-08-06 05:33 - 01304576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-08-24 09:57 - 2016-08-06 05:33 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-08-24 09:57 - 2016-08-06 05:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-08-24 09:57 - 2016-08-06 05:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-08-24 09:57 - 2016-08-06 05:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-24 09:57 - 2016-08-06 05:31 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-08-24 09:57 - 2016-08-06 05:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-08-24 09:57 - 2016-08-06 05:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-24 09:57 - 2016-08-06 05:29 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-08-24 09:57 - 2016-08-06 05:28 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-08-24 09:57 - 2016-08-06 05:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-08-24 09:57 - 2016-08-06 05:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-08-24 09:57 - 2016-08-06 05:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-24 09:57 - 2016-08-06 05:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-24 09:57 - 2016-08-06 05:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-08-24 09:57 - 2016-08-06 05:24 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-24 09:57 - 2016-08-06 05:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-24 09:57 - 2016-08-06 05:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-24 09:57 - 2016-08-06 05:24 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-24 09:57 - 2016-08-06 05:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-08-24 09:57 - 2016-08-06 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-08-24 09:57 - 2016-08-06 05:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-08-24 09:57 - 2016-08-06 05:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-08-24 09:57 - 2016-08-06 05:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-24 09:57 - 2016-08-06 05:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-24 09:57 - 2016-08-06 05:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-08-24 09:57 - 2016-08-05 11:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-08-24 09:57 - 2016-08-05 11:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-24 09:57 - 2016-08-05 11:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-08-24 09:57 - 2016-08-05 11:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-08-24 09:57 - 2016-08-05 10:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-08-24 09:57 - 2016-08-05 10:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-08-24 09:57 - 2016-08-05 10:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-08-24 09:57 - 2016-08-05 10:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-08-24 09:57 - 2016-08-05 10:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-08-24 09:57 - 2016-08-05 10:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-08-24 09:57 - 2016-08-05 10:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-08-24 09:57 - 2016-08-05 10:07 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-08-24 09:56 - 2016-08-06 06:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-24 09:56 - 2016-08-06 06:30 - 07814496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-24 09:56 - 2016-08-06 06:29 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-08-24 09:56 - 2016-08-06 06:24 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-08-24 09:56 - 2016-08-06 06:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-24 09:56 - 2016-08-06 06:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-24 09:56 - 2016-08-06 06:18 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-08-24 09:56 - 2016-08-06 06:18 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-24 09:56 - 2016-08-06 06:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-24 09:56 - 2016-08-06 06:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-24 09:56 - 2016-08-06 06:13 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-24 09:56 - 2016-08-06 06:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-08-24 09:56 - 2016-08-06 06:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-08-24 09:56 - 2016-08-06 06:13 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-08-24 09:56 - 2016-08-06 06:13 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-08-24 09:56 - 2016-08-06 06:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-08-24 09:56 - 2016-08-06 06:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-08-24 09:56 - 2016-08-06 06:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-24 09:56 - 2016-08-06 06:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-08-24 09:56 - 2016-08-06 06:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-08-24 09:56 - 2016-08-06 06:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-24 09:56 - 2016-08-06 06:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-24 09:56 - 2016-08-06 05:50 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-24 09:56 - 2016-08-06 05:49 - 22570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-24 09:56 - 2016-08-06 05:48 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-24 09:56 - 2016-08-06 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-08-24 09:56 - 2016-08-06 05:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-24 09:56 - 2016-08-06 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-08-24 09:56 - 2016-08-06 05:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-08-24 09:56 - 2016-08-06 05:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-08-24 09:56 - 2016-08-06 05:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-08-24 09:56 - 2016-08-06 05:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-08-24 09:56 - 2016-08-06 05:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-08-24 09:56 - 2016-08-06 05:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-24 09:56 - 2016-08-06 05:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-24 09:56 - 2016-08-06 05:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-08-24 09:56 - 2016-08-06 05:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-08-24 09:56 - 2016-08-06 05:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-08-24 09:56 - 2016-08-06 05:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-08-24 09:56 - 2016-08-06 05:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-08-24 09:56 - 2016-08-06 05:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-08-24 09:56 - 2016-08-06 05:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-24 09:56 - 2016-08-06 05:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-08-24 09:56 - 2016-08-06 05:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-08-24 09:56 - 2016-08-06 05:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-08-24 09:56 - 2016-08-06 05:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-08-24 09:56 - 2016-08-06 05:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-24 09:56 - 2016-08-06 05:42 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-08-24 09:56 - 2016-08-06 05:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-24 09:56 - 2016-08-06 05:41 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-08-24 09:56 - 2016-08-06 05:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-08-24 09:56 - 2016-08-06 05:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-08-24 09:56 - 2016-08-06 05:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-08-24 09:56 - 2016-08-06 05:40 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-08-24 09:56 - 2016-08-06 05:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-08-24 09:56 - 2016-08-06 05:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-08-24 09:56 - 2016-08-06 05:39 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-24 09:56 - 2016-08-06 05:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-24 09:56 - 2016-08-06 05:38 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-24 09:56 - 2016-08-06 05:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-24 09:56 - 2016-08-06 05:36 - 19422720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-24 09:56 - 2016-08-06 05:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-08-24 09:56 - 2016-08-06 05:35 - 09127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-24 09:56 - 2016-08-06 05:35 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-24 09:56 - 2016-08-06 05:34 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-24 09:56 - 2016-08-06 05:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-08-24 09:56 - 2016-08-06 05:33 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-24 09:56 - 2016-08-06 05:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-08-24 09:56 - 2016-08-06 05:32 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-08-24 09:56 - 2016-08-06 05:31 - 03244032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-08-24 09:56 - 2016-08-06 05:31 - 02710528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-08-24 09:56 - 2016-08-06 05:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-08-24 09:56 - 2016-08-06 05:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-08-24 09:56 - 2016-08-06 05:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-08-24 09:56 - 2016-08-06 05:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-24 09:56 - 2016-08-06 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-08-24 09:56 - 2016-08-06 05:30 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-08-24 09:56 - 2016-08-06 05:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-24 09:56 - 2016-08-06 05:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-24 09:56 - 2016-08-06 05:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-08-24 09:56 - 2016-08-06 05:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-08-24 09:56 - 2016-08-06 05:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-08-24 09:56 - 2016-08-06 05:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-08-24 09:56 - 2016-08-06 05:27 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-08-24 09:56 - 2016-08-06 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-08-24 09:56 - 2016-08-06 05:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-08-24 09:56 - 2016-08-06 05:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-24 09:56 - 2016-08-06 05:24 - 02314752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-24 09:56 - 2016-08-06 05:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-24 09:56 - 2016-08-06 05:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-24 09:56 - 2016-08-06 05:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-24 09:56 - 2016-08-06 05:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-08-24 09:56 - 2016-08-06 05:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-24 09:56 - 2016-08-05 10:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-08-24 09:56 - 2016-08-05 10:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-08-24 09:56 - 2016-08-05 10:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-08-24 09:56 - 2016-08-05 10:07 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-08-23 20:38 - 2016-08-23 20:38 - 00000207 _____ C:\Users\peter-PC\Desktop\Arma 2 Operation Arrowhead.url
2016-08-23 20:07 - 2016-08-23 20:07 - 00000207 _____ C:\Users\peter-PC\Desktop\Arma 2.url
2016-08-22 08:18 - 2016-08-22 08:18 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668
2016-08-22 08:02 - 2016-08-22 08:02 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-08-22 08:02 - 2016-08-22 08:02 - 00000000 _____ C:\autoexec.bat
2016-08-20 15:51 - 2016-08-20 15:51 - 00000000 ____D C:\Users\peter-PC\AppData\Local\CrashReportClient
2016-08-19 22:08 - 2016-08-19 22:10 - 00001379 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-08-19 22:03 - 2016-08-22 07:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-19 21:21 - 2016-08-19 21:22 - 00000000 ____D C:\rads
2016-08-19 14:30 - 2016-08-19 14:30 - 00000000 ____D C:\Users\peter-PC\AppData\Local\UnrealEngine
2016-08-19 14:30 - 2016-08-19 14:30 - 00000000 ____D C:\Users\peter-PC\AppData\Local\DeadByDaylight
2016-08-17 21:31 - 2016-08-19 22:10 - 00000668 _____ C:\Users\peter-PC\Desktop\Grow Up.lnk
2016-08-17 08:29 - 2016-08-11 13:30 - 00138808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-08-17 08:29 - 2016-05-04 04:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-17 08:29 - 2016-05-04 04:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-17 08:29 - 2016-05-04 04:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-17 08:29 - 2016-05-04 04:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-17 08:28 - 2016-08-17 08:28 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-17 08:28 - 2016-08-11 16:33 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 34837952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 28236856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 10728856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 10530960 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 10273096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 09086344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 08681720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 08644456 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 02914752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 02553912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437254.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437254.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 01023544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00945088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00897592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00803096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00802072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00694952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00644648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00642904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00612528 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00584712 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00442816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00413256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00393664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00345936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00054728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-08-17 08:27 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-08-17 08:27 - 2016-08-11 16:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-08-16 21:40 - 2016-08-16 21:40 - 00000000 ____D C:\Users\peter-PC\AppData\Local\Montaro
2016-08-16 20:17 - 2016-08-16 20:17 - 00000208 _____ C:\Users\peter-PC\Desktop\Montaro.url
2016-08-12 20:09 - 2016-08-19 22:10 - 00001071 _____ C:\Users\Public\Desktop\No Man's Sky.lnk
2016-08-12 20:09 - 2016-08-12 20:12 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\HelloGames
2016-08-12 20:09 - 2016-08-12 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Man's Sky [GOG.com]
2016-08-10 08:11 - 2016-08-02 10:48 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-10 08:11 - 2016-08-02 10:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-10 08:11 - 2016-08-02 10:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-10 08:11 - 2016-08-02 10:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-10 08:11 - 2016-08-02 10:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-10 08:11 - 2016-08-02 10:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 08:11 - 2016-08-02 10:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-10 08:11 - 2016-08-02 10:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 08:11 - 2016-08-02 10:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-10 08:11 - 2016-08-02 10:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-10 08:11 - 2016-08-02 10:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-10 08:11 - 2016-08-02 10:00 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-10 08:11 - 2016-08-02 09:59 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 08:11 - 2016-08-02 09:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 08:11 - 2016-08-02 09:56 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-10 08:11 - 2016-08-02 09:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-10 08:11 - 2016-08-02 09:55 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 08:11 - 2016-08-02 06:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-10 08:11 - 2016-08-02 06:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-10 08:11 - 2016-08-02 06:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-10 08:11 - 2016-08-02 06:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 08:11 - 2016-08-02 06:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-10 08:11 - 2016-08-02 06:25 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-10 08:11 - 2016-08-02 06:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 08:11 - 2016-08-02 06:23 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-10 08:11 - 2016-08-02 06:16 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 08:11 - 2016-08-02 06:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-10 08:11 - 2016-08-02 06:12 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-09 17:48 - 2016-08-09 17:48 - 00000000 ____D C:\Users\peter-PC\AppData\Local\238010
2016-08-09 08:02 - 2016-08-09 08:02 - 00003588 _____ C:\WINDOWS\System32\Tasks\peter-PC
2016-08-08 20:30 - 2016-08-08 20:30 - 00000208 _____ C:\Users\peter-PC\Desktop\Batman Arkham Origins.url
2016-08-07 20:20 - 2016-08-07 20:20 - 00000000 ____D C:\Users\peter-PC\AppData\LocalLow\Blind Sky Studios LTD
2016-08-06 15:20 - 2016-08-06 15:20 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-08-06 15:20 - 2016-08-06 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-08-06 15:20 - 2016-08-06 15:20 - 00000000 ____D C:\ProgramData\ESET
2016-08-05 11:59 - 2016-08-05 11:59 - 00000000 ____D C:\Users\peter-PC\AppData\LocalLow\CampoSanto
2016-08-05 09:08 - 2016-08-19 22:10 - 00001232 _____ C:\Users\peter-PC\Desktop\Firewatch.lnk
2016-08-04 02:17 - 2016-08-04 21:31 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-04 02:15 - 2016-08-04 02:15 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-04 02:15 - 2016-08-04 02:15 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-04 02:15 - 2016-08-04 02:15 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-04 02:15 - 2016-08-04 02:15 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-04 02:15 - 2016-08-04 02:15 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-04 02:15 - 2016-08-04 02:15 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-04 02:15 - 2016-08-04 02:15 - 00000000 ____D C:\Program Files\CMAK
2016-08-04 02:15 - 2016-08-04 02:15 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-04 02:15 - 2016-07-16 05:29 - 06586368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons001b.dll
2016-08-04 02:15 - 2016-07-16 05:27 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData001b.dll
2016-08-04 02:15 - 2016-07-16 05:25 - 01915392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll
2016-08-04 02:15 - 2016-07-16 04:45 - 06586368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons001b.dll
2016-08-04 02:15 - 2016-07-16 04:42 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData001b.dll
2016-08-04 02:15 - 2016-07-16 04:39 - 01868800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS2.dll
2016-08-04 02:14 - 2016-08-04 02:14 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-04 02:14 - 2016-08-04 02:14 - 00000000 ____D C:\Program Files\MSBuild
2016-08-04 02:14 - 2016-08-04 02:14 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-04 02:14 - 2016-08-04 02:14 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-04 02:14 - 2016-05-26 00:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-04 02:14 - 2016-05-26 00:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-04 02:14 - 2016-05-26 00:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-04 02:14 - 2016-05-25 21:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-04 02:14 - 2016-05-25 21:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-04 02:14 - 2016-05-25 21:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-03 17:05 - 2016-08-03 17:05 - 00000000 ____D C:\Users\peter-PC\Documents\Telltale Games
2016-08-03 17:03 - 2016-08-19 22:10 - 00001096 _____ C:\Users\peter-PC\Desktop\Play Batman Win8.lnk
2016-08-03 16:29 - 2016-08-03 16:29 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-03 16:27 - 2016-08-04 07:41 - 00000000 ____D C:\Users\peter-PC\AppData\Local\ConnectedDevicesPlatform
2016-08-03 16:27 - 2016-08-03 16:27 - 00000020 ___SH C:\Users\peter-PC\ntuser.ini
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-03 16:27 - 2016-08-03 16:27 - 00000000 ____D C:\ProgramData\USOShared
2016-08-03 16:26 - 2016-08-03 16:26 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-03 16:26 - 2016-08-03 16:26 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-03 16:22 - 2016-08-27 08:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-03 16:22 - 2016-08-26 16:36 - 00005292 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-1KE81ON-peter-PC DESKTOP-1KE81ON
2016-08-03 16:22 - 2016-08-17 08:11 - 00004008 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-08-03 16:22 - 2016-08-17 08:11 - 00003980 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-08-03 16:22 - 2016-08-17 08:11 - 00003944 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-08-03 16:22 - 2016-08-17 08:11 - 00003918 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-08-03 16:22 - 2016-08-17 08:11 - 00003714 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-08-03 16:22 - 2016-08-03 16:22 - 00023356 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-03 16:22 - 2016-08-03 16:22 - 00003488 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-03 16:22 - 2016-08-03 16:22 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-03 16:22 - 2016-08-03 16:22 - 00003264 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-03 16:22 - 2016-08-03 16:22 - 00002386 _____ C:\WINDOWS\System32\Tasks\{DB3D3C0A-3033-4429-9A13-2DCCA77805B6}
2016-08-03 16:20 - 2016-08-19 22:10 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-03 16:20 - 2016-07-16 13:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-03 16:19 - 2016-08-27 08:37 - 00000000 ____D C:\Users\peter-PC
2016-08-03 16:19 - 2016-08-03 16:21 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-03 16:19 - 2016-08-03 16:19 - 00000000 _SHDL C:\Users\peter-PC\My Documents
2016-08-03 16:19 - 2016-08-03 16:19 - 00000000 _SHDL C:\Users\peter-PC\Documents\My Videos
2016-08-03 16:19 - 2016-08-03 16:19 - 00000000 _SHDL C:\Users\peter-PC\Documents\My Pictures
2016-08-03 16:19 - 2016-08-03 16:19 - 00000000 _SHDL C:\Users\peter-PC\Documents\My Music
2016-08-03 16:18 - 2016-08-27 08:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-03 16:18 - 2016-08-17 08:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-03 16:18 - 2016-08-11 14:27 - 06386048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-03 16:18 - 2016-08-11 14:27 - 02468288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-03 16:18 - 2016-08-11 14:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-03 16:18 - 2016-08-11 14:27 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-03 16:18 - 2016-08-11 14:27 - 00548920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-03 16:18 - 2016-08-11 14:27 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-03 16:18 - 2016-08-11 14:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-03 16:18 - 2016-08-11 14:27 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-03 16:18 - 2016-08-09 18:06 - 07255045 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-03 16:18 - 2016-08-03 16:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-03 16:18 - 2016-08-03 16:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-03 16:18 - 2016-08-03 16:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-03 16:18 - 2016-08-03 16:18 - 00000000 ____D C:\Program Files\Realtek
2016-08-03 16:17 - 2016-08-27 08:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-03 16:17 - 2016-08-11 19:55 - 00271840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-03 16:17 - 2016-08-03 16:17 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-03 10:07 - 2016-08-03 10:11 - 00000000 ____D C:\Users\peter-PC\Documents\Assetto Corsa
2016-07-31 17:59 - 2016-08-19 22:10 - 00001251 _____ C:\Users\Public\Desktop\Bioshock Infinite.lnk
2016-07-30 19:48 - 2016-07-30 19:48 - 00000205 _____ C:\Users\peter-PC\Desktop\Counter-Strike Global Offensive.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-27 09:01 - 2015-12-23 15:01 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Skype
2016-08-27 08:48 - 2015-12-22 17:25 - 01229862 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-27 08:41 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-27 08:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 00:42 - 2016-02-09 21:43 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\uTorrent
2016-08-26 16:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-26 16:26 - 2015-12-30 11:05 - 00000000 ____D C:\Users\peter-PC\AppData\Local\CrashDumps
2016-08-25 22:52 - 2015-12-22 17:49 - 00000000 ____D C:\ProgramData\Origin
2016-08-25 18:25 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-24 20:01 - 2015-12-22 17:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-24 20:00 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-08-24 20:00 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-24 20:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-24 20:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-24 10:28 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-23 09:06 - 2016-01-04 19:14 - 00000000 ____D C:\Users\peter-PC\AppData\Local\Battle.net
2016-08-22 08:18 - 2016-02-03 19:55 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2016-08-21 11:02 - 2016-03-06 20:53 - 00346872 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-08-19 22:47 - 2015-12-25 15:48 - 00000000 ____D C:\Users\peter-PC\AppData\Local\Ubisoft Game Launcher
2016-08-19 22:10 - 2016-07-27 21:24 - 00000841 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2016-08-19 22:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Globalization
2016-08-19 22:10 - 2016-07-09 16:26 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-08-19 22:10 - 2016-07-07 21:42 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-19 22:10 - 2016-07-07 21:42 - 00002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-19 22:10 - 2016-07-07 14:05 - 00001018 _____ C:\Users\peter-PC\Desktop\Origin.exe.lnk
2016-08-19 22:10 - 2016-06-30 18:38 - 00000709 _____ C:\Users\peter-PC\Desktop\LIMBO.lnk
2016-08-19 22:10 - 2016-06-30 18:38 - 00000709 _____ C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\LIMBO.lnk
2016-08-19 22:10 - 2016-06-21 20:08 - 00001435 _____ C:\Users\peter-PC\Desktop\Euro Truck Simulator 2 (x64).lnk
2016-08-19 22:10 - 2016-06-15 18:39 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-08-19 22:10 - 2016-04-21 16:49 - 00000811 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 11.lnk
2016-08-19 22:10 - 2016-04-15 17:39 - 00001240 _____ C:\Users\peter-PC\Desktop\Uplay.lnk
2016-08-19 22:10 - 2016-02-01 10:10 - 00000823 _____ C:\Users\Public\Desktop\FIFA 16 Demo.lnk
2016-08-19 22:10 - 2016-01-04 19:14 - 00000706 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-08-19 22:10 - 2015-12-29 09:35 - 00001877 _____ C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-08-19 22:10 - 2015-12-29 09:35 - 00001871 _____ C:\Users\peter-PC\Desktop\Spotify.lnk
2016-08-19 22:10 - 2015-12-23 15:01 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-19 22:10 - 2015-12-22 19:57 - 00000796 _____ C:\Users\Public\Desktop\Battlefield 3.lnk
2016-08-19 22:10 - 2015-12-22 18:42 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-19 22:10 - 2015-12-22 17:48 - 00001029 _____ C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-08-19 22:10 - 2015-12-22 17:24 - 00002376 _____ C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-19 22:08 - 2016-05-28 21:05 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Riot Games
2016-08-17 08:33 - 2015-12-29 09:35 - 00000000 ____D C:\Users\peter-PC\AppData\Local\Spotify
2016-08-17 08:33 - 2015-12-29 09:34 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Spotify
2016-08-17 08:29 - 2015-12-30 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-15 16:24 - 2016-07-23 14:59 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\steelseries-engine-3-client
2016-08-11 19:55 - 2016-07-16 16:15 - 00000000 ____D C:\WINDOWS\OCR
2016-08-11 19:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-11 19:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-11 19:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-11 19:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-11 19:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-11 16:33 - 2016-07-16 21:01 - 03901520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-11 16:33 - 2016-07-16 21:01 - 03443152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-11 16:33 - 2016-07-16 21:01 - 01588688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-08-11 16:33 - 2016-07-16 21:01 - 00223304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-08-11 16:33 - 2016-07-16 21:01 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-08-11 16:09 - 2015-12-22 19:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 16:07 - 2015-12-22 19:04 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-06 15:30 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-06 15:30 - 2015-12-22 17:22 - 00000000 ____D C:\Users\peter-PC\AppData\Local\Packages
2016-08-06 15:20 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-06 15:20 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-04 07:45 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-04 02:17 - 2016-07-16 13:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-03 16:29 - 2015-12-22 17:24 - 00000000 ___RD C:\Users\peter-PC\OneDrive
2016-08-03 16:27 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-03 16:27 - 2016-03-31 10:55 - 00001416 __RSH C:\ProgramData\ntuser.pol
2016-08-03 16:26 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-03 16:26 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-03 16:26 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-03 16:22 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-03 16:21 - 2016-06-30 18:38 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO
2016-08-03 16:21 - 2016-06-15 18:39 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-03 16:21 - 2016-03-24 12:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-08-03 16:21 - 2016-01-04 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-08-03 16:21 - 2016-01-04 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-08-03 16:21 - 2015-12-22 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-03 16:21 - 2015-12-22 18:19 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-03 16:21 - 2015-12-22 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-03 16:21 - 2015-12-22 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-03 16:21 - 2015-10-30 11:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-03 16:20 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-03 16:20 - 2015-10-30 08:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-03 16:19 - 2016-07-23 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2016-08-03 16:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-08-03 16:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-03 16:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-03 16:19 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-03 16:19 - 2016-07-13 20:50 - 00000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2016-08-03 16:19 - 2016-05-01 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sega
2016-08-03 16:19 - 2016-04-21 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-08-03 16:19 - 2016-02-07 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev
2016-08-03 16:19 - 2016-02-03 19:55 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 v1.22.0.3 (29 DLC)
2016-08-03 16:19 - 2016-01-03 10:27 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-03 16:19 - 2015-12-25 15:48 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-03 16:19 - 2015-12-23 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-03 16:19 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-03 16:18 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-03 16:18 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-03 16:18 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-03 16:18 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-03 15:56 - 2016-07-07 21:41 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 15:46 - 2014-08-14 16:51 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru
2016-08-03 07:56 - 2016-07-07 21:41 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-02 19:56 - 2016-02-03 19:55 - 00000000 ____D C:\Users\peter-PC\Documents\Euro Truck Simulator 2
2016-08-01 14:44 - 2015-12-26 12:13 - 00000000 ____D C:\Users\peter-PC\Documents\My Games
2016-08-01 14:03 - 2015-12-23 15:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-01 14:03 - 2015-12-23 15:01 - 00000000 ____D C:\ProgramData\Skype
2016-07-30 19:42 - 2016-01-06 22:16 - 00000000 ____D C:\Users\peter-PC\AppData\Roaming\vlc
2016-07-30 08:12 - 2016-07-23 14:44 - 00000000 ____D C:\WINDOWS\Cnxt
2016-07-29 18:49 - 2016-01-16 10:12 - 00000000 ____D C:\Users\peter-PC\Documents\WB Games
2016-07-29 18:49 - 2016-01-03 22:30 - 00000000 ____D C:\Users\peter-PC\AppData\Local\SKIDROW
2016-07-29 03:02 - 2016-07-09 16:26 - 01799104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-07-29 03:02 - 2016-07-09 16:26 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-07-29 03:02 - 2016-07-09 16:26 - 01403328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-07-29 03:02 - 2016-07-09 16:26 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-07-29 03:02 - 2016-07-09 16:26 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
 
==================== Files in the root of some directories =======
 
2016-03-31 10:56 - 2016-03-31 10:56 - 0005120 _____ () C:\Users\peter-PC\AppData\Roaming\GiftBag.db
2015-12-23 17:33 - 2016-07-15 07:57 - 0007602 _____ () C:\Users\peter-PC\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-22 19:16
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by peter-PC (27-08-2016 09:02:15)
Running from D:\Downloads
Windows 10 Pro Version 1607 (X64) (2016-08-03 14:27:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1337669867-1433378721-860981328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1337669867-1433378721-860981328-503 - Limited - Disabled)
Guest (S-1-5-21-1337669867-1433378721-860981328-501 - Limited - Disabled)
peter-PC (S-1-5-21-1337669867-1433378721-860981328-1001 - Administrator - Enabled) => C:\Users\peter-PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 9.0.386.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.386.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Firewatch» 1.0.13u (HKLM-x32\...\«Firewatch»_is1) (Version: 1.0.13u - Panic Inc., Campo Santo)
µTorrent (HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Ashampoo WinOptimizer 11 v.11.00.70 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.70 - Ashampoo GmbH & Co. KG)
Batman™: Arkham Origins (HKLM\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bioshock Infinite version 1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: 1.1.25.5165 - Mr DJ)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Contagion (HKLM\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DZLauncher version 0.1.3.4 (HKLM-x32\...\{1E299AE2-74C8-4CD8-6B17-A86E0ED3C4D2}_is1) (Version: 0.1.3.4 - Maca134)
ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Euro Truck Simulator 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
FIFA 16 Demo (HKLM-x32\...\{D09AD1AE-6AAC-45EB-B9F6-C1F223DD8481}) (Version: 1.0.0.0 - Electronic Arts)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grow Up (HKLM-x32\...\Grow Up_is1) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
L.A.Noire (HKLM-x32\...\L.A.Noire_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Lead and Gold - Gangs of the Wild West (HKLM\...\Steam App 42120) (Version:  - Fatshark)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
LIMBO (HKLM-x32\...\LIMBO) (Version:  - )
Lovely Planet (HKLM\...\Steam App 298600) (Version:  - QUICKTEQUILA)
Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Office 2013 Professional Plus (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Montaro (HKLM\...\Steam App 495890) (Version:  - JCKSLAP)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
No Man's Sky (HKLM-x32\...\1446213994_is1) (Version: 2.0.0.2 - GOG.com)
No Man's Sky Pre-order DLC (HKLM-x32\...\2022706229_is1) (Version: 2.0.0.2 - GOG.com)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.2.205 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.2.205 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.2.205 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Prince of Persia Sands of Time (HKLM-x32\...\Uplay Install 111) (Version:  - Ubisoft)
Quantum Break - Patch to v1.7.0.0 (HKLM-x32\...\Quantum Break - Patch to v1.7.0.0_is1) (Version:  - )
Quantum Break (HKLM-x32\...\Quantum Break_is1) (Version: 2.2.0.0 - Microsoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Rise of the Tomb Raider (HKLM\...\Steam App 391220) (Version:  - Crystal Dynamics)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(25.05.2015) - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0300 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.2.205 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.3 - SteelSeries ApS)
The Expendabros (HKLM\...\Steam App 312990) (Version:  - Free Lives)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1337669867-1433378721-860981328-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\peter-PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12BDEA52-85E2-4C09-A8BB-30CEC5E13352} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.)
Task: {2040E215-C26C-4D30-8E66-47D991D48F87} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {2E5392E4-FC70-4C8A-A4E2-10AF172EA27D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-07-29] (NVIDIA Corporation)
Task: {32C203D7-114D-4C0F-A660-26E80C038A6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.)
Task: {35CF2DC9-E41B-4CDA-BF63-684268C93DC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4E6C196D-1BDA-4332-AB87-77326586AE33} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-07-29] (NVIDIA Corporation)
Task: {502B6BD8-02A4-4B08-9633-B7DF45E28A46} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {56BEC7AE-45E3-4FA3-B8FB-C6C71353B020} - System32\Tasks\{DB3D3C0A-3033-4429-9A13-2DCCA77805B6} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=heroes --displayname="Heroes of the Storm"
Task: {79B813DD-91E9-473A-AF9E-D1CE51C92730} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-1KE81ON-peter-PC DESKTOP-1KE81ON => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {9B27E9D1-D3C8-4F61-BD63-3708182AD8F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {9E403934-3281-4581-9B2D-3515E5CEA5EA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-07-29] (NVIDIA Corporation)
Task: {B13AE92A-7FCD-422B-9E71-5B19BB6BB73E} - System32\Tasks\peter-PC => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v peter-PC /t REG_SZ /d "explorer.exe hxxp://sd-steam.info" <==== ATTENTION
Task: {D393D74A-30B0-4ABB-83C0-954AAE9DBFF6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-07-29] (NVIDIA Corporation)
Task: {E069FFCC-407B-41BA-80CA-8C001B4AD649} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-07-29] (NVIDIA Corporation)
Task: {E31DCE05-67C4-4411-89BF-A5D52A6B9633} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-03 16:18 - 2016-08-11 14:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 00062912 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 00308160 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\MessageBus.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 04488640 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 00396736 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\nvspserviceplugin64.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\NvStreamBase.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 03070912 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_NvStreamControl.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-03 16:29 - 2016-08-03 16:29 - 00959168 _____ () C:\Users\peter-PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-24 09:56 - 2016-08-06 05:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-24 09:57 - 2016-08-06 05:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-24 09:57 - 2016-08-06 05:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-24 09:57 - 2016-08-06 05:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-24 09:57 - 2016-08-06 05:23 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-24 09:57 - 2016-08-06 05:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-08 14:39 - 2014-09-08 14:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 00165824 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 00861120 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 02917312 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService\NvMdnsPlugin.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 02065856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService\NvPortForwardPlugin.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 01923008 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService\RtspPlugin.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 03482560 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService\UnifiedProtocol.dll
2016-07-16 16:34 - 2016-07-16 16:34 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-07-16 16:34 - 2016-07-16 16:34 - 00157184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-07-16 16:34 - 2016-07-16 16:34 - 29443072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\nvstreamsrv\boost_system-vc120-mt-1_58.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\nvstreamsrv\boost_regex-vc120-mt-1_58.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 01726912 _____ () C:\Program Files\NVIDIA Corporation\nvstreamsrv\Plugins\SSAU\SsauWatchdogPlugin.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 00018880 _____ () c:\program files\nvidia corporation\nvstreamsrv\detoured.dll
2016-08-09 07:57 - 2016-08-03 01:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 07:57 - 2016-08-03 01:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-09 07:57 - 2016-08-03 01:04 - 31541952 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
2016-07-09 16:26 - 2016-07-29 03:02 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-09 16:26 - 2016-07-28 19:56 - 02766392 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-09 16:26 - 2016-07-28 19:56 - 00490432 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-09 16:26 - 2016-07-28 19:56 - 00253888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-09 16:26 - 2016-07-28 19:56 - 00246328 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-09 16:26 - 2016-07-28 19:56 - 00415680 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-07-09 16:26 - 2016-07-28 19:56 - 00201152 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-08-17 08:11 - 2016-08-09 01:27 - 00785920 _____ () D:\Games\Steam\SDL2.dll
2016-08-17 08:11 - 2015-07-02 00:06 - 04962816 _____ () D:\Games\Steam\v8.dll
2016-08-24 07:52 - 2016-08-23 21:33 - 02321184 _____ () D:\Games\Steam\video.dll
2016-08-17 08:11 - 2015-07-02 00:06 - 01556992 _____ () D:\Games\Steam\icui18n.dll
2016-08-17 08:11 - 2015-07-02 00:06 - 01187840 _____ () D:\Games\Steam\icuuc.dll
2016-08-17 08:10 - 2016-01-27 09:49 - 02549760 _____ () D:\Games\Steam\libavcodec-56.dll
2016-08-17 08:10 - 2016-01-27 09:49 - 00491008 _____ () D:\Games\Steam\libavformat-56.dll
2016-08-17 08:10 - 2016-01-27 09:49 - 00332800 _____ () D:\Games\Steam\libavresample-2.dll
2016-08-17 08:10 - 2016-01-27 09:49 - 00442880 _____ () D:\Games\Steam\libavutil-54.dll
2016-08-17 08:10 - 2016-01-27 09:49 - 00485888 _____ () D:\Games\Steam\libswscale-3.dll
2016-08-24 07:52 - 2016-08-23 21:33 - 00835360 _____ () D:\Games\Steam\bin\chromehtml.DLL
2016-07-09 16:26 - 2016-07-29 03:02 - 00018880 _____ () c:\program files (x86)\nvidia corporation\nvstreamsrv\detoured.dll
2016-08-17 08:10 - 2016-07-05 00:17 - 00266560 _____ () D:\Games\Steam\openvr_api.dll
2016-07-09 16:26 - 2016-07-29 03:01 - 54494656 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-08-17 08:10 - 2016-08-04 22:56 - 49825056 _____ () D:\Games\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 09:24 - 2016-08-25 09:21 - 00362831 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 localhost.localdomain
255.255.255.255 broadcasthost
127.0.0.1 local127.0.0.1 goatse.cx       # More information on sites such as 
127.0.0.1 www.goatse.cx   # these can be found in this article
127.0.0.1 oralse.cx       # en.wikipedia.org/wiki/List_of_shock_sites
127.0.0.1 www.oralse.cx
127.0.0.1 goatse.ca
127.0.0.1 www.goatse.ca
127.0.0.1 oralse.ca
127.0.0.1 www.oralse.ca
127.0.0.1 goat.cx
127.0.0.1 www.goat.cx
127.0.0.1 goatse.ru
127.0.0.1 www.goatse.ru
127.0.0.1 1girl1pitcher.com
127.0.0.1 1girl1pitcher.org
127.0.0.1 1guy1cock.com
127.0.0.1 1man1jar.org
127.0.0.1 1man2needles.com
127.0.0.1 1priest1nun.com
127.0.0.1 2girls1cup.com
127.0.0.1 2girls1cup-free.com
127.0.0.1 2girls1cup.nl
127.0.0.1 2girls1cup.ws
127.0.0.1 2girls1finger.com
127.0.0.1 2girls1finger.org
127.0.0.1 2guys1stump.org
127.0.0.1 3guys1hammer.ws
127.0.0.1 4girlsfingerpaint.com
 
There are 11328 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVIDIA Wireless Controller Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: WO_LiveService2 => 2
HKLM\...\StartupApproved\Run: => "Ashampoo WinOptimizer Live-Tuner2"
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1337669867-1433378721-860981328-1001\...\StartupApproved\Run: => "RGSC"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AAF34365-F6E2-4E3E-9137-803E325BDF9E}] => (Allow) D:\Games\Bioshock Infinite\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{2A5E742A-61D7-4027-B974-F7EC386097A3}] => (Allow) D:\Games\Bioshock Infinite\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{5661897A-795E-4CA9-9271-5F61E1ADDA2F}] => (Allow) D:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{52231B0E-706C-44C9-A7C9-5A176F9CD42D}] => (Allow) D:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{746330F1-405B-4FF1-9E93-0B7713FDBD64}] => (Allow) D:\Games\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{6841FD3B-13E1-4D9E-B2C9-64177F4AD6EB}] => (Allow) D:\Games\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{B62F4EAB-DC96-4143-9D22-C8B37015A527}] => (Allow) D:\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{10BF58AC-2775-47DC-9D50-E9C12EACECD7}] => (Allow) D:\Games\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{92E2BB01-248A-4125-B784-2411A15A8AAE}] => (Allow) D:\Games\Steam\steamapps\common\Lovely Planet\LovelyPlanet.exe
FirewallRules: [{ECD6402D-7F8F-4AA2-8B05-2556196C8206}] => (Allow) D:\Games\Steam\steamapps\common\Lovely Planet\LovelyPlanet.exe
FirewallRules: [{42A396F5-B8AC-4A6D-A881-3FF3E3A31257}] => (Allow) D:\Games\Steam\steamapps\common\Lead and Gold Gangs of the Wild West\lag_win32_public_dev.exe
FirewallRules: [{B0815276-9DDE-44C8-AE89-6132645E8EEE}] => (Allow) D:\Games\Steam\steamapps\common\Lead and Gold Gangs of the Wild West\lag_win32_public_dev.exe
FirewallRules: [{9B3E3F61-5E70-4D2A-845E-0C0A2406F6EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3B1BFFC2-971A-4EDF-B61D-C92D9E4881E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4EEB998-CA7D-4B67-9E0E-DAB9C7450BC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{89C8782D-CFBA-41B0-A79E-D6AD3DBFE900}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{75BE9D5C-60ED-4EA7-BBAF-700CD66472E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{55EE8B10-4C94-4F54-B5D3-AEAE17DC692B}] => (Allow) D:\Games\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{4785D108-68FE-4AC6-8649-E443BB2DC919}] => (Allow) D:\Games\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{8D12F50A-93E0-4805-BAA8-7485729081DD}] => (Allow) D:\Games\Prince\Prince of Persia Sands of Time\POP.EXE
FirewallRules: [{F95C402C-1823-4ECF-A829-97D7805565EB}] => (Allow) D:\Games\Prince\Prince of Persia Sands of Time\POP.EXE
FirewallRules: [{57EDB465-EF1D-47A0-9EC2-044477CFDA95}] => (Allow) D:\Games\Prince\Prince of Persia Sands of Time\PrinceOfPersia.EXE
FirewallRules: [{89F6B1E7-2A8F-4E5F-9710-7CCBE4886E96}] => (Allow) D:\Games\Prince\Prince of Persia Sands of Time\PrinceOfPersia.EXE
FirewallRules: [{C0023A01-88CF-4907-9B34-252D5C079B69}] => (Allow) D:\Games\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{EDD1AF07-365F-4200-B128-C48AA1A05488}] => (Allow) D:\Games\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{303D0AE5-8536-4CFD-A540-61C0E40AFC6D}] => (Allow) D:\Games\Origin\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{EEB12FE1-E943-4EC6-A31F-7F0AB58DE810}] => (Allow) D:\Games\Origin\Medal of Honor Pacific Assault\mohpa_setup.exe
FirewallRules: [{3EA74E67-295D-4E26-BBFD-0717D36EFC19}] => (Allow) D:\Games\Origin\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{D20429D1-BFDA-4F7D-BBCD-69B2B13C2A49}] => (Allow) D:\Games\Origin\Medal of Honor Pacific Assault\mohpa.exe
FirewallRules: [{4D6380C9-DED0-47DB-A192-6841C79131A0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{26490960-4B12-41FB-90D7-70F619044AE8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{B6706EE7-A0B5-44B4-88B0-2115DDA2761D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{BB07ACB8-E898-4716-A5FA-4E98FBC63F6B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{6667E22D-CBF9-4AE6-9387-093FDC1AFECD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{87AAE4C0-929E-4CCC-9632-1B7DD47ECAE0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{4E8BA777-456B-44DD-93F7-C3A33A3CDB95}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D0A9062B-5C76-468F-B911-4ADD8426DF1E}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{088E30DC-AF9F-440E-98F0-8C6A83355A89}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{90059973-1FC1-468C-8810-AF7941555A02}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D2C0642-83F9-4BD7-8CD8-54C583235AAD}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58985BA1-BFCA-4858-BCF8-91AA98B5D36A}] => (Allow) D:\Games\Origin\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{643023D9-299E-4A85-A462-E6D6A932742B}] => (Allow) D:\Games\Origin\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{2E206AC6-80BA-47E6-A96B-054D0503785F}] => (Allow) D:\Games\Origin\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{401C5F34-721B-46D3-A1A5-2BE5788697D1}] => (Allow) D:\Games\Origin\FIFA 16 DEMO\fifasetup\fifaconfig.exe
FirewallRules: [{D9D75941-10E9-4385-A180-69CEC47377A8}] => (Allow) D:\Games\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{A1804936-1698-4319-9905-437B2F4AA0C5}] => (Allow) D:\Games\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{59F6C3DA-713B-42B9-A629-2002CD0D6C50}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{123CC7F2-9C80-4211-BBB0-3A9667CF891E}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9CC7B0AD-9812-4942-BE34-814D0A81850F}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9D995806-938C-4786-B256-29031176DB38}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5FB011E9-C45C-4A59-9322-D537C5B845FB}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC9420F7-8286-4546-9A6F-929F3F6AF7EA}] => (Allow) C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92F7254D-3B2B-4B31-8945-24ACF5A6BD53}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{99D3947E-FBEA-4DF6-9CD0-EDD3C39C1637}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{0FDF5B15-D43B-4C50-AF70-C9C5A48B830A}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{89B1BB1E-3A01-420D-9E72-4595BE380712}] => (Allow) D:\Games\Origin\Battlefield 3\bf3.exe
FirewallRules: [{6817EF9F-18EE-48A4-A440-98CCD0BDEDE0}] => (Allow) D:\Games\Origin\Battlefield 3\bf3.exe
FirewallRules: [{24924299-1EC0-41F6-8A50-53FC9C23C23A}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A93EDFC-C06C-43DA-B002-11463E05D5C8}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{70CE75FF-A49B-44D3-AD5B-174541FA284A}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{191B4ADA-535C-4032-A5FB-D9DC79CBA8AA}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{22519763-19B8-4760-9DC0-8E48BDD05220}] => (Allow) D:\Games\Steam\steamapps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{DAC02C68-2E81-4DD9-AFFA-A831DD688C5E}] => (Allow) D:\Games\Steam\steamapps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{421D8861-35F5-4ECF-92ED-3DC2A6F16B57}] => (Allow) D:\Games\Steam\steamapps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{EC586291-B3C1-407A-924B-531A1CD4161C}] => (Allow) D:\Games\Steam\steamapps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{D6B9F772-5CFF-48A2-BBAD-0AEE1700737F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AF2669D4-CC57-4E0A-BDF0-7F16644DF19E}] => (Allow) D:\Games\Steam\steamapps\common\Montaro\nw.exe
FirewallRules: [{B2921605-1F98-461C-8FDA-FCCB64C5335D}] => (Allow) D:\Games\Steam\steamapps\common\Montaro\nw.exe
FirewallRules: [{9E23876E-B5CA-48B5-A76E-EED93423FC59}] => (Allow) D:\Games\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{1A6E4689-35DB-4572-B5A6-3D865EF38CF8}] => (Allow) D:\Games\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{7AAE8D68-9991-4B6F-8DD7-830044574D34}] => (Allow) D:\Games\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{27E6F752-9617-42CC-A381-96494483B262}] => (Allow) D:\Games\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{4D7FD13D-00D0-47EE-AA42-901B2B69D97C}] => (Allow) D:\Games\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{355B02B9-8D06-4D7D-AE09-43A8434A93F6}] => (Allow) D:\Games\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{C36774B9-E8D9-4707-A932-438351D7889B}] => (Allow) D:\Games\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{31E2E9D5-49B2-468F-8A0B-B11D6B62F1EC}] => (Allow) D:\Games\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{2E973A19-60F4-42F6-B504-B0F913578E26}] => (Allow) D:\Games\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{5BF519E7-D25E-46A5-B5D0-D6083FB5BF0C}] => (Allow) D:\Games\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2016 04:26:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBarPresenceWriter.exe, version: 10.0.14393.0, time stamp: 0x57899bd6
Faulting module name: ntdll.dll, version: 10.0.14393.82, time stamp: 0x57a55744
Exception code: 0xc0000374
Fault offset: 0x00000000000f73f3
Faulting process id: 0x4a4
Faulting application start time: 0xGameBarPresenceWriter.exe0
Faulting application path: GameBarPresenceWriter.exe1
Faulting module path: GameBarPresenceWriter.exe2
Report Id: GameBarPresenceWriter.exe3
Faulting package full name: GameBarPresenceWriter.exe4
Faulting package-relative application ID: GameBarPresenceWriter.exe5
 
Error: (08/26/2016 11:23:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (08/26/2016 08:33:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1KE81ON)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/26/2016 08:32:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-1KE81ON)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/25/2016 11:26:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBarPresenceWriter.exe, version: 10.0.14393.0, time stamp: 0x57899bd6
Faulting module name: GameBarPresenceWriter.exe, version: 10.0.14393.0, time stamp: 0x57899bd6
Exception code: 0xc0000005
Fault offset: 0x0000000000003be4
Faulting process id: 0x2140
Faulting application start time: 0xGameBarPresenceWriter.exe0
Faulting application path: GameBarPresenceWriter.exe1
Faulting module path: GameBarPresenceWriter.exe2
Report Id: GameBarPresenceWriter.exe3
Faulting package full name: GameBarPresenceWriter.exe4
Faulting package-relative application ID: GameBarPresenceWriter.exe5
 
Error: (08/25/2016 10:56:37 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8
 
Error: (08/25/2016 10:56:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (08/25/2016 08:23:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program 115394.rbf version 4.1.11.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1f48
 
Start Time: 01d1fe98bf58d816
 
Termination Time: 4294967295
 
Application Path: C:\Config.Msi\115394.rbf
 
Report Id: 77fde3d5-6a8c-11e6-82e6-d8cb8a9a326f
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/24/2016 07:36:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBarPresenceWriter.exe, version: 10.0.14393.0, time stamp: 0x57899bd6
Faulting module name: ntdll.dll, version: 10.0.14393.0, time stamp: 0x578997b2
Exception code: 0xc0000374
Fault offset: 0x00000000000f73e3
Faulting process id: 0x21cc
Faulting application start time: 0xGameBarPresenceWriter.exe0
Faulting application path: GameBarPresenceWriter.exe1
Faulting module path: GameBarPresenceWriter.exe2
Report Id: GameBarPresenceWriter.exe3
Faulting package full name: GameBarPresenceWriter.exe4
Faulting package-relative application ID: GameBarPresenceWriter.exe5
 
Error: (08/24/2016 07:53:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.51, time stamp: 0x57a0516c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2240
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
 
System errors:
=============
Error: (08/27/2016 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/27/2016 08:42:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/27/2016 08:41:45 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KE81ON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/27/2016 08:41:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/27/2016 08:41:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA NetworkService Container service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/27/2016 08:41:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/27/2016 08:41:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/27/2016 08:41:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Wireless Controller Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/27/2016 08:41:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/27/2016 08:41:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-26 08:04:48.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-26 08:04:48.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 09:26:17.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-24 21:13:25.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-24 20:02:17.970
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-24 20:02:04.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-24 20:02:04.307
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-24 08:23:41.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-24 07:53:19.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-24 07:53:06.492
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 8120 MB
Available physical RAM: 5385.98 MB
Total Virtual: 12472 MB
Available Virtual: 9698.38 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:111.24 GB) (Free:41.93 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:363.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
Users shortcut scan result (x64) Version: 21-08-2016 01
Ran by peter-PC (27-08-2016 09:02:32)
Running from D:\Downloads
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\peter-PC\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> D:\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\peter-PC\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> D:\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\peter-PC\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\peter-PC ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk -> D:\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack\Adobe Photoshop CC 2015\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine 3\SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine 3\Uninstall SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Games\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Order Supplies.lnk -> C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Easy Printer Manager.lnk -> C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA PhysX Properties.lnk -> C:\Windows\SysWOW64\PhysX.cpl (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Man's Sky [GOG.com]\Language Selector.lnk -> D:\Games\No Mans Sky\No Man's Sky\LanguageSetup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Man's Sky [GOG.com]\No Man's Sky.lnk -> D:\Games\No Mans Sky\No Man's Sky\Binaries\NMS.exe (Hello Games)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Man's Sky [GOG.com]\Uninstall No Man's Sky.lnk -> D:\Games\No Mans Sky\No Man's Sky\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Nástroje balíka Office 2013\Centrum ukladania na servery Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Nástroje balíka Office 2013\Database Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Nástroje balíka Office 2013\Denník telemetrie pre balík Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Nástroje balíka Office 2013\Jazykové predvoľby balíka Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Nástroje balíka Office 2013\Spreadsheet Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Nástroje balíka Office 2013\Tabuľa telemetrie pre balík Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> D:\Games\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Banking & Payment protection.lnk -> C:\Program Files\ESET\ESET Smart Security\ecmd.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk -> C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk -> C:\Program Files\ESET\ESET Smart Security\SysInspector.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DZLauncher\DZLauncher.lnk -> D:\DZLauncher\DayZLauncher.exe (Maca134)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> D:\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer 11\Ashampoo WinOptimizer 11  .lnk -> D:\Win Optimizer\Ashampoo WinOptimizer 11\WO11.exe (Ashampoo Development GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-304
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\Links\Desktop.lnk -> C:\Users\peter-PC\Desktop ()
Shortcut: C:\Users\peter-PC\Links\Downloads.lnk -> D:\Downloads ()
Shortcut: C:\Users\peter-PC\Documents\Heroes of the Storm\T_39288554_889@2.lnk -> C:\Users\peter-PC\Documents\Heroes of the Storm\Accounts\401113738\2-Hero-1-500031 ()
Shortcut: C:\Users\peter-PC\Documents\Euro Truck Simulator 2\readme.rtf.lnk -> D:\Games\ETS 2\readme.rtf (No File)
Shortcut: C:\Users\peter-PC\Documents\American Truck Simulator\readme.rtf.lnk -> D:\Games\American Truck Simulator by xatab\American Truck Simulator\readme.rtf (No File)
Shortcut: C:\Users\peter-PC\Desktop\Euro Truck Simulator 2 (x64).lnk -> D:\Games\[R.G. Mechanics] Euro Truck Simulator 2\Euro Truck Simulator 2\bin\win_x64\launcher64.exe ()
Shortcut: C:\Users\peter-PC\Desktop\Firewatch.lnk -> D:\Games\Firewatch\Firewatch\Firewatch.exe ()
Shortcut: C:\Users\peter-PC\Desktop\Grow Up.lnk -> D:\Games\Grow Up\GrowUP.exe ()
Shortcut: C:\Users\peter-PC\Desktop\LIMBO.lnk -> D:\Games\Limbo\limbo.exe (Playdead)
Shortcut: C:\Users\peter-PC\Desktop\Origin.exe.lnk -> D:\Games\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\peter-PC\Desktop\Play Batman Win8.lnk -> D:\Games\Buttman\Telltale\Batman Telltale\Batman_win8.exe (Telltale Games)
Shortcut: C:\Users\peter-PC\Desktop\Spotify.lnk -> C:\Users\peter-PC\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\peter-PC\Desktop\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\peter-PC\Desktop\µTorrent.lnk -> C:\Users\peter-PC\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\LIMBO.lnk -> D:\Games\Limbo\limbo.exe (Playdead)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\peter-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\peter-PC\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-304
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668\2-click run\SpyHunter v4.22.8.4668\Spy Hunter 4.lnk -> D:\SpyHunter v4.22.8.4668 (2-click run)\SpyHunter4.exe (No File)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO\Desintalar LIMBO.lnk -> D:\Games\Limbo\Desintalar.exe ()
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye\Uninstall BattlEye.lnk -> D:\Games\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe ()
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye\Uninstall BattlEye.lnk -> D:\Games\Steam\steamapps\common\Arma 2\BattlEye\UnInstallBE.exe ()
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run\SpyHunter v4.22.8.4668\Spy Hunter 4.lnk -> D:\SpyHunter v4.22.8.4668 (2-click run)\SpyHunter4.exe (No File)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Origin.exe.lnk -> D:\Games\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Users\peter-PC\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk -> D:\Games\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\peter-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Origin.exe.lnk -> D:\Games\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\peter-PC\AppData\Local\NVIDIA Corporation\Shield Apps\Evolve Stage 2.lnk -> D:\Games\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe (Turtle Rock Studios, Inc.)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\GFWLive\Logs\InstallLog.lnk -> C:\Users\peter-PC\AppData\Local\Microsoft\GFWLive\Install\Logs ()
Shortcut: C:\Users\peter-PC\AppData\Local\Microsoft\GFWLive\Install\Logs\ClientLog.lnk -> C:\Users\peter-PC\AppData\Local\Microsoft\GFWLive\Logs ()
Shortcut: C:\Users\Public\Desktop\Ashampoo WinOptimizer 11.lnk -> D:\Win Optimizer\Ashampoo WinOptimizer 11\WO11.exe (Ashampoo Development GmbH & Co. KG)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> D:\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Battlefield 3.lnk -> D:\Games\Origin\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Public\Desktop\Bioshock Infinite.lnk -> D:\Games\Bioshock Infinite\Mr DJ\Bioshock Infinite\Binaries\Win32\BioShockInfinite.exe (Irrational Games)
Shortcut: C:\Users\Public\Desktop\DZLauncher.lnk -> D:\DZLauncher\DayZLauncher.exe (Maca134)
Shortcut: C:\Users\Public\Desktop\FIFA 16 Demo.lnk -> D:\Games\Origin\FIFA 16 DEMO\fifa16_demo.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Heroes of the Storm.lnk -> D:\Games\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\League of Legends.lnk -> D:\Games\LoL\lol.launcher.exe ()
Shortcut: C:\Users\Public\Desktop\Medal of Honor Pacific Assault™.lnk -> D:\Games\Origin\Medal of Honor Pacific Assault\mohpa.exe (Electronic Arts Inc.)
Shortcut: C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk -> D:\Games\Origin\Need for Speed™ Most Wanted\NFS13.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\No Man's Sky.lnk -> D:\Games\No Mans Sky\No Man's Sky\Binaries\NMS.exe (Hello Games)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe ()
 
 
 
 
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\peter-PC\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Man's Sky [GOG.com]\Documents\Support.url -> URL: hxxp://www.gog.com/support/no_mans_sky
InternetURL: C:\Users\peter-PC\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\peter-PC\Desktop\Arma 2 DayZ Mod.url -> URL: steam://rungameid/224580
InternetURL: C:\Users\peter-PC\Desktop\Arma 2 Operation Arrowhead.url -> URL: steam://rungameid/33930
InternetURL: C:\Users\peter-PC\Desktop\Arma 2.url -> URL: steam://rungameid/33910
InternetURL: C:\Users\peter-PC\Desktop\Batman Arkham Origins.url -> URL: steam://rungameid/209000
InternetURL: C:\Users\peter-PC\Desktop\Contagion.url -> URL: steam://rungameid/238430
InternetURL: C:\Users\peter-PC\Desktop\Counter-Strike Global Offensive.url -> URL: steam://rungameid/730
InternetURL: C:\Users\peter-PC\Desktop\Evolve Stage 2.url -> URL: steam://rungameid/273350
InternetURL: C:\Users\peter-PC\Desktop\Garry's Mod.url -> URL: steam://rungameid/4000
InternetURL: C:\Users\peter-PC\Desktop\Lead and Gold - Gangs of the Wild West.url -> URL: steam://rungameid/42120
InternetURL: C:\Users\peter-PC\Desktop\Lovely Planet.url -> URL: steam://rungameid/298600
InternetURL: C:\Users\peter-PC\Desktop\Montaro.url -> URL: steam://rungameid/495890
InternetURL: C:\Users\peter-PC\Desktop\PAYDAY 2.url -> URL: steam://rungameid/218620
InternetURL: C:\Users\peter-PC\Desktop\Prince of Persia Sands of Time.url -> URL: uplay://launch/111/0
InternetURL: C:\Users\peter-PC\Desktop\Rise of the Tomb Raider.url -> URL: steam://rungameid/391220
InternetURL: C:\Users\peter-PC\Desktop\Rocket League.url -> URL: steam://rungameid/252950
InternetURL: C:\Users\peter-PC\Desktop\The Expendabros.url -> URL: steam://rungameid/312990
 
==================== End of Shortcut.txt =============================
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 27 August 2016 - 08:32 AM

Hi Skkarlos :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Malwarebytes updated their definitions this week to take care of that infection. Simply running it and quarantining the threat it detects should be enough. Follow the instructions below please.

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Once done we'll grab a new pair of FRST logs to see if Malwarebytes indeed took care of that infection.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
Your next reply should include:
  • Copy/pasted content of the Malwarebytes clean log;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Skkarlos

Skkarlos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 27 August 2016 - 11:05 AM

Hi. Thank you for your Amazing reply. I think this problem might be fixed after that Malwarebyte cleaner. I scanned my Pc and i found that malware. I had to restart my Pc and no pop up occured. Not even that fast cmd to restart that malware. I will come back tomorrow if something happens and i will give you clean logs, however for now Its ok. Thank you for now!



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 27 August 2016 - 11:38 AM

No problem Skkarlos, I'll be waiting :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Skkarlos

Skkarlos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 August 2016 - 01:52 AM

Ok, am back after 1 Day and all i can say that this problem was solved! Everyone who wants to fix this pop-up just install malwarebyte software for scanning and it will immediately find the virus. Thanks for your help Aura!



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 29 August 2016 - 06:28 AM

No problem Skkarlos :) We'll just run a FRST fix to remove the remnants of SpyHunter that are left on your system. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    S2 SpyHunter 4 Service; C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    
    C:\Program Files (x86)\Enigma Software Group
    C:\Users\peter-PC\AppData\Local\238010
    C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668
    C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run\SpyHunter v4.22.8.4668
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Skkarlos

Skkarlos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 August 2016 - 08:29 AM

Hi. Thanks for the warning! Here are the Logs you asked for!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2016
Ran by peter-PC (29-08-2016 15:25:58) Run:3
Running from D:\Downloads
Loaded Profiles: peter-PC (Available Profiles: peter-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
S2 SpyHunter 4 Service; C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
C:\Program Files (x86)\Enigma Software Group
C:\Users\peter-PC\AppData\Local\238010
C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668
C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run\SpyHunter v4.22.8.4668
 
EmptyTemp:
*****************
 
Processes closed successfully.
Error: (0) Failed to create a restore point.
SpyHunter 4 Service => service removed successfully
esgiguard => service removed successfully
"C:\Program Files (x86)\Enigma Software Group" => not found.
C:\Users\peter-PC\AppData\Local\238010 => moved successfully
C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668 => moved successfully
C:\Users\peter-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run\SpyHunter v4.22.8.4668 => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12705505 B
Java, Flash, Steam htmlcache => 95127150 B
Windows/system/drivers => 602 B
Edge => 34987974 B
Chrome => 372729747 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3282 B
NetworkService => 0 B
peter-PC => 40573988 B
 
RecycleBin => 0 B
EmptyTemp: => 530.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:26:01 ====


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 29 August 2016 - 08:57 AM

The fix went through without a hitch! Since I didn't see anything else in your logs that requires attention, and you confirmed that the Sd-steam.info pop-ups are gone, it looks like we're done here :) We'll simply run DelFix to delete the tools and logs that were used during this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and dqVs5wj.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on BleepingComputer and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Skkarlos

Skkarlos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 August 2016 - 11:46 AM

No. Thank you very much for your fast and amazing help. If something happens or my friend is having any problems i will definitely tell them about you! Thank you very much Again!



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 29 August 2016 - 11:47 AM

No problem Skkarlos, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 29 August 2016 - 11:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users