Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Com Surrogate opening and closing, downloading viruses after deletion


  • This topic is locked This topic is locked
214 replies to this topic

#1 Sackboy90210

Sackboy90210

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 28 September 2016 - 04:51 PM

Hi I've been facing a problem for quite a while now. There's this virus called Ozics which opens a few cases of internet explorer in the background secretly which causes some lag, a few Microsoft Registery servers, adobe flash installation stuff, and COM Surrogate. I'm guessing the COM Surrogate is the part where the viruses keep getting re-installed even after they have been completely eradicated. I've scanned my computer using your required software and here are the logs. I really need serious help, this virus hasn't left me alone for months and keeps on slowing down my computer.
 
I use Windows 7 Professional.
 
I've uploaded the FRST.txt and Addition.txt files and I'm hoping for a quick response.
Thank you in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016
Ran by S C (administrator) on SC-PC (29-09-2016 00:41:52)
Running from C:\Users\S C\Desktop
Loaded Profiles: S C (Available Profiles: S C & fbwuser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hammer & Chisel, Inc.) C:\Users\S C\AppData\Local\Discord\app-0.0.296\Discord.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hammer & Chisel, Inc.) C:\Users\S C\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\S C\AppData\Local\Discord\app-0.0.296\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16333856 2009-07-08] (NVIDIA Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [595616 2016-04-21] (Razer Inc.)
HKLM-x32\...\Run: [ConnectionInformer] => C:\Windows\TEMP\temp2800237468.exe <===== ATTENTION
HKLM-x32\...\Run: [CrashReportNotifyer] => C:\Windows\TEMP\temp3177584966.exe <===== ATTENTION
HKLM-x32\...\Run: [TimeUpdater] => C:\Windows\TEMP\temp3618274086.exe <===== ATTENTION
HKLM-x32\...\Run: [CrashReportChecker] => C:\Windows\TEMP\ad2Host.exe <===== ATTENTION
HKLM-x32\...\Run: [CrashReportUpdater] => C:\Windows\TEMP\adsl32.exe <===== ATTENTION
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [50899640 2016-08-07] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd)
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Run: [Discord] => C:\Users\S C\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Run: [URNmedia] => C:\Windows\SysWOW64\regsvr32.exe "C:\Users\S C\AppData\Local\Ozics\rrzcyssl.dll"
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Run: [Adjworks] => regsvr32.exe "C:\Users\S C\AppData\Local\Adjworks\ttwvundh.dll" <===== ATTENTION
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\MountPoints2: {d9f2e61a-407d-11e2-9848-00235a679419} - F:\Launcher.exe -a
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-03-24] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * aswBoot.exe /M:1795e903be /wow /dir:"C:\Program Files\AVAST Software\Avast"bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2481340648-414227278-1064221337-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{01B76C58-B9EF-40A9-8491-E62CA1BC36DF}: [NameServer] 173.244.211.97,8.8.8.8
Tcpip\..\Interfaces\{5F4041D6-7756-40A6-85B6-C1F35095F493}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{726F1586-05A1-4399-8335-8DF65C8B4145}: [DhcpNameServer] 10.8.0.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2481340648-414227278-1064221337-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2481340648-414227278-1064221337-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2481340648-414227278-1064221337-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO: No Name -> {8AA9D21C-D614-48D0-BD3E-6FCC7C469B1D} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\S C\AppData\Roaming\Mozilla\Firefox\Profiles\kr8fs53t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-2481340648-414227278-1064221337-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\S C\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Extension: (PSFactoryBuffer) - C:\Users\S C\AppData\Roaming\Mozilla\Firefox\Profiles\kr8fs53t.default\Extensions\{6ED7F8A4-7544-6B09-F29B-9886C214B9B8} [2016-06-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-26] [not signed]
FF HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.sa/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://www.mysites123.com/?type=hp&ts=1454041391&z=8ed48b44d75984cdbebb5b9g2z7wfz1e9z3gacftdg&from=amt&uid=wdcxwd3200bevt-22zct0_wd-wxez08t6504765047"
CHR Profile: C:\Users\S C\AppData\Local\Google\Chrome\User Data\Default [2016-09-29]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\S C\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-09-05]
CHR Extension: (Google Hangouts) - C:\Users\S C\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\S C\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\S C\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2015-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\S C\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Profile: C:\Users\S C\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-08-05]
CHR Profile: C:\Users\S C\AppData\Local\Google\Chrome\User Data\System Profile [2016-08-05]
StartMenuInternet: Google Chrome.T7ILP5ORY2KOCELYHCLVC7HS2M - c:\users\s c\appdata\local\google\chrome\application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1807608 2009-08-05] (AuthenTec, Inc.)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-12-07] (Macrovision Europe Ltd.) [File not signed]
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-19] (Hi-Rez Studios) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2016-01-06] (SurfRight B.V.)
S4 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-09-15] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [65176 2016-04-08] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5231048 2016-04-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S3 VSStandardCollectorService140; "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-09-09] (The OpenVPN Project)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-06-04] (AnchorFree Inc.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-26] (Malwarebytes)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0124.sys [38432 2016-07-11] (SoftEther Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51224 2016-04-07] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 SEE; C:\Windows\System32\drivers\see.sys [50208 2016-04-23] (SoftEther Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [40216 2015-09-30] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [163096 2015-09-30] (TheGreenBow)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 00:41 - 2016-09-29 00:42 - 00020996 _____ C:\Users\S C\Desktop\FRST.txt
2016-09-29 00:41 - 2016-09-29 00:41 - 02404352 _____ (Farbar) C:\Users\S C\Desktop\FRST64.exe
2016-09-29 00:41 - 2016-09-29 00:41 - 00000000 ____D C:\FRST
2016-09-24 19:07 - 2016-09-24 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naturalsoft
2016-09-24 19:07 - 2016-09-24 19:07 - 00000000 ____D C:\Program Files (x86)\Naturalsoft
2016-09-24 19:06 - 2016-09-24 19:06 - 00000000 ____D C:\Users\S C\AppData\Local\Downloaded Installations
2016-09-24 18:21 - 2016-09-24 18:21 - 00000000 ____D C:\Users\S C\AppData\Local\HirezLauncherUI
2016-09-24 18:16 - 2016-09-24 18:23 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-09-24 18:16 - 2016-09-24 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-09-24 18:15 - 2016-09-28 21:22 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-09-23 00:25 - 2016-09-23 00:25 - 00000000 ____D C:\Users\S C\AppData\Roaming\Adobe
2016-09-23 00:25 - 2016-09-23 00:25 - 00000000 ____D C:\Users\S C\AppData\Local\Adobe
2016-09-23 00:25 - 2016-09-23 00:25 - 00000000 ____D C:\ProgramData\Adobe
2016-09-21 09:32 - 2016-08-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-21 09:32 - 2016-08-05 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-21 09:17 - 2016-09-22 07:00 - 00059753 _____ C:\Users\S C\AppData\Roaming\Practician.W
2016-09-20 15:34 - 2016-09-20 15:34 - 00059086 _____ C:\Users\S C\AppData\Roaming\college.cvu
2016-09-20 15:34 - 2016-09-20 15:34 - 00000667 _____ C:\Users\S C\AppData\Roaming\sudor.hyf
2016-09-17 12:02 - 2016-09-02 18:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-17 12:02 - 2016-09-02 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-17 12:02 - 2016-09-02 18:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-17 12:02 - 2016-09-02 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-17 12:02 - 2016-09-02 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-17 12:02 - 2016-09-02 18:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-17 12:02 - 2016-09-02 18:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-17 12:02 - 2016-09-02 18:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-17 12:02 - 2016-09-02 18:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 18:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-17 12:02 - 2016-09-02 18:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-17 12:02 - 2016-09-02 18:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-17 12:02 - 2016-09-02 18:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-17 12:02 - 2016-09-02 17:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-17 12:02 - 2016-09-02 17:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-17 12:02 - 2016-09-02 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-17 12:02 - 2016-09-02 17:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-17 12:02 - 2016-09-02 17:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-17 12:02 - 2016-09-02 17:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-17 12:02 - 2016-09-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-17 12:02 - 2016-09-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-17 12:02 - 2016-09-02 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-17 12:02 - 2016-09-02 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-17 12:02 - 2016-09-02 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-17 12:02 - 2016-09-02 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-17 12:02 - 2016-09-02 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-17 12:02 - 2016-09-02 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-17 12:02 - 2016-09-02 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-17 12:02 - 2016-09-01 22:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-17 12:02 - 2016-09-01 21:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-17 12:02 - 2016-09-01 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-17 12:02 - 2016-09-01 06:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-17 12:02 - 2016-09-01 05:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-17 12:02 - 2016-09-01 05:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-17 12:02 - 2016-09-01 05:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-17 12:02 - 2016-09-01 05:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-17 12:02 - 2016-09-01 05:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-17 12:02 - 2016-09-01 05:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-17 12:02 - 2016-09-01 05:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-17 12:02 - 2016-09-01 05:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-17 12:02 - 2016-09-01 05:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-17 12:02 - 2016-09-01 05:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-17 12:02 - 2016-09-01 05:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-17 12:02 - 2016-09-01 05:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-17 12:02 - 2016-09-01 05:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-17 12:02 - 2016-09-01 04:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-17 12:02 - 2016-09-01 04:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-17 12:02 - 2016-09-01 04:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-17 12:02 - 2016-09-01 04:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-17 12:02 - 2016-09-01 04:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-17 12:02 - 2016-09-01 04:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-17 12:02 - 2016-09-01 04:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-17 12:02 - 2016-09-01 04:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-17 12:02 - 2016-09-01 04:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-17 12:02 - 2016-09-01 04:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-17 12:02 - 2016-09-01 04:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-17 12:02 - 2016-09-01 04:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-17 12:02 - 2016-09-01 03:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-17 12:02 - 2016-09-01 03:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-17 12:02 - 2016-09-01 03:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-17 12:02 - 2016-09-01 03:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-17 12:02 - 2016-09-01 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-17 12:02 - 2016-09-01 03:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-17 12:02 - 2016-09-01 03:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-17 12:02 - 2016-09-01 03:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-17 12:02 - 2016-09-01 03:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-17 12:02 - 2016-09-01 03:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-17 12:02 - 2016-09-01 03:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-17 12:02 - 2016-09-01 03:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-17 12:02 - 2016-09-01 03:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-17 12:02 - 2016-09-01 03:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-17 12:02 - 2016-09-01 03:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-17 12:02 - 2016-09-01 03:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-17 12:02 - 2016-09-01 03:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-17 12:02 - 2016-09-01 03:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-17 12:02 - 2016-09-01 03:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-17 12:02 - 2016-09-01 03:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-17 12:02 - 2016-09-01 03:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-17 12:02 - 2016-09-01 02:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-17 12:02 - 2016-09-01 02:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-17 12:02 - 2016-09-01 02:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-17 12:02 - 2016-09-01 02:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-17 12:02 - 2016-09-01 02:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-17 12:02 - 2016-09-01 02:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-17 12:02 - 2016-09-01 02:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-17 12:02 - 2016-09-01 02:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-17 12:02 - 2016-09-01 02:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-17 12:02 - 2016-09-01 02:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-17 12:02 - 2016-09-01 02:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-17 12:02 - 2016-09-01 02:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-17 12:02 - 2016-09-01 02:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-17 12:02 - 2016-09-01 02:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-17 12:02 - 2016-09-01 01:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-17 12:02 - 2016-09-01 01:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-17 12:02 - 2016-08-12 19:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-17 12:02 - 2016-08-12 19:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-17 12:02 - 2016-08-12 19:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-17 12:02 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-17 12:02 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-17 12:02 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-17 12:02 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-17 12:02 - 2016-07-01 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-17 12:02 - 2016-07-01 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-17 12:02 - 2016-07-01 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-17 12:02 - 2016-07-01 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-17 12:02 - 2016-06-06 19:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-17 12:02 - 2016-06-06 19:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-17 12:02 - 2016-06-06 19:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-17 12:02 - 2016-06-06 19:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-17 12:02 - 2016-06-06 18:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-17 12:02 - 2016-06-06 18:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-17 12:02 - 2016-06-06 18:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-17 12:02 - 2016-06-06 18:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-17 12:02 - 2016-05-14 01:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-17 12:02 - 2016-05-14 01:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-17 12:02 - 2016-05-14 01:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-17 12:02 - 2016-05-14 01:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-17 12:02 - 2016-05-14 00:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-17 12:02 - 2016-05-14 00:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-17 12:02 - 2016-05-14 00:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-17 12:02 - 2016-05-14 00:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-17 12:02 - 2016-05-14 00:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-17 12:02 - 2016-05-14 00:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-17 12:02 - 2016-05-14 00:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-17 12:02 - 2016-05-14 00:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-17 12:02 - 2016-05-14 00:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-17 12:02 - 2016-05-14 00:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-17 12:02 - 2016-05-14 00:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-17 12:02 - 2016-05-14 00:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-17 12:02 - 2016-05-12 20:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-17 12:02 - 2016-05-12 18:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-17 12:02 - 2016-05-12 18:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-17 12:02 - 2016-05-04 20:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-17 12:02 - 2016-05-04 20:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-17 12:02 - 2016-05-04 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-17 12:02 - 2016-05-04 20:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-17 12:02 - 2016-05-04 20:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-17 12:02 - 2016-05-04 20:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-17 12:02 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-17 12:02 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-17 12:02 - 2016-05-04 20:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-17 12:02 - 2016-05-04 20:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-17 12:02 - 2016-05-04 18:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-17 12:02 - 2016-05-04 17:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-17 12:01 - 2016-08-16 20:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-17 12:01 - 2016-08-16 05:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-17 12:01 - 2016-08-16 05:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-17 11:58 - 2016-08-06 18:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-17 11:58 - 2016-08-06 18:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-11 00:58 - 2016-09-11 00:58 - 00000000 _____ C:\Windows\miscreants
2016-09-02 16:16 - 2016-09-02 16:16 - 00077824 _____ (Embarcadero Technologies, Inc.) C:\Users\S C\AppData\Roaming\Nwiz.dll
2016-09-01 19:18 - 2016-09-12 17:19 - 00000000 ____D C:\Users\S C\BrawlhallaReplays
2016-09-01 19:07 - 2016-09-01 19:07 - 00000000 ____D C:\Users\S C\AppData\Roaming\BrawlhallaAir
2016-09-01 04:52 - 2016-09-01 04:52 - 00060200 _____ C:\Users\S C\AppData\Roaming\bow.tar.gz
2016-08-30 10:55 - 2016-08-30 10:55 - 00000000 ____D C:\Users\S C\Documents\SavedGames
2016-08-30 08:32 - 2016-08-30 08:32 - 00000000 ____D C:\Users\S C\Documents\League of Legends
2016-08-30 08:24 - 2016-08-30 08:24 - 00000000 ____D C:\Users\S C\AppData\Roaming\LolClient

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 00:40 - 2016-04-23 10:24 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-09-29 00:34 - 2013-02-23 02:42 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{04DCA6C6-288B-41E7-BC6E-7840DF254DCA}
2016-09-29 00:28 - 2015-09-18 09:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-28 23:52 - 2013-02-23 02:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-28 21:40 - 2009-07-14 07:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-28 21:40 - 2009-07-14 07:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-28 21:26 - 2016-02-19 21:27 - 00007611 _____ C:\Users\S C\AppData\Local\Resmon.ResmonCfg
2016-09-28 21:24 - 2015-06-30 22:35 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-28 21:23 - 2015-09-18 09:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-28 21:22 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-28 17:28 - 2013-02-23 01:54 - 00000000 ____D C:\Users\S C\AppData\Local\CrashDumps
2016-09-28 14:32 - 2015-09-18 17:59 - 00000132 _____ C:\Users\S C\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-28 10:11 - 2016-05-07 08:55 - 00004788 _____ C:\Users\S C\AppData\Roaming\SpeedRunnersLog.txt
2016-09-27 21:55 - 2013-05-21 20:01 - 00000000 ____D C:\Users\S C\AppData\Roaming\.minecraft
2016-09-27 03:57 - 2016-08-06 05:28 - 10407600 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-26 22:05 - 2016-08-05 11:33 - 00499384 _____ C:\Users\S C\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-26 21:19 - 2015-08-24 09:32 - 00000000 ____D C:\Users\S C\Documents\Bandicam
2016-09-26 21:03 - 2009-07-14 08:13 - 00876082 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-26 21:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-09-26 20:46 - 2013-11-12 02:40 - 00000000 ____D C:\Windows\Minidump
2016-09-26 20:00 - 2016-08-18 14:57 - 00000000 ____D C:\Users\S C\AppData\Roaming\discord
2016-09-26 20:00 - 2015-12-04 22:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-25 21:00 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-09-25 11:41 - 2014-06-21 12:06 - 00000000 ____D C:\Users\S C\Desktop\Mike.K
2016-09-24 18:23 - 2015-02-20 13:03 - 00000000 ____D C:\Users\S C\Documents\My Games
2016-09-24 18:15 - 2012-12-06 23:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-23 07:27 - 2009-07-14 08:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-23 00:48 - 2016-08-07 18:46 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-09-22 18:49 - 2016-08-07 09:06 - 00000002 _____ C:\END
2016-09-18 05:36 - 2014-10-17 15:32 - 00000670 __RSH C:\ProgramData\ntuser.pol
2016-09-18 03:18 - 2013-08-17 14:51 - 00000000 ____D C:\Windows\system32\MRT
2016-09-18 03:01 - 2013-02-16 01:00 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-17 21:27 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-17 05:48 - 2016-01-29 08:40 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-13 06:49 - 2009-07-14 08:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-09-01 19:18 - 2012-12-06 22:51 - 00000000 ____D C:\Users\S C

==================== Files in the root of some directories =======

2016-06-17 09:54 - 2016-06-17 09:54 - 0000044 _____ () C:\Users\S C\AppData\Roaming\.gitignore
2016-06-17 09:54 - 2016-06-17 09:54 - 0000889 _____ () C:\Users\S C\AppData\Roaming\1.gif
2016-06-17 09:54 - 2016-06-17 09:54 - 0004570 _____ () C:\Users\S C\AppData\Roaming\1047x576black.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000202 _____ () C:\Users\S C\AppData\Roaming\11.gif
2016-06-17 09:54 - 2016-06-17 09:54 - 0000210 _____ () C:\Users\S C\AppData\Roaming\12.gif
2016-06-17 09:54 - 2016-06-17 09:54 - 0000640 _____ () C:\Users\S C\AppData\Roaming\15.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000524 _____ () C:\Users\S C\AppData\Roaming\159 dk orange bl 2.ADO
2016-06-17 09:54 - 2016-06-17 09:54 - 0000524 _____ () C:\Users\S C\AppData\Roaming\159 dk orange bl 3.ADO
2016-06-17 09:54 - 2016-06-17 09:54 - 0001779 _____ () C:\Users\S C\AppData\Roaming\16ps.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0001400 _____ () C:\Users\S C\AppData\Roaming\16_9-frame-image-mask.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0001197 _____ () C:\Users\S C\AppData\Roaming\19.svg
2016-06-17 09:54 - 2016-06-17 09:54 - 0002820 _____ () C:\Users\S C\AppData\Roaming\203x8subpicture.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0001053 _____ () C:\Users\S C\AppData\Roaming\21.svg
2016-06-17 09:54 - 2016-06-17 09:54 - 0001274 _____ () C:\Users\S C\AppData\Roaming\22.svg
2016-06-17 09:54 - 2016-06-17 09:54 - 0002941 _____ () C:\Users\S C\AppData\Roaming\25-unhint-nonlatin.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0001562 _____ () C:\Users\S C\AppData\Roaming\28.svg
2016-06-17 09:54 - 2016-06-17 09:54 - 0003939 _____ () C:\Users\S C\AppData\Roaming\30-metric-aliases.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0001164 _____ () C:\Users\S C\AppData\Roaming\30-urw-aliases.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0000514 _____ () C:\Users\S C\AppData\Roaming\3BSYBS1-DCSA_Alerts_05092015040018.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0001088 _____ () C:\Users\S C\AppData\Roaming\3BSYBS1-DCSA_Alerts_05172015040008.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0000922 _____ () C:\Users\S C\AppData\Roaming\3BSYBS1-DCSA_Alerts_05182015040025.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0000922 _____ () C:\Users\S C\AppData\Roaming\3BSYBS1-DCSA_Alerts_05192015040011.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0000213 _____ () C:\Users\S C\AppData\Roaming\3BSYBS1_DDVW_ErrLog.txt
2016-06-17 09:54 - 2016-06-17 09:54 - 0000907 _____ () C:\Users\S C\AppData\Roaming\4.gif
2016-06-17 09:54 - 2016-06-17 09:54 - 0000345 _____ () C:\Users\S C\AppData\Roaming\4.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0001305 _____ () C:\Users\S C\AppData\Roaming\401-5.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001218 _____ () C:\Users\S C\AppData\Roaming\401.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001334 _____ () C:\Users\S C\AppData\Roaming\403-13.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001167 _____ () C:\Users\S C\AppData\Roaming\403-14.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001279 _____ () C:\Users\S C\AppData\Roaming\403-15.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001208 _____ () C:\Users\S C\AppData\Roaming\403-9.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001283 _____ () C:\Users\S C\AppData\Roaming\404-1.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001145 _____ () C:\Users\S C\AppData\Roaming\404-10.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001152 _____ () C:\Users\S C\AppData\Roaming\404-13.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001105 _____ () C:\Users\S C\AppData\Roaming\404-5.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001130 _____ () C:\Users\S C\AppData\Roaming\404-9.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0000524 _____ () C:\Users\S C\AppData\Roaming\424 bl 3.ADO
2016-06-17 09:54 - 2016-06-17 09:54 - 0000524 _____ () C:\Users\S C\AppData\Roaming\424 bl 4.ADO
2016-06-17 09:54 - 2016-06-17 09:54 - 0001837 _____ () C:\Users\S C\AppData\Roaming\45-latin.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0000545 _____ () C:\Users\S C\AppData\Roaming\49-sansserif.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0000348 _____ () C:\Users\S C\AppData\Roaming\5.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000967 _____ () C:\Users\S C\AppData\Roaming\5.svg
2016-06-17 09:54 - 2016-06-17 09:54 - 0001224 _____ () C:\Users\S C\AppData\Roaming\500-14.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001197 _____ () C:\Users\S C\AppData\Roaming\500-19.htm
2016-06-17 09:54 - 2016-06-17 09:54 - 0001701 _____ () C:\Users\S C\AppData\Roaming\60-latin.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0000344 _____ () C:\Users\S C\AppData\Roaming\7.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000738 _____ () C:\Users\S C\AppData\Roaming\7.svg
2016-06-17 09:54 - 2016-06-17 09:54 - 0000263 _____ () C:\Users\S C\AppData\Roaming\70-no-bitmaps.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0003401 _____ () C:\Users\S C\AppData\Roaming\78-RKSJ-V
2016-06-17 09:54 - 2016-06-17 09:54 - 0004433 _____ () C:\Users\S C\AppData\Roaming\78ms-RKSJ-V
2016-06-17 09:54 - 2016-06-17 09:54 - 0000357 _____ () C:\Users\S C\AppData\Roaming\8.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000388 _____ () C:\Users\S C\AppData\Roaming\80-delicious.conf
2016-06-17 09:54 - 2016-06-17 09:54 - 0004778 _____ () C:\Users\S C\AppData\Roaming\aboutImage.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0001778 _____ () C:\Users\S C\AppData\Roaming\abstract.title.properties.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0000181 _____ () C:\Users\S C\AppData\Roaming\Accra
2016-06-17 09:54 - 2016-06-17 09:54 - 0001958 _____ () C:\Users\S C\AppData\Roaming\ActionInfo.java
2016-06-17 09:54 - 2016-06-17 09:54 - 0001861 _____ () C:\Users\S C\AppData\Roaming\action_center.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000630 _____ () C:\Users\S C\AppData\Roaming\adcjavas.inc
2016-06-17 09:54 - 2016-06-17 09:54 - 0000623 _____ () C:\Users\S C\AppData\Roaming\adcvbs.inc
2016-06-17 09:54 - 2016-06-17 09:54 - 0000901 _____ () C:\Users\S C\AppData\Roaming\added.txt
2016-06-17 09:54 - 2016-06-17 09:54 - 0002734 _____ () C:\Users\S C\AppData\Roaming\AddedIcon.ico
2016-06-17 09:54 - 2016-06-17 09:54 - 0004055 _____ () C:\Users\S C\AppData\Roaming\additional_tools_detailed_sysinfo_icon.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000065 _____ () C:\Users\S C\AppData\Roaming\Aden
2016-06-17 09:54 - 2016-06-17 09:54 - 0003969 _____ () C:\Users\S C\AppData\Roaming\adjmat.mpl
2016-06-17 09:54 - 2016-06-17 09:54 - 0001074 _____ () C:\Users\S C\AppData\Roaming\admon.textlabel.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0001271 _____ () C:\Users\S C\AppData\Roaming\admonition.title.properties.xml
2016-07-26 19:06 - 2016-07-26 19:06 - 0000132 _____ () C:\Users\S C\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-09-18 17:59 - 2016-09-28 14:32 - 0000132 _____ () C:\Users\S C\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-06-17 09:54 - 2016-06-17 09:54 - 0004034 _____ () C:\Users\S C\AppData\Roaming\Adobe-CNS1-0
2016-06-17 09:54 - 2016-06-17 09:54 - 0004365 _____ () C:\Users\S C\AppData\Roaming\Adobe-CNS1-6
2016-06-17 09:54 - 2016-06-17 09:54 - 0003472 _____ () C:\Users\S C\AppData\Roaming\Adobe-GB1-0
2016-06-17 09:54 - 2016-06-17 09:54 - 0003653 _____ () C:\Users\S C\AppData\Roaming\Adobe-GB1-H-CID
2016-06-17 09:54 - 2016-06-17 09:54 - 0003524 _____ () C:\Users\S C\AppData\Roaming\Adobe-Japan1-1
2016-06-17 09:54 - 2016-06-17 09:54 - 0004077 _____ () C:\Users\S C\AppData\Roaming\Adobe-Japan1-4
2016-06-17 09:54 - 2016-06-17 09:54 - 0004308 _____ () C:\Users\S C\AppData\Roaming\Adobe-Korea1-2
2016-06-17 09:54 - 2016-06-17 09:54 - 0003203 _____ () C:\Users\S C\AppData\Roaming\Adobe-Korea1-H-CID
2015-09-24 13:39 - 2015-12-11 11:39 - 0000033 _____ () C:\Users\S C\AppData\Roaming\AdobeWLCMCache.dat
2016-06-17 09:54 - 2016-06-17 09:54 - 0001733 _____ () C:\Users\S C\AppData\Roaming\AEMTSSVC.PAK
2016-06-17 09:54 - 2016-06-17 09:54 - 0002028 _____ () C:\Users\S C\AppData\Roaming\afiro.mpl
2016-06-17 09:54 - 2016-06-17 09:54 - 0004780 _____ () C:\Users\S C\AppData\Roaming\ai.js
2016-06-17 09:54 - 2016-06-17 09:54 - 0003678 _____ () C:\Users\S C\AppData\Roaming\akilok_blue.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0003703 _____ () C:\Users\S C\AppData\Roaming\akilok_yellow.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000333 _____ () C:\Users\S C\AppData\Roaming\Algiers
2016-06-17 09:54 - 2016-06-17 09:54 - 0002036 _____ () C:\Users\S C\AppData\Roaming\AlienFusionCOM.tlb
2016-06-17 09:54 - 2016-06-17 09:54 - 0004464 _____ () C:\Users\S C\AppData\Roaming\align2.fo
2016-06-17 09:54 - 2016-06-17 09:54 - 0001559 _____ () C:\Users\S C\AppData\Roaming\alignment.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0001036 _____ () C:\Users\S C\AppData\Roaming\Amman
2016-06-17 09:54 - 2016-06-17 09:54 - 0004348 _____ () C:\Users\S C\AppData\Roaming\AMT.zdct
2016-06-17 09:54 - 2016-06-17 09:54 - 0002799 _____ () C:\Users\S C\AppData\Roaming\analyse.cmd
2016-06-17 09:54 - 2016-06-17 09:54 - 0001263 _____ () C:\Users\S C\AppData\Roaming\annotation.graphic.close.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0000698 _____ () C:\Users\S C\AppData\Roaming\annotations.xsl
2016-06-17 09:54 - 2016-06-17 09:54 - 0003244 _____ () C:\Users\S C\AppData\Roaming\api-doc.xml
2015-07-10 16:40 - 2015-07-10 17:10 - 0000020 _____ () C:\Users\S C\AppData\Roaming\appdataFr2.bin
2015-05-15 08:19 - 2015-09-09 15:15 - 0000024 _____ () C:\Users\S C\AppData\Roaming\appdataFr25.bin
2015-03-11 20:06 - 2015-05-14 20:59 - 0000020 _____ () C:\Users\S C\AppData\Roaming\appdataFr3.bin
2016-06-17 09:54 - 2016-06-17 09:54 - 0004387 _____ () C:\Users\S C\AppData\Roaming\appIcon.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0004387 _____ () C:\Users\S C\AppData\Roaming\application_icon.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0002531 _____ () C:\Users\S C\AppData\Roaming\appupdater.exe.config
2016-06-17 09:54 - 2016-06-17 09:54 - 0004930 _____ () C:\Users\S C\AppData\Roaming\app_updater_icon.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0003044 _____ () C:\Users\S C\AppData\Roaming\app_updater_learn_more_footer.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000453 _____ () C:\Users\S C\AppData\Roaming\Aqtobe
2016-06-17 09:54 - 2016-06-17 09:54 - 0001074 _____ () C:\Users\S C\AppData\Roaming\ARA.zdct
2016-06-17 09:54 - 2016-06-17 09:54 - 0000734 _____ () C:\Users\S C\AppData\Roaming\Arabic- README-en
2016-06-17 09:54 - 2016-06-17 09:54 - 0001029 _____ () C:\Users\S C\AppData\Roaming\arbortext.extensions.xml
2016-06-17 09:54 - 2016-06-17 09:54 - 0003045 _____ () C:\Users\S C\AppData\Roaming\archive_active_hovered.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0003017 _____ () C:\Users\S C\AppData\Roaming\archive_inactive_unhovered.png
2016-06-17 09:54 - 2016-06-17 09:54 - 0000144 _____ () C:\Users\S C\AppData\Roaming\arrow.gif
2016-06-17 09:54 - 2016-06-17 09:54 - 0001551 _____ () C:\Users\S C\AppData\Roaming\arrow_left_disabled.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000065 _____ () C:\Users\S C\AppData\Roaming\Asmara
2016-06-17 09:54 - 2016-06-17 09:54 - 0001654 _____ () C:\Users\S C\AppData\Roaming\assert.mi
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\AST4
2016-06-17 09:53 - 2016-06-17 09:53 - 0000182 _____ () C:\Users\S C\AppData\Roaming\AsteroidVertexInput.hlsli
2016-06-17 09:53 - 2016-06-17 09:53 - 0001026 _____ () C:\Users\S C\AppData\Roaming\AsteroidVertexShader.hlsl
2016-06-17 09:53 - 2016-06-17 09:53 - 0001196 _____ () C:\Users\S C\AppData\Roaming\Athens
2016-06-17 09:53 - 2016-06-17 09:53 - 0001740 _____ () C:\Users\S C\AppData\Roaming\atk10.mo
2016-06-17 09:53 - 2016-06-17 09:53 - 0003590 _____ () C:\Users\S C\AppData\Roaming\Attributions.txt
2016-06-17 09:53 - 2016-06-17 09:53 - 0001080 _____ () C:\Users\S C\AppData\Roaming\author.othername.in.middle.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000942 _____ () C:\Users\S C\AppData\Roaming\autoidx-ng.xsl
2016-06-17 09:53 - 2016-06-17 09:53 - 0004943 _____ () C:\Users\S C\AppData\Roaming\aw_main_header.jpg
2016-06-17 09:53 - 2016-06-17 09:53 - 0004036 _____ () C:\Users\S C\AppData\Roaming\axf.xsl
2016-06-17 09:53 - 2016-06-17 09:53 - 0001868 _____ () C:\Users\S C\AppData\Roaming\Azores
2016-06-17 09:53 - 2016-06-17 09:53 - 0003095 _____ () C:\Users\S C\AppData\Roaming\B5pc-V
2016-06-17 09:53 - 2016-06-17 09:53 - 0001432 _____ () C:\Users\S C\AppData\Roaming\back-2.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0002878 _____ () C:\Users\S C\AppData\Roaming\backgroundmon.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001551 _____ () C:\Users\S C\AppData\Roaming\back_disabled.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000844 _____ () C:\Users\S C\AppData\Roaming\Bahia_Banderas
2016-06-17 09:53 - 2016-06-17 09:53 - 0000065 _____ () C:\Users\S C\AppData\Roaming\Bangkok
2016-06-17 09:53 - 2016-06-17 09:53 - 0002978 _____ () C:\Users\S C\AppData\Roaming\basic.css
2016-06-17 09:53 - 2016-06-17 09:53 - 0000702 _____ () C:\Users\S C\AppData\Roaming\batik.NOTICE.txt
2016-06-17 09:53 - 2016-06-17 09:53 - 0000775 _____ () C:\Users\S C\AppData\Roaming\baynote80.js
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BCY green 1.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BCY green 2.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BCY green 3.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0001236 _____ () C:\Users\S C\AppData\Roaming\Berlin
2016-06-17 09:53 - 2016-06-17 09:53 - 0001124 _____ () C:\Users\S C\AppData\Roaming\Bermuda
2016-06-17 09:53 - 2016-06-17 09:53 - 0001171 _____ () C:\Users\S C\AppData\Roaming\bg_black_body.gif
2016-06-17 09:53 - 2016-06-17 09:53 - 0004124 _____ () C:\Users\S C\AppData\Roaming\bibliography.collection.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000911 _____ () C:\Users\S C\AppData\Roaming\bibliography.numbered.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001329 _____ () C:\Users\S C\AppData\Roaming\bibliography.style.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001824 _____ () C:\Users\S C\AppData\Roaming\BitFrequency.mm
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl 172 orange 423 gray.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl 404 WmGray 401 WmGray.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl 409 WmGray 407 WmGray.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl 430 493 557.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl 437 burgundy 127 gold.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl 541 513 5773.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl CG10 CG4 WmG3.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl CG10 WmG3 CG1.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl Cool Gray 10 WmGray 1.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl normal CG9 CG2.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Bl soft CG9 CG2.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000772 _____ () C:\Users\S C\AppData\Roaming\Black - White.act
2016-06-17 09:53 - 2016-06-17 09:53 - 0002063 _____ () C:\Users\S C\AppData\Roaming\blacklist
2016-06-17 09:53 - 2016-06-17 09:53 - 0004726 _____ () C:\Users\S C\AppData\Roaming\BlackRectangle.bmp
2016-06-17 09:53 - 2016-06-17 09:53 - 0000093 _____ () C:\Users\S C\AppData\Roaming\Blanc-Sablon
2016-06-17 09:53 - 2016-06-17 09:53 - 0000100 _____ () C:\Users\S C\AppData\Roaming\blank.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000628 _____ () C:\Users\S C\AppData\Roaming\BlinnShadingInstanced.hlsli
2016-06-17 09:53 - 2016-06-17 09:53 - 0000422 _____ () C:\Users\S C\AppData\Roaming\blocks-spec.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\blue 072 bl 2.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\blue 286 bl 1.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000599 _____ () C:\Users\S C\AppData\Roaming\blue.svg
2016-06-17 09:53 - 2016-06-17 09:53 - 0001190 _____ () C:\Users\S C\AppData\Roaming\blurb.on.titlepage.enabled.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BMC blue 1.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BMC blue 3.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BMC blue 4.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BMY brown 2.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BMY brown 4.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\BMY red 3.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0001234 _____ () C:\Users\S C\AppData\Roaming\body.end.indent.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001036 _____ () C:\Users\S C\AppData\Roaming\body.font.master.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001088 _____ () C:\Users\S C\AppData\Roaming\body.font.size.xml
1990-06-14 10:00 - 1990-06-14 10:00 - 0116863 _____ () C:\Users\S C\AppData\Roaming\Bogey.X
2016-06-17 09:53 - 2016-06-17 09:53 - 0000245 _____ () C:\Users\S C\AppData\Roaming\bool.js
2016-06-17 09:53 - 2016-06-17 09:53 - 0000160 _____ () C:\Users\S C\AppData\Roaming\boolean_double.js
2016-06-17 09:53 - 2016-06-17 09:53 - 0000130 _____ () C:\Users\S C\AppData\Roaming\boolean_single.js
2016-06-17 09:53 - 2016-06-17 09:53 - 0001317 _____ () C:\Users\S C\AppData\Roaming\boot_path_2.png
1989-06-27 10:00 - 1989-06-27 10:00 - 0049946 _____ () C:\Users\S C\AppData\Roaming\Bordure.Kg6
2016-06-17 09:53 - 2016-06-17 09:53 - 0002273 _____ () C:\Users\S C\AppData\Roaming\BouncingBall.msim
2016-09-01 04:52 - 2016-09-01 04:52 - 0060200 _____ () C:\Users\S C\AppData\Roaming\bow.tar.gz
2016-06-17 09:53 - 2016-06-17 09:53 - 0000357 _____ () C:\Users\S C\AppData\Roaming\boxes.svg
2016-06-17 09:53 - 2016-06-17 09:53 - 0001344 _____ () C:\Users\S C\AppData\Roaming\Brass - Polished.3PP
2016-06-17 09:53 - 2016-06-17 09:53 - 0000883 _____ () C:\Users\S C\AppData\Roaming\break.js
2005-04-23 10:00 - 2005-04-23 10:00 - 0004469 _____ () C:\Users\S C\AppData\Roaming\Bronchoscope.rC5
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\brown 464 bl 4.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000077 _____ () C:\Users\S C\AppData\Roaming\Brunei
2016-06-17 09:53 - 2016-06-17 09:53 - 0001564 _____ () C:\Users\S C\AppData\Roaming\Brussels
2016-06-17 09:53 - 2016-06-17 09:53 - 0001596 _____ () C:\Users\S C\AppData\Roaming\brz.fca
2016-06-17 09:53 - 2016-06-17 09:53 - 0002048 _____ () C:\Users\S C\AppData\Roaming\brz.hyp
2016-06-17 09:53 - 2016-06-17 09:53 - 0003934 _____ () C:\Users\S C\AppData\Roaming\brzphon.env
2016-06-17 09:53 - 2016-06-17 09:53 - 0002871 _____ () C:\Users\S C\AppData\Roaming\bt_selected.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0002844 _____ () C:\Users\S C\AppData\Roaming\bt_unselected.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000549 _____ () C:\Users\S C\AppData\Roaming\Buenos_Aires
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\Bujumbura
2011-05-17 10:00 - 2011-05-17 10:00 - 0050405 _____ () C:\Users\S C\AppData\Roaming\Bulldog.C
2016-06-17 09:53 - 2016-06-17 09:53 - 0004776 _____ () C:\Users\S C\AppData\Roaming\burn_in.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000560 _____ () C:\Users\S C\AppData\Roaming\but-next.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000716 _____ () C:\Users\S C\AppData\Roaming\button-highlight.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0004710 _____ () C:\Users\S C\AppData\Roaming\calc.ico
2016-06-17 09:53 - 2016-06-17 09:53 - 0001200 _____ () C:\Users\S C\AppData\Roaming\calendars.properties
2016-06-17 09:53 - 2016-06-17 09:53 - 0001448 _____ () C:\Users\S C\AppData\Roaming\callout.graphics.extension.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000923 _____ () C:\Users\S C\AppData\Roaming\callout.icon.size.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001211 _____ () C:\Users\S C\AppData\Roaming\callout.list.table.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000979 _____ () C:\Users\S C\AppData\Roaming\callout.unicode.font.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001055 _____ () C:\Users\S C\AppData\Roaming\callout.unicode.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001049 _____ () C:\Users\S C\AppData\Roaming\callouts.extension.xml
2015-06-22 08:45 - 2015-06-22 08:45 - 0000051 _____ () C:\Users\S C\AppData\Roaming\Camdata.ini
2015-06-22 08:45 - 2015-06-22 08:45 - 0000408 _____ () C:\Users\S C\AppData\Roaming\CamLayout.ini
2015-06-22 08:45 - 2015-06-22 08:45 - 0000408 _____ () C:\Users\S C\AppData\Roaming\CamShapes.ini
2015-06-22 08:45 - 2015-06-22 08:45 - 0004536 _____ () C:\Users\S C\AppData\Roaming\CamStudio.cfg
2015-06-22 08:26 - 2015-06-22 08:26 - 0000098 _____ () C:\Users\S C\AppData\Roaming\CamStudio.Producer.command
2015-06-22 08:29 - 2015-06-22 08:29 - 0000000 _____ () C:\Users\S C\AppData\Roaming\CamStudio.Producer.Data.ini
2015-06-22 08:29 - 2015-06-22 08:29 - 0001206 _____ () C:\Users\S C\AppData\Roaming\CamStudio.Producer.ini
2016-06-17 09:53 - 2016-06-17 09:53 - 0000085 _____ () C:\Users\S C\AppData\Roaming\Caracas
2016-06-17 09:53 - 2016-06-17 09:53 - 0000736 _____ () C:\Users\S C\AppData\Roaming\Casablanca
2016-06-17 09:53 - 2016-06-17 09:53 - 0000606 _____ () C:\Users\S C\AppData\Roaming\catalog.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001918 _____ () C:\Users\S C\AppData\Roaming\catalogue.xsd
2016-06-17 09:53 - 2016-06-17 09:53 - 0000549 _____ () C:\Users\S C\AppData\Roaming\Catamarca
2016-06-17 09:53 - 2016-06-17 09:53 - 0000743 _____ () C:\Users\S C\AppData\Roaming\caution.gif
2016-06-17 09:53 - 2016-06-17 09:53 - 0000887 _____ () C:\Users\S C\AppData\Roaming\caution.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000528 _____ () C:\Users\S C\AppData\Roaming\cd.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001440 _____ () C:\Users\S C\AppData\Roaming\Ceramics - Gloss Black.3PP
2016-06-17 09:53 - 2016-06-17 09:53 - 0001184 _____ () C:\Users\S C\AppData\Roaming\CET
2016-06-17 09:53 - 2016-06-17 09:53 - 0001780 _____ () C:\Users\S C\AppData\Roaming\cfr.fca
2016-06-17 09:53 - 2016-06-17 09:53 - 0004166 _____ () C:\Users\S C\AppData\Roaming\changebars.xsl
2016-06-17 09:53 - 2016-06-17 09:53 - 0000762 _____ () C:\Users\S C\AppData\Roaming\changelog.txt
2016-06-17 09:53 - 2016-06-17 09:53 - 0003187 _____ () C:\Users\S C\AppData\Roaming\checkbox_checked_normal.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000449 _____ () C:\Users\S C\AppData\Roaming\Choibalsan
2016-06-17 09:53 - 2016-06-17 09:53 - 0000181 _____ () C:\Users\S C\AppData\Roaming\Chongqing
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\Christmas
2014-06-21 12:03 - 2014-06-21 12:03 - 0003072 _____ () C:\Users\S C\AppData\Roaming\chrome-extension.localstorage
2016-06-17 09:53 - 2016-06-17 09:53 - 0000108 _____ () C:\Users\S C\AppData\Roaming\chrome.manifest
2016-06-17 09:53 - 2016-06-17 09:53 - 0001008 _____ () C:\Users\S C\AppData\Roaming\CHT.zdct
2016-06-17 09:53 - 2016-06-17 09:53 - 0001166 _____ () C:\Users\S C\AppData\Roaming\chunk.tocs.and.lots.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001519 _____ () C:\Users\S C\AppData\Roaming\chunker.output.media-type.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001312 _____ () C:\Users\S C\AppData\Roaming\chunker.output.method.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001241 _____ () C:\Users\S C\AppData\Roaming\chunker.output.omit-xml-declaration.xml
2001-07-14 10:00 - 2001-07-14 10:00 - 0003808 _____ () C:\Users\S C\AppData\Roaming\Churchman.Fjs
2016-06-17 09:53 - 2016-06-17 09:53 - 0002910 _____ () C:\Users\S C\AppData\Roaming\CircleSubpicture.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0005101 _____ () C:\Users\S C\AppData\Roaming\circle_blue.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0005072 _____ () C:\Users\S C\AppData\Roaming\circle_glass_Thumbnail.bmp
2016-06-17 09:53 - 2016-06-17 09:53 - 0003634 _____ () C:\Users\S C\AppData\Roaming\circle_red.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0004034 _____ () C:\Users\S C\AppData\Roaming\circle_red_x.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0003878 _____ () C:\Users\S C\AppData\Roaming\Circle_SelectionSubpictureA.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0004007 _____ () C:\Users\S C\AppData\Roaming\circle_yellow.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001039 _____ () C:\Users\S C\AppData\Roaming\citerefentry.link.xml
1986-09-02 10:00 - 1986-09-02 10:00 - 0003576 _____ () C:\Users\S C\AppData\Roaming\Claptrap.4Lr
2016-06-17 09:53 - 2016-06-17 09:53 - 0002846 _____ () C:\Users\S C\AppData\Roaming\clock.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0002962 _____ () C:\Users\S C\AppData\Roaming\close_hover.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\CMYK ext wm.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\Cocos
2016-09-20 15:34 - 2016-09-20 15:34 - 0059086 _____ () C:\Users\S C\AppData\Roaming\college.cvu
2016-06-17 09:53 - 2016-06-17 09:53 - 0001533 _____ () C:\Users\S C\AppData\Roaming\color_mngmt.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000865 _____ () C:\Users\S C\AppData\Roaming\column.count.body.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000956 _____ () C:\Users\S C\AppData\Roaming\column.gap.front.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000944 _____ () C:\Users\S C\AppData\Roaming\column.gap.index.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001090 _____ () C:\Users\S C\AppData\Roaming\CommonMessages_de.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001072 _____ () C:\Users\S C\AppData\Roaming\CommonMessages_en_US.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001266 _____ () C:\Users\S C\AppData\Roaming\compact.list.item.spacing.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001890 _____ () C:\Users\S C\AppData\Roaming\component.title.properties.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001233 _____ () C:\Users\S C\AppData\Roaming\component.titlepage.properties.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0002149 _____ () C:\Users\S C\AppData\Roaming\Compressibility.mm
2016-06-17 09:53 - 2016-06-17 09:53 - 0001551 _____ () C:\Users\S C\AppData\Roaming\computer_diagnostics_2.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001602 _____ () C:\Users\S C\AppData\Roaming\computer_system_media_center.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001118 _____ () C:\Users\S C\AppData\Roaming\computer_tower.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0003457 _____ () C:\Users\S C\AppData\Roaming\config.js
2016-06-17 09:53 - 2016-06-17 09:53 - 0000766 _____ () C:\Users\S C\AppData\Roaming\contact.properties
2016-06-17 09:53 - 2016-06-17 09:53 - 0000106 _____ () C:\Users\S C\AppData\Roaming\CONTRIBUTING.md
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Cool Gray 7 bl 2.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0000524 _____ () C:\Users\S C\AppData\Roaming\Cool Gray 9 bl 2.ADO
2016-06-17 09:53 - 2016-06-17 09:53 - 0001152 _____ () C:\Users\S C\AppData\Roaming\Copenhagen
2016-06-17 09:53 - 2016-06-17 09:53 - 0000867 _____ () C:\Users\S C\AppData\Roaming\copy.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000689 _____ () C:\Users\S C\AppData\Roaming\COPYING_OASIS
2016-06-17 09:53 - 2016-06-17 09:53 - 0004728 _____ () C:\Users\S C\AppData\Roaming\cpu.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000189 _____ () C:\Users\S C\AppData\Roaming\cpu.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0004086 _____ () C:\Users\S C\AppData\Roaming\cpu_cache.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0002284 _____ () C:\Users\S C\AppData\Roaming\cp_modem.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001976 _____ () C:\Users\S C\AppData\Roaming\cp_mouse.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000073 _____ () C:\Users\S C\AppData\Roaming\Creston
2016-06-17 09:53 - 2016-06-17 09:53 - 0004073 _____ () C:\Users\S C\AppData\Roaming\currency.data
2016-06-17 09:53 - 2016-06-17 09:53 - 0001744 _____ () C:\Users\S C\AppData\Roaming\current.docid.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001224 _____ () C:\Users\S C\AppData\Roaming\Currie
2016-06-17 09:53 - 2016-06-17 09:53 - 0002176 _____ () C:\Users\S C\AppData\Roaming\C_Enabled.png
2015-08-13 15:41 - 2015-08-13 15:47 - 0047462 ___SH () C:\Users\S C\AppData\Roaming\d3dx10.exe
2016-06-17 09:53 - 2016-06-17 09:53 - 0000077 _____ () C:\Users\S C\AppData\Roaming\Dakar
2016-06-17 09:53 - 2016-06-17 09:53 - 0002809 _____ () C:\Users\S C\AppData\Roaming\danphon.env
2016-06-17 09:53 - 2016-06-17 09:53 - 0000630 _____ () C:\Users\S C\AppData\Roaming\Darker.alv
2016-06-17 09:53 - 2016-06-17 09:53 - 0000294 _____ () C:\Users\S C\AppData\Roaming\Darker.blw
2016-06-17 09:53 - 2016-06-17 09:53 - 0002625 _____ () C:\Users\S C\AppData\Roaming\data.vec
2016-06-17 09:53 - 2016-06-17 09:53 - 0000512 _____ () C:\Users\S C\AppData\Roaming\data2.cab
2016-06-17 09:53 - 2016-06-17 09:53 - 0002460 _____ () C:\Users\S C\AppData\Roaming\DDVClean.mof
2016-06-17 09:53 - 2016-06-17 09:53 - 0001664 _____ () C:\Users\S C\AppData\Roaming\Default Contours.shc
2016-06-17 09:53 - 2016-06-17 09:53 - 0002212 _____ () C:\Users\S C\AppData\Roaming\default.table.rules.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001003 _____ () C:\Users\S C\AppData\Roaming\defaultProfilerFilter_performance.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000232 _____ () C:\Users\S C\AppData\Roaming\defaults.ini
2016-06-17 09:53 - 2016-06-17 09:53 - 0001336 _____ () C:\Users\S C\AppData\Roaming\Denver
2016-06-17 09:53 - 2016-06-17 09:53 - 0000333 _____ () C:\Users\S C\AppData\Roaming\descript.ion
2016-06-17 09:53 - 2016-06-17 09:53 - 0000033 _____ () C:\Users\S C\AppData\Roaming\description.txt
2016-06-17 09:53 - 2016-06-17 09:53 - 0002472 _____ () C:\Users\S C\AppData\Roaming\dfrg.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001210 _____ () C:\Users\S C\AppData\Roaming\diagnostics_fail.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000250 _____ () C:\Users\S C\AppData\Roaming\diagnostics_queued.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000268 _____ () C:\Users\S C\AppData\Roaming\diagnostics_working.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001274 _____ () C:\Users\S C\AppData\Roaming\dingbat.font.family.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0004481 _____ () C:\Users\S C\AppData\Roaming\display_port.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000065 _____ () C:\Users\S C\AppData\Roaming\Djibouti
2016-06-17 09:53 - 2016-06-17 09:53 - 0000457 _____ () C:\Users\S C\AppData\Roaming\dotted.js
2016-06-17 09:53 - 2016-06-17 09:53 - 0001013 _____ () C:\Users\S C\AppData\Roaming\double.sided.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0002550 _____ () C:\Users\S C\AppData\Roaming\download_6.ico
2016-06-17 09:53 - 2016-06-17 09:53 - 0002550 _____ () C:\Users\S C\AppData\Roaming\download_7.ico
2016-06-17 09:53 - 2016-06-17 09:53 - 0001413 _____ () C:\Users\S C\AppData\Roaming\draft.mode.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001126 _____ () C:\Users\S C\AppData\Roaming\dry-run.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000000 _____ () C:\Users\S C\AppData\Roaming\ds-debug.log
2016-06-17 09:53 - 2016-06-17 09:53 - 0004028 _____ () C:\Users\S C\AppData\Roaming\dsc_faqs_tile.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0004441 _____ () C:\Users\S C\AppData\Roaming\dsc_health_good_tile.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0002318 _____ () C:\Users\S C\AppData\Roaming\dsfksvcs.inf
2016-06-17 09:53 - 2016-06-17 09:53 - 0001861 _____ () C:\Users\S C\AppData\Roaming\dsfroot.inf
2016-06-17 09:53 - 2016-06-17 09:53 - 0001916 _____ () C:\Users\S C\AppData\Roaming\Dublin
2016-06-17 09:53 - 2016-06-17 09:53 - 0000081 _____ () C:\Users\S C\AppData\Roaming\DumontDUrville
2016-06-17 09:53 - 2016-06-17 09:53 - 0000000 _____ () C:\Users\S C\AppData\Roaming\e
1985-04-10 10:00 - 1985-04-10 10:00 - 0049819 _____ () C:\Users\S C\AppData\Roaming\Earmuff.C
2016-06-17 09:53 - 2016-06-17 09:53 - 0001248 _____ () C:\Users\S C\AppData\Roaming\Easter
2016-06-17 09:53 - 2016-06-17 09:53 - 0000923 _____ () C:\Users\S C\AppData\Roaming\eclipse.plugin.id.xml
2008-05-08 10:00 - 2008-05-08 10:00 - 0004736 _____ () C:\Users\S C\AppData\Roaming\Ectocrine.zXe
2016-06-17 09:53 - 2016-06-17 09:53 - 0001896 _____ () C:\Users\S C\AppData\Roaming\Edge.mi
2016-06-17 09:53 - 2016-06-17 09:53 - 0003791 _____ () C:\Users\S C\AppData\Roaming\Edge.mpl
2016-06-17 09:53 - 2016-06-17 09:53 - 0001581 _____ () C:\Users\S C\AppData\Roaming\ehdrv.inf
2016-08-26 01:13 - 2016-08-26 01:13 - 0012193 _____ () C:\Users\S C\AppData\Roaming\eiuxgxes.qrac
2016-06-17 09:53 - 2016-06-17 09:53 - 0000778 _____ () C:\Users\S C\AppData\Roaming\email.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0004264 _____ () C:\Users\S C\AppData\Roaming\en-GB.pak
2016-06-17 09:53 - 2016-06-17 09:53 - 0003719 _____ () C:\Users\S C\AppData\Roaming\engine_glow.jpg
2016-06-17 09:53 - 2016-06-17 09:53 - 0002416 _____ () C:\Users\S C\AppData\Roaming\Entropy.mm
2016-06-17 09:53 - 2016-06-17 09:53 - 0000876 _____ () C:\Users\S C\AppData\Roaming\epid_paramcert.dat
2016-06-17 09:53 - 2016-06-17 09:53 - 0000924 _____ () C:\Users\S C\AppData\Roaming\equation.properties.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0002462 _____ () C:\Users\S C\AppData\Roaming\errorCallBack.c
2016-06-17 09:53 - 2016-06-17 09:53 - 0005054 _____ () C:\Users\S C\AppData\Roaming\errormanager.js
1991-08-01 10:00 - 1991-08-01 10:00 - 0049734 _____ () C:\Users\S C\AppData\Roaming\Escudo.u
2016-08-29 01:01 - 2016-08-29 01:01 - 0006413 _____ () C:\Users\S C\AppData\Roaming\esnguwh.fb
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\EST
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\EST5
2016-06-17 09:53 - 2016-06-17 09:53 - 0004551 _____ () C:\Users\S C\AppData\Roaming\et.pak
2016-06-17 09:53 - 2016-06-17 09:53 - 0003114 _____ () C:\Users\S C\AppData\Roaming\ETHK-B5-V
2016-06-17 09:53 - 2016-06-17 09:53 - 0003397 _____ () C:\Users\S C\AppData\Roaming\EUC-V
2016-06-17 09:53 - 2016-06-17 09:53 - 0001241 _____ () C:\Users\S C\AppData\Roaming\EventList.java
2016-07-10 13:00 - 2016-07-10 18:59 - 0049912 _____ () C:\Users\S C\AppData\Roaming\Evictor.3
2011-01-18 11:00 - 2011-01-18 11:00 - 0049898 _____ () C:\Users\S C\AppData\Roaming\Evocator.F3q
2016-06-17 09:53 - 2016-06-17 09:53 - 0000917 _____ () C:\Users\S C\AppData\Roaming\example.properties.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0002707 _____ () C:\Users\S C\AppData\Roaming\example.xsl
2016-06-17 09:53 - 2016-06-17 09:53 - 0003749 _____ () C:\Users\S C\AppData\Roaming\ExampleAWTViewer.java
2016-06-17 09:53 - 2016-06-17 09:53 - 0001849 _____ () C:\Users\S C\AppData\Roaming\excluded.txt
2016-06-17 09:53 - 2016-06-17 09:53 - 0000071 _____ () C:\Users\S C\AppData\Roaming\external-link.gif
2016-06-17 09:53 - 2016-06-17 09:53 - 0004295 _____ () C:\Users\S C\AppData\Roaming\external.fo
2016-06-17 09:53 - 2016-06-17 09:53 - 0001704 _____ () C:\Users\S C\AppData\Roaming\f1.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0004096 _____ (Microsoft Corporation) C:\Users\S C\AppData\Roaming\F12.dll.mui
2016-06-17 09:53 - 2016-06-17 09:53 - 0001585 _____ () C:\Users\S C\AppData\Roaming\f15.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001349 _____ () C:\Users\S C\AppData\Roaming\f16.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001439 _____ () C:\Users\S C\AppData\Roaming\f20.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001300 _____ () C:\Users\S C\AppData\Roaming\f21.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001289 _____ () C:\Users\S C\AppData\Roaming\f23.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001394 _____ () C:\Users\S C\AppData\Roaming\f25.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001301 _____ () C:\Users\S C\AppData\Roaming\f27.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001358 _____ () C:\Users\S C\AppData\Roaming\f28.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001369 _____ () C:\Users\S C\AppData\Roaming\f29.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001255 _____ () C:\Users\S C\AppData\Roaming\f31.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001542 _____ () C:\Users\S C\AppData\Roaming\f32.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001198 _____ () C:\Users\S C\AppData\Roaming\f34.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001127 _____ () C:\Users\S C\AppData\Roaming\f37.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001194 _____ () C:\Users\S C\AppData\Roaming\f39.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001464 _____ () C:\Users\S C\AppData\Roaming\f4.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001568 _____ () C:\Users\S C\AppData\Roaming\f6.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001515 _____ () C:\Users\S C\AppData\Roaming\f7.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001378 _____ () C:\Users\S C\AppData\Roaming\f8.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001642 _____ () C:\Users\S C\AppData\Roaming\f9.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001627 _____ () C:\Users\S C\AppData\Roaming\fan.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001672 _____ () C:\Users\S C\AppData\Roaming\fan2.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0002684 _____ () C:\Users\S C\AppData\Roaming\faq.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001016 _____ () C:\Users\S C\AppData\Roaming\Faroe
2016-06-17 09:53 - 2016-06-17 09:53 - 0004165 _____ () C:\Users\S C\AppData\Roaming\fast_forward_2.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001007 _____ () C:\Users\S C\AppData\Roaming\feedback.href.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001032 _____ () C:\Users\S C\AppData\Roaming\feedback.with.ids.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001152 _____ () C:\Users\S C\AppData\Roaming\female.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0003276 _____ () C:\Users\S C\AppData\Roaming\Fighter1 Flight Path.mesh
2016-06-17 09:53 - 2016-06-17 09:53 - 0004200 _____ () C:\Users\S C\AppData\Roaming\Fighter2 Flight Path.mesh
2016-06-17 09:53 - 2016-06-17 09:53 - 0002156 _____ () C:\Users\S C\AppData\Roaming\Fighter3 Flight Path.mesh
2016-06-17 09:53 - 2016-06-17 09:53 - 0003332 _____ () C:\Users\S C\AppData\Roaming\Fighter4 Flight Path.mesh
2016-06-17 09:53 - 2016-06-17 09:53 - 0000912 _____ () C:\Users\S C\AppData\Roaming\figure.properties.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000543 _____ () C:\Users\S C\AppData\Roaming\file_sig_verification.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0003405 _____ () C:\Users\S C\AppData\Roaming\finphon.env
2016-06-17 09:53 - 2016-06-17 09:53 - 0003797 _____ () C:\Users\S C\AppData\Roaming\flavormap.properties
2016-06-17 09:53 - 2016-06-17 09:53 - 0004501 _____ () C:\Users\S C\AppData\Roaming\floppy-drive.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0003676 _____ () C:\Users\S C\AppData\Roaming\floppy_disk.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0003917 _____ () C:\Users\S C\AppData\Roaming\floppy_drive.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0004524 _____ () C:\Users\S C\AppData\Roaming\fo.xsl
2016-06-17 09:53 - 2016-06-17 09:53 - 0000122 _____ () C:\Users\S C\AppData\Roaming\foot.js
2016-06-17 09:53 - 2016-06-17 09:53 - 0000905 _____ () C:\Users\S C\AppData\Roaming\footers.on.blank.pages.xml
2000-05-03 10:00 - 2000-05-03 10:00 - 0004561 _____ () C:\Users\S C\AppData\Roaming\FootmanRockaway.V
2016-06-17 09:53 - 2016-06-17 09:53 - 0001791 _____ () C:\Users\S C\AppData\Roaming\footnote.properties.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0001181 _____ () C:\Users\S C\AppData\Roaming\fop1.extensions.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0004202 _____ () C:\Users\S C\AppData\Roaming\forward.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0000887 _____ () C:\Users\S C\AppData\Roaming\forward_long.png
2016-06-17 09:53 - 2016-06-17 09:53 - 0001118 _____ () C:\Users\S C\AppData\Roaming\FRA.zdct
2016-06-17 09:53 - 2016-06-17 09:53 - 0001780 _____ () C:\Users\S C\AppData\Roaming\frn.fca
2016-06-17 09:53 - 2016-06-17 09:53 - 0001194 _____ () C:\Users\S C\AppData\Roaming\funcsynopsis.style.xml
2016-08-29 01:01 - 2016-08-29 01:01 - 0005227 _____ () C:\Users\S C\AppData\Roaming\g.dnbn
2016-08-29 01:01 - 2016-08-29 01:01 - 0008629 _____ () C:\Users\S C\AppData\Roaming\g.orw
2016-06-17 09:53 - 2016-06-17 09:53 - 0000046 _____ () C:\Users\S C\AppData\Roaming\g1_1136 x 640 px 144 ppi.IMZ
2016-06-17 09:53 - 2016-06-17 09:53 - 0000046 _____ () C:\Users\S C\AppData\Roaming\g1_1366 x 768 px 72 ppi.IMZ
2010-05-23 10:00 - 2010-05-23 10:00 - 0004285 _____ () C:\Users\S C\AppData\Roaming\GabelleHaemophiliac.WpH
2016-06-17 09:53 - 2016-06-17 09:53 - 0000077 _____ () C:\Users\S C\AppData\Roaming\Galapagos
2016-06-17 09:53 - 2016-06-17 09:53 - 0000065 _____ () C:\Users\S C\AppData\Roaming\Gambier
2016-06-17 09:53 - 2016-06-17 09:53 - 0004669 _____ () C:\Users\S C\AppData\Roaming\GB-EUC-H
2016-06-17 09:53 - 2016-06-17 09:53 - 0004557 _____ () C:\Users\S C\AppData\Roaming\GB-H
2016-06-17 09:53 - 2016-06-17 09:53 - 0002873 _____ () C:\Users\S C\AppData\Roaming\GBpc-EUC-UCS2
2016-06-17 09:53 - 2016-06-17 09:53 - 0003275 _____ () C:\Users\S C\AppData\Roaming\GBT-EUC-V
2016-06-17 09:53 - 2016-06-17 09:53 - 0003251 _____ () C:\Users\S C\AppData\Roaming\GBT-V
2014-05-19 16:24 - 2014-05-19 16:24 - 0016958 _____ () C:\Users\S C\AppData\Roaming\gcixonr.kmi
2016-06-17 09:53 - 2016-06-17 09:53 - 0002599 _____ () C:\Users\S C\AppData\Roaming\generate.jsx
2016-06-17 09:53 - 2016-06-17 09:53 - 0002698 _____ () C:\Users\S C\AppData\Roaming\generate.legalnotice.link.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000521 _____ () C:\Users\S C\AppData\Roaming\getLayerShape.jsx
2016-06-17 09:53 - 2016-06-17 09:53 - 0001106 _____ () C:\Users\S C\AppData\Roaming\GIF 32 No Dither.irs
2016-06-17 09:53 - 2016-06-17 09:53 - 0001106 _____ () C:\Users\S C\AppData\Roaming\GIF 64 No Dither.irs
2016-06-17 09:53 - 2016-06-17 09:53 - 0001106 _____ () C:\Users\S C\AppData\Roaming\GIF Restrictive.irs
2016-06-17 09:53 - 2016-06-17 09:53 - 0004486 _____ () C:\Users\S C\AppData\Roaming\glib20.mo
2016-06-17 09:53 - 2016-06-17 09:53 - 0001377 _____ () C:\Users\S C\AppData\Roaming\glossary.as.blocks.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000935 _____ () C:\Users\S C\AppData\Roaming\glossterm.width.xml
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT+1
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT+10
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT+3
2016-06-17 09:53 - 2016-06-17 09:53 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT+7
2016-06-17 09:52 - 2016-06-17 09:52 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT-11
2016-06-17 09:52 - 2016-06-17 09:52 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT-14
2016-06-17 09:52 - 2016-06-17 09:52 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT-7
2016-06-17 09:52 - 2016-06-17 09:52 - 0000027 _____ () C:\Users\S C\AppData\Roaming\GMT-8
2016-06-17 09:52 - 2016-06-17 09:52 - 0004621 _____ () C:\Users\S C\AppData\Roaming\GoldRing.png
2016-06-17 09:52 - 2016-06-17 09:52 - 0001728 _____ () C:\Users\S C\AppData\Roaming\Goose_Bay
2016-06-17 09:52 - 2016-06-17 09:52 - 0000518 _____ () C:\Users\S C\AppData\Roaming\goURL_lr_photoshop_dk.csv
2016-06-17 09:52 - 2016-06-17 09:52 - 0000510 _____ () C:\Users\S C\AppData\Roaming\goURL_lr_photoshop_en.csv
2016-06-17 09:52 - 2016-06-17 09:52 - 0000518 _____ () C:\Users\S C\AppData\Roaming\goURL_lr_photoshop_it.csv
2016-06-17 09:52 - 2016-06-17 09:52 - 0000518 _____ () C:\Users\S C\AppData\Roaming\goURL_lr_photoshop_nl.csv
2016-06-17 09:52 - 2016-06-17 09:52 - 0000518 _____ () C:\Users\S C\AppData\Roaming\goURL_lr_photoshop_se.csv
2016-08-29 01:01 - 2016-08-29 01:01 - 0005544 _____ () C:\Users\S C\AppData\Roaming\gpuwor.n
2016-06-17 09:52 - 2016-06-17 09:52 - 0001903 _____ () C:\Users\S C\AppData\Roaming\Graph.mi
2016-06-17 09:52 - 2016-06-17 09:52 - 0003797 _____ () C:\Users\S C\AppData\Roaming\Graph1.mpl
2016-06-17 09:52 - 2016-06-17 09:52 - 0000524 _____ () C:\Users\S C\AppData\Roaming\gray 423 bl very soft.ADO
2016-06-17 09:52 - 2016-06-17 09:52 - 0000524 _____ () C:\Users\S C\AppData\Roaming\gray 423 bl.ADO
2016-06-17 09:52 - 2016-06-17 09:52 - 0000772 _____ () C:\Users\S C\AppData\Roaming\Grayscale.act
2016-06-17 09:52 - 2016-06-17 09:52 - 0000524 _____ () C:\Users\S C\AppData\Roaming\green 349 bl 1.ADO
2013-03-23 10:00 - 2013-03-23 10:00 - 0004298 _____ () C:\Users\S C\AppData\Roaming\Greensward.SD6
1990-04-17 10:00 - 1990-04-17 10:00 - 0049914 _____ () C:\Users\S C\AppData\Roaming\Indagator.RT3
2004-01-27 11:00 - 2004-01-27 11:00 - 0128748 _____ () C:\Users\S C\AppData\Roaming\Introvert.2LG
1994-06-22 10:00 - 1994-06-22 10:00 - 0135268 _____ () C:\Users\S C\AppData\Roaming\Jaundice.hYL
2016-07-20 13:01 - 2016-07-20 19:00 - 0050200 _____ () C:\Users\S C\AppData\Roaming\KnopChignon.tNe
2016-08-29 01:01 - 2016-08-29 01:01 - 0006120 _____ () C:\Users\S C\AppData\Roaming\l.na
2016-08-29 01:01 - 2016-08-29 01:01 - 0049672 _____ () C:\Users\S C\AppData\Roaming\lieeccry.uj
2010-05-05 10:00 - 2010-05-05 10:00 - 0138733 _____ () C:\Users\S C\AppData\Roaming\Magistracy.Xss
1993-08-08 10:00 - 1993-08-08 10:00 - 0003454 _____ () C:\Users\S C\AppData\Roaming\MiaouScran.96C
2016-08-29 01:01 - 2016-08-29 01:01 - 0005227 _____ () C:\Users\S C\AppData\Roaming\mkc.ay
2016-08-29 01:01 - 2016-08-29 01:01 - 0007653 _____ () C:\Users\S C\AppData\Roaming\n.sue
2016-08-29 01:01 - 2016-08-29 01:01 - 0007286 _____ () C:\Users\S C\AppData\Roaming\ngqvfd.xw
2016-08-29 01:01 - 2016-08-29 01:01 - 0012044 _____ () C:\Users\S C\AppData\Roaming\npfeowri.fdiq
2016-09-02 16:16 - 2016-09-02 16:16 - 0077824 _____ (Embarcadero Technologies, Inc.) C:\Users\S C\AppData\Roaming\Nwiz.dll
2011-03-08 11:00 - 2011-03-08 11:00 - 0005303 _____ () C:\Users\S C\AppData\Roaming\OdorRaspatory.6gW
2016-09-21 09:17 - 2016-09-22 07:00 - 0059753 _____ () C:\Users\S C\AppData\Roaming\Practician.W
1989-04-17 10:00 - 1989-04-17 10:00 - 0003371 _____ () C:\Users\S C\AppData\Roaming\PremedAgeratum.W2d
2016-08-29 01:01 - 2016-08-29 01:01 - 0008549 _____ () C:\Users\S C\AppData\Roaming\q.fedv
2016-08-29 01:01 - 2016-08-29 01:01 - 0007653 _____ () C:\Users\S C\AppData\Roaming\q.lrr
2016-08-26 01:13 - 2016-08-26 01:13 - 0049672 _____ () C:\Users\S C\AppData\Roaming\qtgthgyk.ua
2014-11-08 07:42 - 2014-11-08 07:42 - 0023558 _____ () C:\Users\S C\AppData\Roaming\s.fn
2012-11-13 11:00 - 2012-11-13 11:00 - 0049882 _____ () C:\Users\S C\AppData\Roaming\Scruple.2
2011-08-21 10:00 - 2011-08-21 10:00 - 0051797 _____ () C:\Users\S C\AppData\Roaming\Secondo.6
1995-06-23 10:00 - 1995-06-23 10:00 - 0054405 _____ () C:\Users\S C\AppData\Roaming\Shortage.SqY
1987-09-04 10:00 - 1987-09-04 10:00 - 0005141 _____ () C:\Users\S C\AppData\Roaming\ShrinkRegimen.C3j
2016-08-29 01:01 - 2016-08-29 01:01 - 0007284 _____ () C:\Users\S C\AppData\Roaming\slqmnqk.nbku
2016-05-07 08:55 - 2016-09-28 10:11 - 0004788 _____ () C:\Users\S C\AppData\Roaming\SpeedRunnersLog.txt
2016-07-09 23:55 - 2016-07-09 23:55 - 0024845 _____ () C:\Users\S C\AppData\Roaming\spewers.een
2016-07-09 23:55 - 2016-07-09 23:55 - 0025067 _____ () C:\Users\S C\AppData\Roaming\spewers.xky
1989-02-09 11:00 - 1989-02-09 11:00 - 0002893 _____ () C:\Users\S C\AppData\Roaming\Starlight.L
2016-09-20 15:34 - 2016-09-20 15:34 - 0000667 _____ () C:\Users\S C\AppData\Roaming\sudor.hyf
2014-11-29 17:40 - 2014-11-29 17:40 - 0000326 _____ () C:\Users\S C\AppData\Roaming\teuvjs.vrhv
1990-02-25 11:00 - 1990-02-25 11:00 - 0051182 _____ () C:\Users\S C\AppData\Roaming\Toiletry.P
2009-02-12 11:00 - 2009-02-12 11:00 - 0004622 _____ () C:\Users\S C\AppData\Roaming\TrancheParagoge.3sr
2016-08-29 01:01 - 2016-08-29 01:01 - 0005492 _____ () C:\Users\S C\AppData\Roaming\u.sk
2016-07-19 22:51 - 2016-07-19 22:51 - 0025341 _____ () C:\Users\S C\AppData\Roaming\upkeep.fvs
2016-07-19 22:51 - 2016-07-19 22:51 - 0024859 _____ () C:\Users\S C\AppData\Roaming\upkeep.nrj
2016-08-29 01:01 - 2016-08-29 01:01 - 0008461 _____ () C:\Users\S C\AppData\Roaming\vbcofol.uik
1985-04-03 11:00 - 1985-04-03 11:00 - 0003872 _____ () C:\Users\S C\AppData\Roaming\VerbidPop.62E
2015-06-22 08:21 - 2015-06-22 08:21 - 0000096 _____ () C:\Users\S C\AppData\Roaming\version2.xml
1991-04-05 11:00 - 1991-04-05 11:00 - 0049942 _____ () C:\Users\S C\AppData\Roaming\Votary.p
2008-09-15 10:00 - 2008-09-15 10:00 - 0003258 _____ () C:\Users\S C\AppData\Roaming\WeasandMarsh.p
2016-08-29 01:01 - 2016-08-29 01:01 - 0005630 _____ () C:\Users\S C\AppData\Roaming\yqr.max
2016-06-17 09:50 - 2016-06-17 09:50 - 0000164 _____ () C:\Users\S C\AppData\Roaming\_Deco Settings.jsx
2016-03-11 12:57 - 2016-03-11 12:57 - 0001456 _____ () C:\Users\S C\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-11-29 17:40 - 2014-11-29 17:40 - 0001078 _____ () C:\Users\S C\AppData\Local\dpkng.kw
2014-11-08 07:42 - 2014-11-08 07:42 - 0029926 _____ () C:\Users\S C\AppData\Local\eq.sgfp
2016-08-23 20:02 - 2016-08-23 20:02 - 0049672 _____ () C:\Users\S C\AppData\Local\fbbwudfn.jy
2016-08-23 20:02 - 2016-08-23 20:02 - 0012228 _____ () C:\Users\S C\AppData\Local\gchbgoka
2014-11-29 17:40 - 2014-11-29 17:40 - 0000766 _____ () C:\Users\S C\AppData\Local\oivc.xi
2014-11-29 17:40 - 2014-11-29 17:40 - 0000518 _____ () C:\Users\S C\AppData\Local\q.yyso
2016-02-19 21:27 - 2016-09-28 21:26 - 0007611 _____ () C:\Users\S C\AppData\Local\Resmon.ResmonCfg
2014-11-29 17:40 - 2014-11-29 17:40 - 0009062 _____ () C:\Users\S C\AppData\Local\udjc.uk
2015-09-22 12:41 - 2015-09-22 12:41 - 0000003 _____ () C:\Users\S C\AppData\Local\updater.log
2015-09-22 12:41 - 2015-10-22 16:00 - 0000424 _____ () C:\Users\S C\AppData\Local\UserProducts.xml
2012-12-25 01:37 - 2013-06-26 03:19 - 0009869 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\S C\AppData\Local\Temp\utils.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 20:51

==================== End of FRST.txt ============================

Attached Files


Edited by Oh My!, 01 October 2016 - 08:10 AM.


BC AdBot (Login to Remove)

 


#2 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 29 September 2016 - 05:24 AM

9/29/16 5:24 - Update: A new file appeared in C:\Windows\Temp called msdn, it has the same icon as the the previous viruses that have infected me. I won't be deleting it yet until I get instructions on what to do.
 
9/29/16 6:31 PM - Update #2: I also realized that my computer is taking a LOT of time to shut down. Approx 5-6 minutes which really worries me. Starting up is faster o.O
 
9/29/16 9:22 PM - Update #3: Today has been okay. I haven't seen internet explorer open in the background but I haven't deleted anything as well. msdn is still there, I suppose once I start up my computer again they'll launch. I've also seen COM Surrogate popup twice but I couldn't catch a screenshot of it.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2016
Ran by S C (29-09-2016 00:43:50)
Running from C:\Users\S C\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-12-06 19:51:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2481340648-414227278-1064221337-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2481340648-414227278-1064221337-1001 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-2481340648-414227278-1064221337-501 - Limited - Disabled)
S C (S-1-5-21-2481340648-414227278-1064221337-1000 - Administrator - Enabled) => C:\Users\S C

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.5.3 - Suyin Optronics Corp)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AkelPad 4.8.0 (HKLM-x32\...\AkelPad) (Version: 4.8.0 - )
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{903D0F33-D3CF-48D6-967D-84004089428A}) (Version: 4.0.51203.1 - Microsoft Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Aududio 1 (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\fa82fa268a2f160a) (Version: 1.0.0.0 - Aududio 1)
AuthenTec Fingerprint Software (HKLM-x32\...\{6E810309-4B18-4DC4-A383-F0FB830B02B1}) (Version: 8.5.2.3 - AuthenTec, Inc.)
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - English (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
Autodesk Design Review 2010 (HKLM-x32\...\Autodesk Design Review 2010) (Version: 10.0.0.108 - Autodesk, Inc.)
Autodesk Design Review 2010 (x32 Version: 10.0.0.108 - Autodesk, Inc.) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.3.1025 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 2.5.0.263 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Betternet (HKLM-x32\...\Betternet) (Version: - )
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Color Suite v11.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.1 - Red Giant, LLC)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core Temp 1.0 RC8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DJ_AIO_03_F2200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
F2200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Font Validator (HKLM-x32\...\{330A929A-F800-4457-9706-DF19224D9770}) (Version: 1.0.0 - Microsoft)
FontDoctor 10 for Windows (HKLM-x32\...\{DAA4929F-9B85-4C64-9253-8AFAFF94055A}) (Version: 1.0.0 - Extensis)
FormatFactory 2.45 (HKLM-x32\...\FormatFactory) (Version: 2.45 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Game Launcher version 3.2.1.7 (HKLM-x32\...\{31D22D10-7FD2-401B-8AEA-D20A1A9A440E}_is1) (Version: 3.2.1.7 - Eikester)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.47.5133 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{3690900F-85EA-447F-BAD1-5CA25AA9B627}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iFunBox 2014 (v3.4.697.652), iFunbox DevTeam (HKLM-x32\...\iFunBox 2014_is1) (Version: v3.4.697.652 - )
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
Magic Bullet PhotoLooks (HKLM-x32\...\Magic Bullet PhotoLooks) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mask Surf Pro (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Mask Surf Pro) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Update 1 (HKLM-x32\...\{b754d160-031f-40d6-9234-aa57674295b0}) (Version: 14.0.24720.1 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft (HKLM-x32\...\Minecraft_is1) (Version: - FreeGamePick)
Minecraft Packages (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\Minecraft Packages) (Version: - ) <==== ATTENTION
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NaturalReader 14 Free (HKLM-x32\...\{773ED0E5-538E-4E86-8E00-719630613290}) (Version: 1.00.0000 - Naturalsoft)
NetStream (HKLM-x32\...\NetStream) (Version: - ) <==== ATTENTION
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.98.16.0 - Overwolf Ltd.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
ProxyGate version 3.0.0.1176 (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1176 - Gold Click Ltd) <==== ATTENTION
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.6.1 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29092 - Razer Inc.)
RealFlight G5 R/C Simulator (HKLM-x32\...\RealFlightG5Pro) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5864 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.7.26.0 - Red Giant, LLC)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24723 - Microsoft Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Security Task Manager 2.1e (HKLM-x32\...\Security Task Manager) (Version: 2.1e - Neuber Software)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
SharpDevelop 5.1 RC (HKLM-x32\...\{2CBA9140-EA65-41C6-92D5-09898C3534DB}) (Version: 5.1.5134 - ic#code)
ShellShock Live (HKLM\...\Steam App 326460) (Version: - kChamp Games)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.20.9608 - SoftEther VPN Project)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedRunners (HKLM\...\Steam App 207140) (Version: - DoubleDutch Games)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
TEdit 3 (HKLM-x32\...\{56642CE5-5D04-4A3D-B774-754499672E39}) (Version: 3.5.14228.27 - BinaryConstruct)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.7.0.9 - GOG.com)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Terraria Tweaker (TO) (HKLM-x32\...\{4D6E25A9-9846-4E08-841D-A0E996488215}) (Version: 1.2.0.7 - TiberiumFusion)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Expendabros (HKLM-x32\...\Steam App 312990) (Version: - Free Lives)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
ZD Soft Screen Recorder (HKLM-x32\...\{94F08B95-2BED-4610-B968-8E0A7907A62D}) (Version: 6.6.0 - ZD Soft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\S C\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\S C\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\S C\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\S C\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2481340648-414227278-1064221337-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\S C\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A4905A-53A5-422C-AA27-6352F4B43F0B} - System32\Tasks\{79917E37-6A0C-4173-A889-9A2BA98F85BF} => C:\Program Files (x86)\Bandicam\bdcam.exe [2016-02-24] (www.Bandisoft.com)
Task: {0512642D-32A6-4264-A1FC-A8E9F1034D1E} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\S C\AppData\Roaming\d3dx10.exe [2015-08-13] () <==== ATTENTION
Task: {0DDA6594-9734-45D3-9D89-2BE2E031C395} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2481340648-414227278-1064221337-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {0EC8A492-9448-4B01-AEF6-80F42C8D27C5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2481340648-414227278-1064221337-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {10F14485-0CE9-4D91-A7C4-54771D1C9975} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
Task: {16947FF6-0383-44F5-844F-BB44ABD82BCC} - System32\Tasks\{C41EAE4A-4246-42B1-9779-025EC93835D3} => C:\Program Files (x86)\Wondershare\VideoEditor\VideoEditor.exe
Task: {215C6187-EFDD-4EF1-8756-EB2C514BA79A} - System32\Tasks\{74566A04-29CA-4049-ABC6-369B5CF23E6F} => C:\Program Files (x86)\RealFlightG5\LauncherG5.exe [2011-05-11] (Knife Edge Software)
Task: {24E43B5E-A689-4CDA-A1F1-633054034A55} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2481340648-414227278-1064221337-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {256160CE-EBDC-4512-921D-D9A75701313F} - System32\Tasks\{C5167224-115A-4A74-8931-B8DDF288C594} => C:\Program Files (x86)\Wondershare\VideoEditor\VideoEditor.exe
Task: {3C99829B-C648-4015-A784-366069D9F492} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {482B19FA-817D-4836-8983-32A74572F75E} - System32\Tasks\{96202964-1700-40F1-A4AF-A06F25388C45} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/go/help.faq.installer?LastError=1618
Task: {4C285D42-8F77-4ACD-BE00-DF7B33F66650} - System32\Tasks\{65FDF6BD-EAC5-472A-B08E-381E615B9CB0} => C:\Users\S C\Desktop\Rony.K\Minecraft Launcher (1).exe [2016-09-22] (Titan Launcher)
Task: {532F6B00-2115-4BD5-9691-9452A6D3D1E4} - System32\Tasks\{C99B1868-5899-4F58-BD19-EA9CB2ECCA39} => C:\Users\S C\Desktop\Rony.K\Minecraft Launcher (1).exe [2016-09-22] (Titan Launcher)
Task: {5412D230-91A9-4847-8FD7-9059C80B9239} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
Task: {55DFA155-E686-4FDF-8CFE-43276E276009} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {6169CF0E-B35A-4CE6-B60D-2AACFEA7AB9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {69C9A4FB-347E-4534-81E6-620CE00A86D3} - System32\Tasks\{940E81A7-B426-41FD-B4D2-C59B86FACBCC} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.73.102.456/en/abandoninstall?page=tsProgressBar
Task: {7550A82D-09DA-413E-BE2B-00C60E3502C3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2481340648-414227278-1064221337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {75D671E7-C188-4817-B680-65982C0CE273} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {765FF273-9799-4C80-A5A2-C71F6CB52EFD} - System32\Tasks\{252BEBC7-C31A-426D-BC00-CBCE7F4A4A14} => pcalua.exe -a F:\forge-1.7.10-10.13.2.1291-installer-win.exe -d F:\
Task: {7986006D-DBC8-431D-B9EF-FBD5B9B230BE} - System32\Tasks\{D77412B4-1A49-409C-8B10-6955C582356D} => pcalua.exe -a "F:\Forge 1.7.10\forge-1.7.10-10.13.2.1291-installer-win.exe" -d "F:\Forge 1.7.10"
Task: {81315701-0B00-4529-8F71-6021216F6ED1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {877FFC05-F645-46ED-85C1-EA04C2B432C3} - System32\Tasks\{9551CA0F-967B-418A-9BDC-B34C4972B2A9} => pcalua.exe -a "C:\Users\S C\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQYFNCID\ymsgr900_2162_us.exe" -d "C:\Users\S C\Desktop"
Task: {8D0E492D-510D-4F11-B4CB-AE47DC5722D7} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {B0A262C4-A8D2-4FA1-B953-21FF19F70199} - \5FOFD9B73D6C-2CRMOI6 -> No File <==== ATTENTION
Task: {B47F80DB-3454-4F5A-A5CD-7DEC2D5095CF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2481340648-414227278-1064221337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B60EDAA0-841B-4C46-BADC-377A6B2FD792} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-09-15] (Overwolf LTD)
Task: {BE7505EF-F2A2-47F2-A3BD-E0CC279C76A1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {CA6824EC-D675-4C91-9239-C5A05285142B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2481340648-414227278-1064221337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CADD1EF3-780D-4B28-ACDD-DF14008B4E3E} - \4CEFD9B73D6C-1CRMOI2 -> No File <==== ATTENTION
Task: {CED5C080-CDD4-400F-8682-2586399B3A5B} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {D0E1E38A-D4E4-4D1D-AD85-9BF88BF549BB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2481340648-414227278-1064221337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EA4FD8DC-6EE8-43DE-900D-C582EE69663F} - System32\Tasks\{280019EC-BABF-4EEF-B09B-78E00CE4436C} => F:\To Bahaa\TerrariaServer.exe
Task: {EC4F0D41-E852-4987-A064-5B496A69B639} - System32\Tasks\{26FADDDA-726B-4D2D-8BC1-7A8718D47CC9} => pcalua.exe -a E:\setup.exe -d E:\
Task: {FF26BEC5-8249-436F-B145-BCD045927D5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\S C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app-id=knipolnnllmklapflnccelgolnpehhpl --profile-directory=Default
ShortcutWithArgument: C:\Users\S C\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --user-data-dir="C:\Users\S C\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2008-05-26 18:24 - 2008-05-26 18:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2015-11-05 03:11 - 2015-11-05 03:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2009-09-04 13:35 - 2009-09-04 13:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-06 23:24 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-06-30 22:45 - 2016-09-08 06:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-30 22:45 - 2016-09-01 04:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-30 22:45 - 2016-09-01 04:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-30 22:45 - 2016-09-01 04:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-30 22:45 - 2016-09-20 22:28 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-30 22:45 - 2016-01-27 10:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-30 22:45 - 2016-01-27 10:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-30 22:45 - 2016-01-27 10:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-30 22:45 - 2016-01-27 10:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-30 22:45 - 2016-01-27 10:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-30 22:45 - 2016-09-20 22:28 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 05:52 - 2016-07-05 01:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-08-25 09:39 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\S C\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 09:40 - 2016-08-25 09:40 - 01050296 _____ () \\?\C:\Users\S C\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 09:40 - 2016-08-25 09:40 - 03793080 _____ () \\?\C:\Users\S C\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 09:40 - 2016-08-25 09:40 - 00894136 _____ () \\?\C:\Users\S C\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-25 09:39 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\S C\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 09:39 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\S C\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-09-28 21:24 - 2016-09-28 21:24 - 00170496 _____ () \\?\C:\Users\S C\AppData\Local\Temp\511B.tmp.node
2016-09-02 11:10 - 2016-09-09 22:14 - 02022072 _____ () \\?\C:\Users\S C\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2015-06-30 22:45 - 2016-08-04 23:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-09-17 05:47 - 2016-09-14 03:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-17 05:47 - 2016-09-14 03:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:12B8C802 [133]
AlternateDataStreams: C:\ProgramData\TEMP:493B3641 [116]
AlternateDataStreams: C:\ProgramData\TEMP:69E87FA2 [145]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2481340648-414227278-1064221337-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2481340648-414227278-1064221337-1000\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2016-09-12 09:41 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2481340648-414227278-1064221337-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\S C\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: Discord => C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
MSCONFIG\startupreg: FontDoctor Helper => C:\Program Files (x86)\Extensis\FontDoctor 10 for Windows\Resources\FontDoctor Helper.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iFunBox Price Watch => C:\Documents\Mike\iFunbox 2014\iFunBox2014.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => "C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe" -overwolfsilent
MSCONFIG\startupreg: Ozics => C:\Users\S C\AppData\Local\Ozics\tcp64.exe
MSCONFIG\startupreg: ProxyGate => C:\Users\S C\AppData\Roaming\ProxyGate\MainService.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: uTorrent => "C:\Users\S C\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: VitaKeyPdtWzd => "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{ED55BEEE-93EC-46E3-893F-C5F0B517020A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6F0DB267-6B30-4312-9898-CC93017478B2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F1D39C3B-A599-468B-ACAA-EE052D959F31}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{B0BFD6C3-5AC8-49EA-9C74-EA28B0347A22}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D7717E22-8C86-450D-9B91-4FA32F20C324}] => (Allow) svchost.exe
FirewallRules: [{A6F3CBFA-2AC6-4E77-B815-3202E1BDA896}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0A52282A-DED5-4D85-994F-FC50BB1E20E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0B937DD8-06C2-4B4A-97D8-5CC0D0932493}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E3DDB4AA-AF18-4874-8E71-A423BA9F2D38}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F2E4C95C-5753-4DEC-9CE1-39A6BAC6B3B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{661AEB07-3B6E-4A32-A514-E805D6623EE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DDBB15A2-ED4F-4CAB-9B8B-BB5DAB262ECA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E56B4514-FF62-4377-8EB0-E483D7DEBF11}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{FD7F14E4-3B93-4CC5-B88F-0FD3B168E21B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{0BA4A69F-8CA3-4934-B544-C30C2406B55D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{ED9BA603-7420-4D98-B496-C4B7596381D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{22B8B536-23BD-4A77-A3D5-CBD96C2838A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4D3A0365-02AB-4B1B-AF9A-749CB10AF41B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A00A84E6-6435-46D6-BFE3-CAA5D2B682E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{9AED7E8A-9924-4EBF-9FF8-F67134CD87CC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{8D51846D-DB94-48B2-AD23-14FEA6683C1D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{0F7DE053-9AF5-4DC0-B49E-CEB12EDC3882}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F1463A50-DD1B-45A3-AB7A-7DD032F8FE72}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{EEB362BC-51A0-418D-ACDC-EC5FADFB5C86}C:\program files (x86)\realflightg5\realflight.exe] => (Allow) C:\program files (x86)\realflightg5\realflight.exe
FirewallRules: [UDP Query User{9C67D607-9E91-44EC-932C-DAB69340A468}C:\program files (x86)\realflightg5\realflight.exe] => (Allow) C:\program files (x86)\realflightg5\realflight.exe
FirewallRules: [{127C5C1D-635C-4D26-9E33-292A26418DA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E5AA9BB-0467-4871-BA42-B06A751CF6A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46932144-842C-46D8-9CC5-9C55DF8F7298}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99C6C704-CE7D-4992-97B3-E911CE16BBBF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{11E6730C-4800-4418-AA7C-407C6EE5D747}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{28060BC9-87CE-4214-8CCB-A44FDC499EDD}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{07075D29-8EAE-48FC-B5A2-1B53DE528EE3}] => (Allow) C:\Users\S C\Desktop\Steam\Steam.exe
FirewallRules: [{18FB7FF5-07C9-4DD7-91D7-595EC8484D45}] => (Allow) C:\Users\S C\Desktop\Steam\Steam.exe
FirewallRules: [{057CB289-9F8F-4294-9070-DF88FFD8829B}] => (Allow) C:\Users\S C\Desktop\Steam\bin\steamwebhelper.exe
FirewallRules: [{29DFCD8B-C6E7-487E-BF44-10798B745CB0}] => (Allow) C:\Users\S C\Desktop\Steam\bin\steamwebhelper.exe
FirewallRules: [{98570A49-9AEE-4E98-B34D-B3DBE72A6DDB}] => (Allow) C:\Users\S C\Desktop\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1352C652-B19D-4509-95BD-B1B12ABD6AFE}] => (Allow) C:\Users\S C\Desktop\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{D1F46E0C-A066-4D82-B0A0-E98C93E078FD}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{240EB183-AA5B-4315-88A7-1D7E1C91CB6D}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{B9987CC6-00BF-4CCB-8BCD-D804FE744FA5}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{35DEAB2B-D7BE-48E1-B93A-1591C1228482}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{5464BF2C-EE7C-4D17-8A9E-AC2CB551DF96}F:\to bahaa\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe] => (Allow) F:\to bahaa\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe
FirewallRules: [UDP Query User{B4F1D162-3C3B-4D07-B612-C7FBE8FFCBDE}F:\to bahaa\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe] => (Allow) F:\to bahaa\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe
FirewallRules: [TCP Query User{4D2AA7DE-AE30-4759-8634-33A6D2E5E8AD}F:\to bahaa\terrariaserver.exe] => (Allow) F:\to bahaa\terrariaserver.exe
FirewallRules: [UDP Query User{34029E8D-9E9A-4975-9062-72BFB376E3B8}F:\to bahaa\terrariaserver.exe] => (Allow) F:\to bahaa\terrariaserver.exe
FirewallRules: [TCP Query User{38D203AD-6EB0-4DB9-9927-4D39E962162D}C:\users\s c\favorites\downloads\utorrent_3_4_2_35702.exe] => (Block) C:\users\s c\favorites\downloads\utorrent_3_4_2_35702.exe
FirewallRules: [UDP Query User{5ACDC865-A0B1-4DA4-8B87-7CA950506E8B}C:\users\s c\favorites\downloads\utorrent_3_4_2_35702.exe] => (Block) C:\users\s c\favorites\downloads\utorrent_3_4_2_35702.exe
FirewallRules: [{21612A8F-3D0C-4664-A058-DA932EBF3A4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4CBD3CA0-9B7E-4C21-A2CE-89BAB77430AA}] => (Allow) LPort=2869
FirewallRules: [{54EA8739-2892-4F92-9899-CD21586C1DDC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{5790EE48-5A77-493E-8278-E197176915BB}C:\users\s c\desktop\worldedit-master\references\terrariaserver.exe] => (Allow) C:\users\s c\desktop\worldedit-master\references\terrariaserver.exe
FirewallRules: [UDP Query User{8B278DD8-F239-41AB-80A7-F17FE46E6E11}C:\users\s c\desktop\worldedit-master\references\terrariaserver.exe] => (Allow) C:\users\s c\desktop\worldedit-master\references\terrariaserver.exe
FirewallRules: [TCP Query User{6D87CB4A-8882-4945-8778-6F15D7F2870B}C:\users\s c\desktop\terrariaserver.exe] => (Allow) C:\users\s c\desktop\terrariaserver.exe
FirewallRules: [UDP Query User{B367A9D7-7F1C-479A-ABF6-68905370E27C}C:\users\s c\desktop\terrariaserver.exe] => (Allow) C:\users\s c\desktop\terrariaserver.exe
FirewallRules: [{6282D3CE-FE3C-4AA6-8BDB-676ED212C97C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1101C056-AC5E-4229-8154-F367AE6F0678}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{257A4365-F385-4EBE-AA6E-E72A5BFAD65D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{BC339E07-585F-4F61-A9CF-B1CD327EABDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{371256FC-1522-4AD7-86EA-16442BEB1328}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{8C0F767A-565D-45BB-8EA4-7EF8BE0C6B9C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{A30575A8-9DAF-4BB6-A3A3-72109E86215F}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{F32A2F6B-05A3-4C84-893A-5905543F6554}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{96018185-72D3-478E-B0FF-D81E3D3531EB}C:\users\s c\desktop\t-shock 1.3.0.3\terrariaserver.exe] => (Allow) C:\users\s c\desktop\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [UDP Query User{F462AD4E-55FC-4ED6-B86B-3F46AB68AEE1}C:\users\s c\desktop\t-shock 1.3.0.3\terrariaserver.exe] => (Allow) C:\users\s c\desktop\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [{D4C07DA8-7F3F-4BC7-952F-2334118BE3D5}] => (Block) C:\users\s c\desktop\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [{F25D2D1F-CB7F-442B-9E53-F2D5CDDEEB98}] => (Block) C:\users\s c\desktop\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [TCP Query User{47087DAF-D987-4BB7-97B3-96BCF3AF3490}F:\to bahaa\tshock api's\t-shock 1.3.0.3\terrariaserver.exe] => (Allow) F:\to bahaa\tshock api's\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [UDP Query User{4AE8903E-3DFD-49DF-9635-64A373DB79FF}F:\to bahaa\tshock api's\t-shock 1.3.0.3\terrariaserver.exe] => (Allow) F:\to bahaa\tshock api's\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [{F258A75B-7504-4F6D-A456-BD43D4097A03}] => (Block) F:\to bahaa\tshock api's\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [{FDF96B91-2089-4548-B6FB-9978CD2DF836}] => (Block) F:\to bahaa\tshock api's\t-shock 1.3.0.3\terrariaserver.exe
FirewallRules: [TCP Query User{FD9CD1FD-6E0B-499C-B3E2-315A9AC67CF4}F:\to bahaa\tshock api's\t-shock 1.3.0.4\terrariaserver.exe] => (Allow) F:\to bahaa\tshock api's\t-shock 1.3.0.4\terrariaserver.exe
FirewallRules: [UDP Query User{81844F7B-9A7D-42FA-B854-D4FEF5A85363}F:\to bahaa\tshock api's\t-shock 1.3.0.4\terrariaserver.exe] => (Allow) F:\to bahaa\tshock api's\t-shock 1.3.0.4\terrariaserver.exe
FirewallRules: [{A1B5699D-F139-429F-BC74-CA9FDD66E439}] => (Block) F:\to bahaa\tshock api's\t-shock 1.3.0.4\terrariaserver.exe
FirewallRules: [{270C1D49-317B-4FD1-8B31-DCAD4E468538}] => (Block) F:\to bahaa\tshock api's\t-shock 1.3.0.4\terrariaserver.exe
FirewallRules: [TCP Query User{2882D067-999E-4454-8770-4DA407C5A6B6}F:\to bahaa\tshock api's\t-shock 1.3.0.5\terrariaserver.exe] => (Allow) F:\to bahaa\tshock api's\t-shock 1.3.0.5\terrariaserver.exe
FirewallRules: [UDP Query User{8F658194-B4E8-4FEA-9135-118C0FBF8F39}F:\to bahaa\tshock api's\t-shock 1.3.0.5\terrariaserver.exe] => (Allow) F:\to bahaa\tshock api's\t-shock 1.3.0.5\terrariaserver.exe
FirewallRules: [{47E1B982-4458-4C70-B900-18AF94C71B17}] => (Block) F:\to bahaa\tshock api's\t-shock 1.3.0.5\terrariaserver.exe
FirewallRules: [{741AA297-21B1-4880-8540-5EF0C8439840}] => (Block) F:\to bahaa\tshock api's\t-shock 1.3.0.5\terrariaserver.exe
FirewallRules: [TCP Query User{6906C4A5-9AAB-488F-A734-6D3215A5AF5F}C:\users\s c\favorites\downloads\utorrent.exe] => (Allow) C:\users\s c\favorites\downloads\utorrent.exe
FirewallRules: [UDP Query User{8398C3DB-4E82-4335-83F5-F64A5A6FDB32}C:\users\s c\favorites\downloads\utorrent.exe] => (Allow) C:\users\s c\favorites\downloads\utorrent.exe
FirewallRules: [{7B89DAB0-C475-4DF9-BB89-38D1EA0E2B10}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4FF8C8B1-C773-4983-85BE-0163E99529C8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{44847234-8678-4401-BE89-7C0019A05DC7}C:\users\s c\desktop\t-shick\terrariaserver.exe] => (Allow) C:\users\s c\desktop\t-shick\terrariaserver.exe
FirewallRules: [UDP Query User{DFE14D7D-403C-494B-940C-66F6B99695AF}C:\users\s c\desktop\t-shick\terrariaserver.exe] => (Allow) C:\users\s c\desktop\t-shick\terrariaserver.exe
FirewallRules: [TCP Query User{42F407E6-E247-4106-B141-901EE746CECA}C:\users\s c\desktop\mike.k\t-shick\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shick\terrariaserver.exe
FirewallRules: [UDP Query User{E94E2A9A-503E-44B0-9E45-F75CD366BD61}C:\users\s c\desktop\mike.k\t-shick\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shick\terrariaserver.exe
FirewallRules: [TCP Query User{45C3BD78-90B3-4393-83C5-C34745E430EC}C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12\terrariaserver.exe
FirewallRules: [UDP Query User{62D4B7F9-2DCA-433F-8F8D-A40635BC8F9C}C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12\terrariaserver.exe
FirewallRules: [TCP Query User{BCB933C7-8F88-4373-8531-5855320BD7BB}C:\users\s c\desktop\tshock_4.3.9\terrariaserver.exe] => (Allow) C:\users\s c\desktop\tshock_4.3.9\terrariaserver.exe
FirewallRules: [UDP Query User{660A9BAC-E638-4405-983B-45FD8DFB4509}C:\users\s c\desktop\tshock_4.3.9\terrariaserver.exe] => (Allow) C:\users\s c\desktop\tshock_4.3.9\terrariaserver.exe
FirewallRules: [TCP Query User{B3657E15-69EB-44E5-B6FD-0EF20781CAFC}C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12 (1)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12 (1)\terrariaserver.exe
FirewallRules: [UDP Query User{97A7018B-8EF3-480D-B5D7-71DFC49260C9}C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12 (1)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shick\tshock_4.3.12 (1)\terrariaserver.exe
FirewallRules: [{26A1CA95-BF5C-4C2E-9A60-163CAF883008}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{C5125FF9-C12F-4E5B-9F3D-3AEB77C5E9D3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{2952AF99-A49A-4AB6-94ED-4D786FEDEAA6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{D25D4E76-FDE1-4DB1-A331-FF2249BC16FF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{DD8EFE2D-346D-48FE-9BDE-EC39CCE3679D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{9EB5C82E-7CFE-4DF3-8F59-22468ED52B92}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{0B207354-ABB9-4925-A0BB-730B7766D8D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{1081F09A-6BBE-4189-A605-8529023ECA71}C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe] => (Block) C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe
FirewallRules: [UDP Query User{3BA0287D-CA9A-40A6-A485-F79D98A6BA14}C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe] => (Block) C:\program files (x86)\steam\steamapps\common\move or die\love\win\love.exe
FirewallRules: [TCP Query User{1EC23C47-FB57-4B3D-80C2-BD54BD59E148}C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1)\terrariaserver.exe
FirewallRules: [UDP Query User{A0F0FD27-8E61-4E0B-9D0E-EE073DE05259}C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1)\terrariaserver.exe
FirewallRules: [TCP Query User{8C251071-2084-4B55-BB70-D8E26219B49B}C:\users\s c\desktop\mike.k\worldedit-master\worldedit-master\references\terrariaserver.exe] => (Block) C:\users\s c\desktop\mike.k\worldedit-master\worldedit-master\references\terrariaserver.exe
FirewallRules: [UDP Query User{57BE67B8-3A7B-4E52-AF0F-E00F666468F1}C:\users\s c\desktop\mike.k\worldedit-master\worldedit-master\references\terrariaserver.exe] => (Block) C:\users\s c\desktop\mike.k\worldedit-master\worldedit-master\references\terrariaserver.exe
FirewallRules: [TCP Query User{44E9467E-537F-434F-B1E5-4B39B954E7A1}C:\users\s c\desktop\mike.k\t-shock 1.21\tshock_4.3.9 (1)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shock 1.21\tshock_4.3.9 (1)\terrariaserver.exe
FirewallRules: [UDP Query User{EBE4BAD8-80EA-4149-8EB0-091E4C262379}C:\users\s c\desktop\mike.k\t-shock 1.21\tshock_4.3.9 (1)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shock 1.21\tshock_4.3.9 (1)\terrariaserver.exe
FirewallRules: [TCP Query User{A8BD45C4-9512-4459-9A58-5856191A9D56}C:\users\s c\desktop\igg-simpleplanes.v1.3.17.0\simpleplanes.exe] => (Allow) C:\users\s c\desktop\igg-simpleplanes.v1.3.17.0\simpleplanes.exe
FirewallRules: [UDP Query User{B86AD917-93C9-4AC3-AABF-66D225FB3AB6}C:\users\s c\desktop\igg-simpleplanes.v1.3.17.0\simpleplanes.exe] => (Allow) C:\users\s c\desktop\igg-simpleplanes.v1.3.17.0\simpleplanes.exe
FirewallRules: [{932304DE-F732-4E73-9A83-BE87EBF2F76E}] => (Allow) C:\Users\S C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3DA9920-3223-46E0-93E1-FFB1A49D3942}] => (Allow) C:\Users\S C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{994D51B7-42AD-44C4-9F82-B2D1F6CDBB86}] => (Allow) C:\Users\S C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A168EC50-6FF5-4A2A-A53E-8D72716AEC6C}] => (Allow) C:\Users\S C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C601967-9DBF-4BE5-B7A7-928F99412FC4}] => (Allow) C:\Users\S C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{21E1512D-DF54-42CE-87A7-95301CE69523}] => (Allow) C:\Users\S C\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB92F9E2-F898-4BEF-A9E0-ED6497FD9AC7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{41E4D9DD-2C1D-4039-B7E9-B59B1C20389B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{31CD0D87-35CB-4BFC-B219-AA9B8A92541D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{995D058C-13AD-40B3-9E06-3E5885740301}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{949FEBE6-A7E0-4079-8D81-FCB3C34329B6}C:\users\s c\desktop\rony.k\simple planes\simpleplanes.exe] => (Allow) C:\users\s c\desktop\rony.k\simple planes\simpleplanes.exe
FirewallRules: [UDP Query User{6D8B9D16-F9B0-48EF-BBD1-10A7414D7C80}C:\users\s c\desktop\rony.k\simple planes\simpleplanes.exe] => (Allow) C:\users\s c\desktop\rony.k\simple planes\simpleplanes.exe
FirewallRules: [TCP Query User{D10EA6C1-7636-4573-9D3B-5C55CB4643DB}C:\program files (x86)\steam\steamapps\common\simple planes\simpleplanes.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\simple planes\simpleplanes.exe
FirewallRules: [UDP Query User{AF5CB6FF-E464-474C-B4CB-0D96285CAFE2}C:\program files (x86)\steam\steamapps\common\simple planes\simpleplanes.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\simple planes\simpleplanes.exe
FirewallRules: [{6BFA8F9B-FB67-49B8-95D6-62E7A1DE67BB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{89D428E1-79EB-4578-9AE9-308328E03C9B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{578B5AE4-A39A-4769-AE89-1921625EF837}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F1E151EE-27EA-4455-8DA8-2309BDCBA966}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DEB2D362-E033-46AB-9EAB-E64B19B1F06C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C5DD8F22-AE98-4373-9389-471015242523}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7C993889-2B5D-4AE4-8212-D2105663B041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{F3A1EBE9-1E55-4C23-8D34-9175620579FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [TCP Query User{E135F8F7-C6DF-4E64-87C5-29FC510DEC80}C:\gog games\terraria\terrariaserver.exe] => (Block) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{43A7BB04-81EA-46DC-81BB-959FE4CD90B9}C:\gog games\terraria\terrariaserver.exe] => (Block) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{C4B3546B-C452-4C51-9450-13A548DD8FAD}C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1.22 - use)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1.22 - use)\terrariaserver.exe
FirewallRules: [UDP Query User{365D9EEC-6125-4FE2-A0DF-5DBCEEB1EDE5}C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1.22 - use)\terrariaserver.exe] => (Allow) C:\users\s c\desktop\mike.k\t-shock\tshock_4.3.12 (1.22 - use)\terrariaserver.exe
FirewallRules: [{9A13AD9F-4427-4407-8A5E-891E5BF4E62B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{18816558-48DD-423D-8DC4-D426E23A4CCA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{A9F1B87D-DF1A-43BD-824F-8511F638451B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{59FBCEE8-4EEF-4B5D-B505-7727AE1C2493}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{6DA7AE2A-540F-4333-AF7A-E12E23D755A7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{DA10C6D9-9205-41E0-B203-F7399C77132A}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [TCP Query User{8C8C6013-30AC-4E57-87B0-EA3554B91CC1}C:\users\s c\desktop\mike.k\cracked stuff\enter.the.gungeon\enter.the.gungeon\etg.exe] => (Allow) C:\users\s c\desktop\mike.k\cracked stuff\enter.the.gungeon\enter.the.gungeon\etg.exe
FirewallRules: [UDP Query User{C2F95DAC-C333-4570-A178-7076C58D705B}C:\users\s c\desktop\mike.k\cracked stuff\enter.the.gungeon\enter.the.gungeon\etg.exe] => (Allow) C:\users\s c\desktop\mike.k\cracked stuff\enter.the.gungeon\enter.the.gungeon\etg.exe
FirewallRules: [{BC34958F-207F-4F75-AA0E-2BD4DAA7FD32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{26DABA23-21F6-4EA6-8F3C-1D3F1512D7F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6588BE2-3B1C-4439-ACCB-A49EA4C51ECD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{719EA983-194C-4301-936A-62098A303A8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{576EEDE9-95F8-4281-B3B6-481C25179308}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{470475DC-3253-447F-B504-9A64D33F1D0D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F52F3029-BF74-4C4E-B626-C8EC23AB18C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EE3954E-8EAC-48C1-BFD6-F6E3A843CDED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DEBED1EE-E709-4F3E-94DB-BC7575D9FAC8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB8F0400-0F69-42A4-8755-DA6EEB63F26A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04617F69-1B0D-4377-A463-680DB2F52929}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3BA3277-6BBA-4D44-B998-99EBECE5F556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{67E39B10-9F50-4D10-9AAE-62A2D6D761BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [TCP Query User{B501B8B0-30F4-43D1-92BC-1B56B0AE36AC}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{0A59A0AD-6FB1-4C0A-B9F3-D2E1099F123F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{C984434E-65E9-40DB-AEC5-8744ABEAC6F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4755B9CA-0EC5-4A80-97E6-EC7A07B636A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{2876732F-63B3-415F-BDFA-3D80E3A221FD}C:\program files (x86)\looksbuilder\magic bullet photolooks.exe] => (Allow) C:\program files (x86)\looksbuilder\magic bullet photolooks.exe
FirewallRules: [UDP Query User{1EA2F49E-79C4-4782-9D6A-0D44DED411DE}C:\program files (x86)\looksbuilder\magic bullet photolooks.exe] => (Allow) C:\program files (x86)\looksbuilder\magic bullet photolooks.exe
FirewallRules: [{DCB2CB1A-3D11-44FB-9720-F5BA7A89D715}] => (Allow) C:\Windows\Temp\temp885010392.exe
FirewallRules: [{DC2A27EA-7C07-489D-975A-C41388D461B7}] => (Allow) C:\Windows\Temp\temp885010392.exe
FirewallRules: [{E246A973-BE7F-45DE-886E-878A5C6ABCB5}] => (Allow) LPort=80
FirewallRules: [{D8152045-7AE7-46A2-AD28-A0116AF76556}] => (Allow) LPort=53
FirewallRules: [{5020C436-52C2-4408-9AF9-C6690700FC98}] => (Allow) C:\Windows\Temp\temp2800237468.exe
FirewallRules: [{F975563D-D610-4D29-A39E-CEAFEEEF58CA}] => (Allow) C:\Windows\Temp\temp2800237468.exe
FirewallRules: [{A09C2548-96A7-4654-9B0D-4C12B80552E2}] => (Allow) C:\Windows\Temp\temp3177584966.exe
FirewallRules: [{5B79A7E3-AA99-4DAE-B280-B776BA004284}] => (Allow) C:\Windows\Temp\temp3177584966.exe
FirewallRules: [{00AD925B-16E2-4E33-8B3E-D079B5FF8558}] => (Allow) C:\Windows\Temp\temp3618274086.exe
FirewallRules: [{110987B8-002D-4FD9-A644-C8D05F1FB180}] => (Allow) C:\Windows\Temp\temp3618274086.exe
FirewallRules: [{50A91B24-CF28-4753-B9CF-0FF913EAD44C}] => (Allow) C:\Windows\Temp\ad2Host.exe
FirewallRules: [{8E649D68-F327-4E12-8328-253E3BE22E3B}] => (Allow) C:\Windows\Temp\ad2Host.exe
FirewallRules: [{1C9B4F6F-0804-45C0-BCCC-A3B423262856}] => (Allow) C:\Windows\Temp\adsl32.exe
FirewallRules: [{B0EA0371-5F52-4915-AFA2-8179EEB7364C}] => (Allow) C:\Windows\Temp\adsl32.exe
FirewallRules: [{A51514EB-4B4D-4689-B59A-CEA210437BE6}] => (Allow) C:\Windows\Temp\mstcs.exe
FirewallRules: [{9C602373-94FD-442A-BE0F-6EB6EA0669A0}] => (Allow) C:\Windows\Temp\mstcs.exe
FirewallRules: [{3CD6A9B7-4F30-4233-8A6D-913F6983F8BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5FE7384F-8DFD-4159-8B37-13C1D3B1CCEB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5688F545-47F3-4D7B-81F3-CDF931A78A5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{08DB7379-4254-46E4-8349-2A460D7BD156}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{093CAD39-8C53-43FA-9136-54E50F7E1824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{0A3AAFF9-0FF9-4A90-B7E7-00FAFDC54396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{DECA2853-64AC-4B48-9BED-4BE6FEF5A768}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{EC696C3D-8872-491E-A2C6-7F12CF0C402A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{A309A408-AB89-4B5C-AE25-A967ABD5C425}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6EE5DB69-475E-40BF-8987-4751D9558E7D}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{E5822010-C0D4-436D-88F7-67FA9ADEC25F}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe

==================== Restore Points =========================

18-09-2016 03:00:54 Windows Update
22-09-2016 00:15:39 Windows Update
24-09-2016 18:15:00 Installed Hi-Rez Studios Games
24-09-2016 18:17:46 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
24-09-2016 18:18:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
24-09-2016 18:19:15 Installed DirectX
24-09-2016 19:06:45 Installed NaturalReader 14 Free.

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2016 05:28:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Faulting module name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Exception code: 0xc0000005
Fault offset: 0x00da9118
Faulting process id: 0x23ee4
Faulting application start time: 0x01d21991b67dace6
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Report Id: d84c9e09-8587-11e6-b5d1-00235a679419

Error: (09/28/2016 03:37:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Faulting module name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Exception code: 0xc0000005
Fault offset: 0x00da9118
Faulting process id: 0x3fc0c
Faulting application start time: 0x01d2197f6062048b
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Report Id: 5fd9f234-8578-11e6-b5d1-00235a679419

Error: (09/28/2016 02:55:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellShockLive.exe version 5.4.1.40776 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3fc98

Start Time: 01d2197e7400e9bd

Termination Time: 685

Application Path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe

Report Id: 6c521cb6-8572-11e6-b5d1-00235a679419

Error: (09/28/2016 12:21:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Faulting module name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Exception code: 0xc0000005
Fault offset: 0x00da9118
Faulting process id: 0x124c
Faulting application start time: 0x01d219640103ff20
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Report Id: edc415ff-855c-11e6-b5d1-00235a679419

Error: (09/28/2016 11:40:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellShockLive.exe version 5.4.1.40776 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d48

Start Time: 01d21963bd290206

Termination Time: 694

Application Path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe

Report Id: 2d7e7e35-8557-11e6-b5d1-00235a679419

Error: (09/28/2016 10:10:20 AM) (Source: MsiInstaller) (EventID: 11316) (User: SC-PC)
Description: Product: Microsoft XNA Framework Redistributable 4.0 Refresh -- Error 1316. The specified account already exists.

Error: (09/28/2016 09:50:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Faulting module name: ShellShockLive.exe, version: 5.4.1.40776, time stamp: 0x57c803ba
Exception code: 0xc0000005
Fault offset: 0x00da9118
Faulting process id: 0x1018
Faulting application start time: 0x01d2191ac27ad82b
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
Report Id: dfd4238d-8547-11e6-b5d1-00235a679419

Error: (09/28/2016 02:56:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellShockLive.exe version 5.4.1.40776 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a14

Start Time: 01d2191a84f6b884

Termination Time: 348

Application Path: C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe

Report Id: fb8af5ec-850d-11e6-b5d1-00235a679419

Error: (09/27/2016 01:22:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SimplePlanes.exe version 5.1.4.53491 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3acf8

Start Time: 01d218a8f08f0318

Termination Time: 128

Application Path: C:\Users\S C\Desktop\Rony.K\Simple Planes\SimplePlanes.exe

Report Id: 4c9316be-849c-11e6-bad0-00235a679419

Error: (09/26/2016 09:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23418, time stamp: 0x570898dc
Faulting module name: btwapi.dll, version: 6.2.1.500, time stamp: 0x4aa17008
Exception code: 0xc0000005
Fault offset: 0x000000000004e08d
Faulting process id: 0x7bc
Faulting application start time: 0x01d2181e5e733a11
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Program Files\WIDCOMM\Bluetooth Software\btwapi.dll
Report Id: 412c4635-8413-11e6-8218-00235a679419


System errors:
=============
Error: (09/28/2016 09:22:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Genuine Software Integrity Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/28/2016 09:10:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TeamViewer 11 service terminated unexpectedly. It has done this 3 time(s).

Error: (09/28/2016 09:09:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 11 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (09/28/2016 09:09:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/28/2016 07:50:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 11 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (09/28/2016 07:45:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/28/2016 07:44:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/28/2016 02:46:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Genuine Software Integrity Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/27/2016 07:52:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/27/2016 04:31:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


CodeIntegrity:
===================================
Date: 2015-12-05 16:49:00.293
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:49:00.277
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:49:00.268
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:48:59.439
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:48:59.428
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:48:59.420
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:48:58.899
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:48:58.885
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:48:58.877
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-12-05 16:48:57.500
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 65%
Total physical RAM: 3069.98 MB
Available physical RAM: 1066.89 MB
Total Virtual: 11673.16 MB
Available Virtual: 8720.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:29.46 GB) NTFS
Drive d: () (Fixed) (Total:151.6 GB) (Free:151.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 89D90DB0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 01 October 2016 - 08:11 AM.


#3 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 29 September 2016 - 05:18 PM

9/30/16 1:09 AM - Update: I have left my computer on for a while because I had to go leave and take my German lessons, I come back and I find the virus msdn opened. I took a some screenshots. The CPU usage kept fluctuating from %5-%20 until I came back. I come back and my CPU usage keeps fluctuating from %80-%100 and is causing my laptop MAJOR lag. 

 

The only way I can re-gain my CPU usage back is by restarting my computer which takes 5-6 minutes now.

 

msdn running:

 

2S3xvoD.png

 

 

My PC's CPU and memory's sudden increase:

 

05Mcfhz.png

 

 

I'm guessing it turns on when I'm away from my computer for a certain period of time

 

 

 

9/30/16 1:45 AM - Update: I also went to the resource monitor to see what was going on and I find this, it's on the top and I'm pretty sure that's a very unusual description for an exe I've never seen.

 

I've done some research and I found that that line is part of a joke called "The Dark Tunnel"

 

Link: http://www.radford.edu/~ibarland/Public/Humor/kiss

 

5fa9d818db4949cb833bac3c578acf7b.png

 

 

I attempted to end the process but I was greeted by a message that says: When attempting to execute the command, the following system error occurred: Access is denied.

 

I clicked the second time and it went away and my CPU usage went back to normal. This is very unusual. 


Edited by Sackboy90210, 29 September 2016 - 05:47 PM.


#4 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 29 September 2016 - 07:44 PM

9/30/16 3:34 AM - Update: I shut down my PC at 1:25 AM, now, nearly two hours later I wake up to find starting up slower than usual because the virus is attempting to launch itself.

 

I see these three messages as my desktop loads, as well as msdn running in the background.

 

Hyb0oT1.png

 

 

I clicked abort on the error above and OK to the rest... I'm starting to get extremely worried. I'm not performing any scans and I'm very tempted to because I'm not getting any replies. I'm in deep need for help, please. I understand that this website is extremely busy but my family currently facing lots of financial issues and I can't risk losing this miracle of technology. It's been about 2-3 days now. Please, help.

 

Trying my best to be patient. Thanks for your understanding.


Edited by Sackboy90210, 29 September 2016 - 07:47 PM.


#5 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 30 September 2016 - 08:50 AM

9/30/16 4:47 PM - Update: I've spotted COM Surrogate randomly appearing while I was playing a game called Shellshock Live. I hardly doubt that Shellshock Live causes the issue because it's just a popular game from Steam that I bought...

 

 ri78VM3.png


Edited by Sackboy90210, 30 September 2016 - 08:50 AM.


#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:04 PM

Posted 01 October 2016 - 06:06 AM

Hello, I'm Bezukhov, and I'll be assisting you with this. A few thins to keep in mind:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
ETA: One more thing. You say this has been going on for "quite a while". About how long would you say. 3 to 4 months?

Edited by Bezukhov, 01 October 2016 - 06:32 AM.

To err is Human. To blame it on someone else is even more Human.

#7 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 01 October 2016 - 06:50 AM

Thanks for the reply Bezukhov! I'll be sure to follow all instructions needed to eradicate this virus. 

 

This virus has been popping up for an EXTREMELY long time, since February. I was in a google hangouts chat and someone from there was able to apparently do some spyware, get our ips and log into our computer's files, activate our microphones, etc. Since then that virus has appeared and I wasn't able to get rid of it. I keep doing scans over scans using Hitman Pro and MalwareBytes, they keep removing them and they just come back and it really frustrates me. I've decided to go to bleeping computer because I've seen a thread that has the same case as me which has been locked due to the topic starter's inactivity. I can't remember the link at all now but I'm hoping you could help me solve this issue.

 

Also, don't worry about the amount of time it takes me to complete a task, I'm online the whole day and have nothing to do, just browsing this forum for the bizarre stuff happening on people's computers  :thumbsup:


Edited by Sackboy90210, 01 October 2016 - 06:58 AM.


#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:04 PM

Posted 01 October 2016 - 07:46 AM

Also, don't worry about the amount of time it takes me to complete a task, I'm online the whole day and have nothing to do, just browsing this forum for the bizarre stuff happening on people's computers  :thumbsup:


Just as a reminder. I'm still a student, so anything I propose to do in this thread needs to be cleared with an instructor, therefore my responses might take a bit of time. The upshot to this is you have two heads going over this.
To err is Human. To blame it on someone else is even more Human.

#9 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 01 October 2016 - 07:50 AM

No problem!  :thumbsup:



#10 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 02 October 2016 - 01:20 AM

So now that I'm being looked into, I should provide you with everything happening to my computer.

 

Today at start up, I didn't get the third error that says "English Startup" with the option "Abort", I feel like it fixed itself because msdn was running in the background, while I did get the two other RegSvr errors.

 

I also found this running in the background taking a LOT of CPU memory and last time it popped up it had a different description than this.

 

zJxgs3b.png


Edited by Sackboy90210, 02 October 2016 - 01:37 AM.


#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:04 PM

Posted 02 October 2016 - 07:17 AM

A couple of  things:

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
 
CKScanner
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
One question. Do you recognize this file?
C:\Users\S C\AppData\Roaming\bow.tar.gz

Edited by Bezukhov, 02 October 2016 - 07:49 AM.

To err is Human. To blame it on someone else is even more Human.

#12 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 02 October 2016 - 09:36 AM

Hello, thanks for the reply. 

 

I have uninstalled uTorrent to prevent more malware infections. 

 

Also, when running CKScanner with full administration privileges, and clicking on Seach for Files, it freezes and stops responding however I'm going to leave it running in the background and see what it'll do. 

 

Also, I don't recognize that file at all.


Edited by Sackboy90210, 02 October 2016 - 09:37 AM.


#13 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 02 October 2016 - 10:10 AM

Alright, got it!

 

 

These files are definitely not bad at all... they're the game's sprites in .xnb form. 
 
(Sorry for the delay, I'm sick. I also couldn't copy paste because it told me the post was too big)

Attached Files


Edited by Sackboy90210, 02 October 2016 - 10:16 AM.


#14 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 03 October 2016 - 05:58 AM

Ugh, today at startup I got this error with a different text.

 

sQtfpsw.png



#15 Sackboy90210

Sackboy90210
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  

Posted 03 October 2016 - 12:33 PM

Gosh... remember that msdn.exe that I talked about earlier? (the virus that slows down my computer)

 

Now I found two other versions of it with different names but have the same icon... the keep multiplying by the day.

 

B96JoVI.png

 

h7RdwCP.png

 

New one that appeared today ^

 

q6rxQiw.png

 

Also found this.

 

 

 

Is it okay for me to delete all the items in my Temp folder? There's a LOT of junk and I'm worried they might be infected by the virus. I also really need to do a registery cleanup or something because these errors at startup are making me worried.

 

I also did my best to delete all the cracked software on my computer as requested.

 

Also, 24 hour bump.


Edited by Sackboy90210, 03 October 2016 - 01:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users