Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD flashes, Chrome closing randomly, Possible fake taskbar shortcuts


  • This topic is locked This topic is locked
6 replies to this topic

#1 dazahn

dazahn

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 19 November 2016 - 10:56 PM

Finishing up removing this malware, but a few problems still persist:

  • CMD windows, usually two, randomly flash on the screen every once in a while.
  • Chrome closes on its own every once in a while
  • Sometimes I look at the taskbar, and I see two Chrome shortcuts, one showing open windows for the Chrome I'm using, and the other showing that it's not in use.

Malwarebytes comes up clean, as does Zemana. I'm unsure what to do from here, please advise.

Attached Files


Edited by dazahn, 20 November 2016 - 01:28 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 PM

Posted 24 November 2016 - 11:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632617 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dazahn

dazahn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 25 November 2016 - 11:10 AM

The only problem I'm still having is with the cmd flashing and closing randomly. I used Process Lasso to find what it was doing. Since it was two flashing simultaneously, it was  easy to figure out which cmd.exe it was using the timestamps in the log.
 
The command prompts were executing:
/C C:\WINDOWS\system32\bitsadmin.exe /COMPLETE task3 && C:\WINDOWS\system32\bi3.exe /sparam=gbizftptn095001au,09d29686-a2fe-4f9c-ae16-df0b6390b054, /rnd=0 2>nul

/C C:\WINDOWS\system32\bitsadmin.exe /COMPLETE task3 && C:\WINDOWS\system32\bi3.exe /sparam=gbizftpbl0cshmoau,76f9eaaf-e5e0-42c6-b5bf-bb56bf307401, /rnd=0 2>nul
That looks kind of fishy to me.
New FRST logs are posted.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by Daniel (administrator) on DAN-LAPTOP (25-11-2016 09:40:39)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Tempo Semiconductor Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Node.js) C:\Windows\Prey\versions\1.6.3\bin\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.3\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Evaer Technology) C:\Program Files (x86)\Evaer\videochannel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Slack Technologies) C:\Users\Daniel\AppData\Local\slack\app-2.3.2\slack.exe
(Slack Technologies) C:\Users\Daniel\AppData\Local\slack\app-2.3.2\slack.exe
(Slack Technologies) C:\Users\Daniel\AppData\Local\slack\app-2.3.2\slack.exe
(Slack Technologies) C:\Users\Daniel\AppData\Local\slack\app-2.3.2\slack.exe
(Slack Technologies) C:\Users\Daniel\AppData\Local\slack\app-2.3.2\slack.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitsum LLC) C:\Program Files\Process Lasso\LogViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [466224 2015-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29642368 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\Run: [avichannel] => C:\Program Files (x86)\Evaer\videochannel.exe [1741296 2016-04-27] (Evaer Technology)
HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\Run: [meritt] => "C:\Program Files (x86)\Rims\redbird.exe"
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-11-18]
ShortcutTarget: Curse.lnk -> C:\Users\Daniel\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-11-19]
ShortcutTarget: Slack.lnk -> C:\Users\Daniel\AppData\Local\slack\Update.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{34057b4a-f235-45ae-8581-3b184f250568}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{59153866-ca8c-40a3-be3a-1629054c4ebb}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-530961615-738628264-3883630054-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-11-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-11-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-11-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-12] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: a7w16ln2.default
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a7w16ln2.default [2016-11-19]
FF Extension: (Tails Download and Verify) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a7w16ln2.default\Extensions\dave@tails.boum.org.xpi [2016-09-12]
FF Extension: (Firefox Hotfix) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a7w16ln2.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-12]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-18] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-11-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2016-11-25]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-11]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11]
CHR Extension: (Google Cast) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-08-08]
CHR Extension: (uBlock Origin) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-07-11]
CHR Extension: (Go Back With Backspace) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekailopagacbcdloonjhbiecobagjci [2016-10-11]
CHR Extension: (Floating for YouTube™ Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\egncdnniomonjgpjbapalkckojhkfddk [2016-08-08]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-11-19]
CHR Extension: (appchan x) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfibffekgcmgabbfaibbbcapgnfobnoi [2016-07-11]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-11-17]
CHR Extension: (Floating for YouTube™) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2016-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-11]
CHR Extension: (uBlock Origin WebSocket) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2016-11-22]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1392648 2016-08-29] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-10-30] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-08-10] (Fork, Ltd.) [File not signed]
S2 debugregsvc; C:\WINDOWS\System32\debugregsvc.dll [29184 2016-07-15] (Microsoft Corporation)
S3 DeveloperToolsService; C:\WINDOWS\System32\DeveloperToolsSvc.exe [104448 2016-07-15] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382440 2016-08-19] (Intel Corporation)
S3 LxssManager; C:\WINDOWS\system32\lxss\LxssManager.dll [327168 2016-10-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-13] (Electronic Arts)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [345600 2009-12-08] (Pharos Systems International) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-10-08] ()
R3 SshBroker; C:\WINDOWS\System32\SshBroker.dll [360960 2016-07-15] (Microsoft Corporation)
R3 SshProxy; C:\WINDOWS\System32\SshProxy.dll [275456 2016-07-15] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [350224 2015-07-23] (Tempo Semiconductor Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WebManagement; C:\WINDOWS\system32\WebManagement.exe [1000448 2016-09-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-11-19] ()
R3 keyboard; C:\Windows\System32\Drivers\keyboard.sys [18536 2016-10-29] (Oblita)
R0 lxss; C:\WINDOWS\System32\drivers\lxss.sys [15712 2016-08-02] (Microsoft Corporation)
R3 mouse; C:\Windows\System32\Drivers\mouse.sys [18536 2016-10-29] (Oblita)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52CB0C7E-BF16-4ED5-966E-5BA59921F30B}\MpKslDrv.sys [44928 2016-11-20] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvtdi.inf_amd64_ffe959c3568f2c22\nvlddmkm.sys [14172608 2016-11-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2016-11-19] (Sysinternals - www.sysinternals.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [561680 2015-07-23] (Tempo Semiconductor Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-12] (Oracle Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [198248 2016-07-11] (IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-11-19] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-11-19] (Zemana Ltd.)
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: LxssManager -> C:\Windows\system32\lxss\LxssManager.dll (Microsoft Corporation)
NETSVC: debugregsvc -> C:\Windows\System32\debugregsvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-25 09:40 - 2016-11-25 09:41 - 00023648 _____ C:\Users\Daniel\Desktop\FRST.txt
2016-11-25 09:40 - 2016-11-25 09:40 - 00000000 ____D C:\Users\Daniel\Desktop\FRST-OlderVersion
2016-11-24 22:18 - 2016-11-24 22:23 - 00088677 _____ C:\Users\Daniel\Downloads\E4E5.tmp
2016-11-24 21:38 - 2016-11-24 21:38 - 00003106 _____ C:\WINDOWS\System32\Tasks\Process Lasso Management Console (GUI)
2016-11-24 21:38 - 2016-11-24 21:38 - 00003096 _____ C:\WINDOWS\System32\Tasks\Process Lasso Core Engine Only
2016-11-24 21:38 - 2016-11-24 21:38 - 00000000 ____D C:\ProgramData\ProcessLasso
2016-11-24 21:38 - 2016-11-24 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2016-11-24 21:37 - 2016-11-24 21:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\ProcessLasso
2016-11-24 21:37 - 2016-11-24 21:38 - 00000000 ____D C:\Program Files\Process Lasso
2016-11-24 21:37 - 2016-11-24 21:37 - 02691008 _____ (Bitsum LLC) C:\Users\Daniel\Downloads\processlassosetup64.exe
2016-11-23 18:03 - 2016-11-23 18:03 - 00000218 _____ C:\Users\Daniel\AppData\Local\recently-used.xbel
2016-11-23 18:02 - 2016-11-23 18:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\SKIDROW
2016-11-23 17:58 - 2016-11-23 17:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\TheJackboxPartyPack
2016-11-23 17:58 - 2016-11-23 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jackbox Games Inc
2016-11-23 17:58 - 2016-11-23 17:58 - 00000000 ____D C:\Program Files (x86)\Jackbox Games Inc
2016-11-23 17:44 - 2016-11-23 17:51 - 00000000 ____D C:\Users\Daniel\Downloads\The.Jackbox.Party.Pack-TiNYiSO
2016-11-23 17:43 - 2016-11-23 17:43 - 00015247 _____ C:\Users\Daniel\Downloads\The.Jackbox.Party.Pack-TiNYiSO.torrent
2016-11-23 10:04 - 2016-11-23 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-11-22 14:31 - 2016-11-24 20:23 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-11-22 14:31 - 2016-11-23 20:26 - 00000000 ____D C:\Users\Daniel\Documents\Heroes of the Storm
2016-11-22 11:44 - 2016-11-22 11:44 - 01052957 _____ C:\Users\Daniel\Downloads\ECE225_CNotes26_PW.pdf
2016-11-22 11:17 - 2016-11-22 11:17 - 08122617 _____ C:\Users\Daniel\Downloads\HY 101 Assignments Guide.pdf
2016-11-22 11:11 - 2016-11-22 11:11 - 01401696 _____ C:\Users\Daniel\Downloads\ECE225_CNotes25_PW.pdf
2016-11-22 11:11 - 2016-11-22 11:11 - 01401696 _____ C:\Users\Daniel\Downloads\ECE225_CNotes25_PW (1).pdf
2016-11-22 10:54 - 2016-11-22 10:56 - 07703989 _____ C:\Users\Daniel\Downloads\2016-11-21.7z
2016-11-21 22:32 - 2016-11-21 22:32 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-21 22:29 - 2016-11-21 22:30 - 01065376 _____ (Google Inc.) C:\Users\Daniel\Downloads\ChromeSetup.exe
2016-11-20 16:36 - 2016-11-20 21:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-20 15:27 - 2016-11-24 22:03 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-11-20 15:27 - 2016-11-20 15:27 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Daniel\Downloads\mbar-1.09.3.1001.exe
2016-11-20 15:26 - 2016-11-20 16:36 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-20 15:26 - 2016-11-20 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-20 15:26 - 2016-11-20 15:26 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-20 15:25 - 2016-11-20 15:26 - 34176608 _____ (Adlice Software ) C:\Users\Daniel\Downloads\setup.exe
2016-11-20 15:24 - 2016-11-20 15:24 - 03910208 _____ C:\Users\Daniel\Downloads\adwcleaner_6.030.exe
2016-11-20 14:42 - 2016-11-20 14:42 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\obf.u
2016-11-20 12:56 - 2016-11-20 12:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Mael
2016-11-20 12:47 - 2016-11-20 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2016-11-20 12:47 - 2016-11-20 12:47 - 00000000 ____D C:\Program Files (x86)\HxD
2016-11-20 12:46 - 2016-11-20 12:46 - 00872029 _____ C:\Users\Daniel\Downloads\HxDSetupEN.zip
2016-11-20 12:46 - 2016-11-20 12:46 - 00000000 ____D C:\Users\Daniel\Downloads\HxDSetupEN
2016-11-20 12:39 - 2016-11-20 12:39 - 00000000 ____D C:\Users\Daniel\Downloads\Citra JIT Unofficial (Sept 24)
2016-11-20 12:32 - 2016-11-20 12:32 - 15473339 _____ C:\Users\Daniel\Downloads\Citra JIT Unofficial (Sept 24).zip
2016-11-20 12:13 - 2016-11-22 10:43 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra Development Team
2016-11-20 12:13 - 2016-11-22 10:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\citra
2016-11-20 11:50 - 2016-11-20 11:50 - 00188729 _____ C:\Users\Daniel\Downloads\makerom.zip
2016-11-20 11:50 - 2016-11-20 11:50 - 00000000 ____D C:\Users\Daniel\Downloads\makerom
2016-11-20 11:49 - 2016-11-20 12:00 - 1510858831 _____ C:\Users\Daniel\Downloads\Pokemon_Moon.7z
2016-11-20 11:31 - 2016-11-20 12:13 - 25271808 _____ (Citra Development Team) C:\Users\Daniel\Downloads\CitraSetup.exe
2016-11-20 11:04 - 2016-11-20 11:04 - 01762885 _____ C:\Users\Daniel\Documents\EAC & TT Ripping.rar
2016-11-19 22:06 - 2016-11-19 22:06 - 16262784 _____ C:\Users\Daniel\Documents\Crypto101.pdf
2016-11-19 21:46 - 2016-11-25 09:40 - 02412032 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2016-11-19 16:10 - 2016-11-19 16:10 - 00269540 _____ C:\TDSSKiller.3.1.0.12_19.11.2016_16.10.03_log.txt
2016-11-19 16:09 - 2016-11-19 16:09 - 00000426 _____ C:\TDSSKiller.2.8.16.0_19.11.2016_16.09.17_log.txt
2016-11-19 15:19 - 2016-11-19 15:19 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2016-11-19 11:06 - 2016-11-19 11:06 - 00002586 _____ C:\WINDOWS\system32\.crusader
2016-11-19 10:59 - 2016-11-19 11:15 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-11-19 10:37 - 2016-11-19 11:10 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-19 10:31 - 2016-11-19 10:31 - 00000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2016-11-19 10:31 - 2016-11-19 10:31 - 00000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2016-11-19 10:28 - 2016-11-20 15:26 - 00000000 ____D C:\AdwCleaner
2016-11-19 00:37 - 2016-11-19 00:37 - 00000000 ____D C:\Program Files (x86)\ESET
2016-11-19 00:20 - 2016-11-25 09:41 - 10185820 _____ C:\WINDOWS\ZAM.krnl.trace
2016-11-19 00:20 - 2016-11-25 09:40 - 01635911 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-11-19 00:20 - 2016-11-19 00:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-11-19 00:20 - 2016-11-19 00:20 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-11-19 00:20 - 2016-11-19 00:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\Zemana
2016-11-19 00:20 - 2016-11-19 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-19 00:20 - 2016-11-19 00:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-19 00:17 - 2016-11-25 09:40 - 00000000 ____D C:\FRST
2016-11-18 16:14 - 2016-11-18 16:14 - 00000000 ____D C:\Users\Daniel\AppData\Local\PAYDAY
2016-11-18 16:04 - 2016-11-18 16:37 - 00000000 ____D C:\Users\Daniel\Downloads\The.Grand.Tour.2016.S01E01.The.Holy.Trinity.1080p.AMZN.WEBRip.DD5.1.x264-NTb
2016-11-18 15:28 - 2016-11-18 15:28 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-11-18 15:27 - 2016-11-18 15:27 - 00000000 ____D C:\WINDOWS\system32\mimk
2016-11-18 15:00 - 2016-11-18 15:28 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apyblib
2016-11-18 15:00 - 2016-11-18 15:26 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Company
2016-11-18 15:00 - 2016-11-18 15:01 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-11-18 15:00 - 2016-11-18 15:00 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-11-18 15:00 - 2016-11-18 15:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\Tempfolder
2016-11-18 14:58 - 2016-11-19 00:25 - 00000000 ____D C:\Program Files (x86)\naftali
2016-11-18 14:58 - 2016-11-18 14:59 - 00000000 ____D C:\WINDOWS\dan-laptop_200916
2016-11-18 14:58 - 2016-11-18 14:58 - 00000003 _____ C:\Users\Daniel\AppData\Local\run1.txt
2016-11-18 14:58 - 2016-11-18 14:58 - 00000000 _____ C:\TOSTACK
2016-11-18 14:55 - 2016-11-18 14:55 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Daniel\Downloads\libeay32.dll
2016-11-18 13:48 - 2016-11-18 13:48 - 00127721 _____ C:\Users\Daniel\AppData\Local\31848.exe
2016-11-18 13:48 - 2016-11-18 13:48 - 00048436 _____ C:\Users\Daniel\AppData\Local\84502.exe
2016-11-17 19:36 - 2016-11-17 19:36 - 00003645 _____ C:\Users\Daniel\Downloads\MM.CT
2016-11-17 19:26 - 2016-11-17 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2016-11-17 19:25 - 2016-11-19 02:20 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2016-11-17 19:25 - 2016-11-17 19:25 - 00000000 ____D C:\Users\Daniel\Documents\My Cheat Tables
2016-11-16 17:56 - 2016-11-16 17:56 - 00004372 _____ C:\Users\Daniel\Downloads\158112841X.pdf
2016-11-16 13:32 - 2016-11-25 09:35 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Slack
2016-11-16 13:32 - 2016-11-16 13:32 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2016-11-16 13:32 - 2016-11-16 13:32 - 00000000 ____D C:\Users\Daniel\AppData\Local\slack
2016-11-12 12:14 - 2016-11-12 12:14 - 00000000 ____D C:\Users\Public\Documents\Steam
2016-11-12 12:14 - 2016-11-12 12:14 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Playsport Games
2016-11-12 11:03 - 2016-11-12 11:27 - 00000001 _____ C:\Users\Daniel\1386E796930777388C712CCE0CF9DE4F.dat
2016-11-12 11:01 - 2016-11-12 11:01 - 00000000 ____D C:\Users\Daniel\OSBot
2016-11-12 10:50 - 2016-11-11 16:01 - 00047040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-11-12 10:50 - 2016-10-25 15:40 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437570.dll
2016-11-12 10:50 - 2016-10-25 15:40 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437570.dll
2016-11-12 10:50 - 2016-10-25 15:40 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-11-12 10:50 - 2016-10-25 15:40 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-11-12 10:44 - 2016-10-25 14:21 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-12 10:44 - 2016-10-25 14:21 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-12 10:38 - 2016-11-12 10:38 - 00000000 ____D C:\Games

2016-11-12 01:07 - 2016-11-12 01:07 - 00037991 _____ C:\Users\Daniel\Downloads\Windows - Motorsport Manager - 2016 (Motorsport.Manager.REPACK-KaOs).torrent
2016-11-12 01:05 - 2016-11-12 01:05 - 00000000 ____D C:\Users\Daniel\Downloads\TakeOwnership
2016-11-12 00:08 - 2016-11-12 00:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Java Heuristics
2016-11-12 00:08 - 2016-11-12 00:08 - 00000000 ____D C:\ProgramData\Java32
2016-11-12 00:07 - 2016-11-12 00:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Kxoeoaon
2016-11-12 00:07 - 2016-11-12 00:07 - 00000000 ____D C:\SimplyPkCachev1.7
2016-11-11 09:55 - 2016-11-11 09:55 - 00001047 _____ C:\Users\Daniel\Downloads\HoodzFletcher downloader.simba
2016-11-11 09:25 - 2016-11-20 14:42 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.tribot
2016-11-11 09:01 - 2016-11-11 09:01 - 00089736 _____ C:\Users\Daniel\Downloads\TRiBot_Loader.jar
2016-11-05 11:22 - 2016-11-05 13:17 - 00429405 _____ C:\Users\Daniel\Downloads\Exam 2 Bonus Images (1).pptx
2016-11-04 16:17 - 2016-11-04 16:23 - 00007170 _____ C:\Users\Daniel\Downloads\FireMaker - VarrockWest.2.simba
2016-11-04 09:42 - 2016-11-04 09:42 - 04903002 _____ C:\Users\Daniel\Downloads\Exam 2 Bonus Images.pptx
2016-11-03 12:46 - 2016-11-03 12:46 - 06668096 _____ (Tim Kosse) C:\Users\Daniel\Downloads\FileZilla_3.22.2.2_win64-setup.exe
2016-11-02 17:12 - 2016-11-02 17:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\com.runemate.boot.Boot
2016-11-02 17:10 - 2016-11-08 20:29 - 00000000 ____D C:\Users\Daniel\RuneMate
2016-11-02 17:10 - 2016-11-02 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RuneMate
2016-11-02 17:10 - 2016-11-02 17:10 - 00000000 ____D C:\Program Files (x86)\RuneMate
2016-11-02 17:09 - 2016-11-02 17:09 - 17483776 _____ () C:\Users\Daniel\Downloads\RuneMate_setup.exe
2016-11-01 13:25 - 2016-11-01 13:25 - 00000000 ____D C:\Users\Daniel\VirtualBox VMs
2016-11-01 13:13 - 2016-11-01 13:20 - 1167990784 _____ C:\Users\Daniel\Documents\tails-i386-2.6.iso
2016-10-30 20:07 - 2016-10-30 20:07 - 00000000 ____D C:\Users\Daniel\Downloads\PP2016-Capstone-Level2-resources
2016-10-30 20:05 - 2016-10-30 20:22 - 01834629 _____ C:\Users\Daniel\Downloads\Kelly.Lee-PP2016-Capstone-Level2.pptx
2016-10-29 18:19 - 2016-10-29 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-29 10:37 - 2016-10-29 10:37 - 00000000 ____D C:\Users\Daniel\Downloads\New folder
2016-10-29 10:31 - 2016-10-29 10:31 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2016-10-29 10:31 - 2016-10-29 10:31 - 00018536 _____ (Oblita) C:\WINDOWS\system32\Drivers\mouse.sys
2016-10-29 10:31 - 2016-10-29 10:31 - 00018536 _____ (Oblita) C:\WINDOWS\system32\Drivers\keyboard.sys
2016-10-29 10:31 - 2016-10-29 10:31 - 00000000 ____D C:\Users\Daniel\Downloads\Keyboard_Splitter_1.2
2016-10-29 10:30 - 2016-10-29 10:30 - 05095403 _____ C:\Users\Daniel\Downloads\Keyboard_Splitter_1.2.zip
2016-10-29 01:42 - 2016-10-29 01:42 - 00000000 ____D C:\ProgramData\X360CE
2016-10-29 01:37 - 2016-10-29 01:37 - 00000000 ____D C:\Users\Daniel\AppData\Local\NEGU_Soft
2016-10-29 01:36 - 2016-10-29 01:36 - 00543608 _____ (NEGU Soft ) C:\Users\Daniel\Downloads\ultimate_control_v1.2_win_setup.exe
2016-10-28 21:37 - 2016-10-28 21:37 - 00034975 _____ C:\Users\Daniel\Downloads\autoATF - Summer 2016 Ruleset - v0.4.zip
2016-10-28 21:37 - 2016-10-28 21:37 - 00000000 ____D C:\Users\Daniel\Downloads\autoATF - Summer 2016 Ruleset - v0.4
2016-10-28 16:45 - 2016-10-28 16:45 - 00000000 ____D C:\Users\Daniel\Downloads\RigIt_v0.4.0_x86
2016-10-28 16:44 - 2016-10-28 16:45 - 23951002 _____ C:\Users\Daniel\Downloads\RigIt_v0.4.0_x86.zip
2016-10-28 11:26 - 2016-10-28 11:26 - 00035090 _____ C:\Users\Daniel\Downloads\Wyvern Skeletals 1.0.simba
2016-10-28 10:04 - 2016-10-28 10:04 - 00297220 _____ C:\Users\Daniel\Downloads\Auto Color Aid v2.zip
2016-10-27 22:03 - 2016-10-14 22:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-27 22:03 - 2016-10-14 22:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-27 22:03 - 2016-10-14 22:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-27 22:03 - 2016-10-14 22:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-27 22:03 - 2016-10-14 22:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-27 22:03 - 2016-10-14 22:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-27 22:03 - 2016-10-14 22:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-27 22:03 - 2016-10-14 22:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-27 22:03 - 2016-10-14 21:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-27 22:03 - 2016-10-14 21:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-27 22:03 - 2016-10-14 21:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-27 22:03 - 2016-10-14 21:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-27 22:03 - 2016-10-14 21:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 22:03 - 2016-10-14 21:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-27 22:03 - 2016-10-14 21:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 22:03 - 2016-10-14 21:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-27 22:03 - 2016-10-14 21:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-27 22:03 - 2016-10-14 21:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 22:03 - 2016-10-14 21:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-27 22:03 - 2016-10-14 21:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-27 22:03 - 2016-08-26 23:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-27 22:02 - 2016-10-14 22:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-27 22:02 - 2016-10-14 22:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-27 22:02 - 2016-10-14 22:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-27 22:02 - 2016-10-14 22:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-27 22:02 - 2016-10-14 22:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-27 22:02 - 2016-10-14 22:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-27 22:02 - 2016-10-14 22:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-27 22:02 - 2016-10-14 22:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-27 22:02 - 2016-10-14 22:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-27 22:02 - 2016-10-14 22:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-27 22:02 - 2016-10-14 22:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-27 22:02 - 2016-10-14 22:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-27 22:02 - 2016-10-14 22:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-27 22:02 - 2016-10-14 22:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-27 22:02 - 2016-10-14 22:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-27 22:02 - 2016-10-14 22:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-27 22:02 - 2016-10-14 22:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-27 22:02 - 2016-10-14 22:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-27 22:02 - 2016-10-14 22:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-27 22:02 - 2016-10-14 22:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-27 22:02 - 2016-10-14 22:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-27 22:02 - 2016-10-14 21:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-27 22:02 - 2016-10-14 21:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-27 22:02 - 2016-10-14 21:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-27 22:02 - 2016-10-14 21:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-27 22:02 - 2016-10-14 21:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-27 22:02 - 2016-10-14 21:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-27 22:02 - 2016-10-14 21:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-27 22:02 - 2016-10-14 21:57 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
2016-10-27 22:02 - 2016-10-14 21:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-27 22:02 - 2016-10-14 21:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-27 22:02 - 2016-10-14 21:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-27 22:02 - 2016-10-14 21:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-27 22:02 - 2016-10-14 21:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-27 22:02 - 2016-10-14 21:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-27 22:02 - 2016-10-14 21:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-27 22:02 - 2016-10-14 21:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-27 22:02 - 2016-10-14 21:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-27 22:02 - 2016-10-14 21:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-27 22:02 - 2016-10-14 21:53 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\LxRun.exe
2016-10-27 22:02 - 2016-10-14 21:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-27 22:02 - 2016-10-14 21:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-27 22:02 - 2016-10-14 21:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-27 22:02 - 2016-10-14 21:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-27 22:02 - 2016-10-14 21:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-27 22:02 - 2016-10-14 21:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-27 22:02 - 2016-10-14 21:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-27 22:02 - 2016-10-14 21:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-27 22:02 - 2016-10-14 21:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-27 22:02 - 2016-10-14 21:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-27 22:02 - 2016-10-14 21:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-27 22:02 - 2016-10-14 21:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-27 22:02 - 2016-10-14 21:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-27 22:02 - 2016-10-14 21:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-27 22:02 - 2016-10-14 21:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-27 22:02 - 2016-10-14 21:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-27 22:02 - 2016-10-14 21:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-27 22:02 - 2016-10-14 21:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-27 22:02 - 2016-10-14 21:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-27 22:02 - 2016-10-14 21:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-27 22:02 - 2016-10-14 21:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-27 22:02 - 2016-10-14 21:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-27 22:02 - 2016-10-14 21:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-27 22:02 - 2016-10-14 21:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-27 22:02 - 2016-10-14 21:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-27 22:02 - 2016-10-14 21:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-27 22:02 - 2016-10-14 21:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-27 22:02 - 2016-10-14 21:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-27 22:02 - 2016-10-14 21:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-27 22:02 - 2016-10-14 21:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-27 22:02 - 2016-10-14 21:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-27 22:02 - 2016-10-14 21:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-27 22:02 - 2016-10-14 21:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-27 22:02 - 2016-10-14 21:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-27 22:02 - 2016-10-14 21:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-27 22:02 - 2016-10-14 21:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-27 22:02 - 2016-10-14 21:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-27 22:02 - 2016-10-14 21:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-27 22:02 - 2016-10-14 21:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-27 22:02 - 2016-10-14 21:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-27 22:02 - 2016-10-14 21:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-27 22:02 - 2016-10-14 21:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-27 22:02 - 2016-10-14 21:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-27 22:02 - 2016-10-14 21:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-27 22:02 - 2016-10-14 21:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-27 22:02 - 2016-10-14 21:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-27 22:02 - 2016-10-14 21:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-27 22:02 - 2016-10-14 21:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-27 22:02 - 2016-10-14 21:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-27 22:02 - 2016-10-14 21:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-27 22:02 - 2016-09-10 07:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-27 22:01 - 2016-10-14 22:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-27 22:01 - 2016-10-14 22:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-27 22:01 - 2016-10-14 22:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-27 22:01 - 2016-10-14 22:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-27 22:01 - 2016-10-14 22:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-27 22:01 - 2016-10-14 22:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-27 22:01 - 2016-10-14 22:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-27 22:01 - 2016-10-14 22:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-27 22:01 - 2016-10-14 22:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-27 22:01 - 2016-10-14 22:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-27 22:01 - 2016-10-14 22:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-27 22:01 - 2016-10-14 22:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-27 22:01 - 2016-10-14 22:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-27 22:01 - 2016-10-14 22:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-27 22:01 - 2016-10-14 22:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-27 22:01 - 2016-10-14 22:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-27 22:01 - 2016-10-14 22:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-27 22:01 - 2016-10-14 22:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-27 22:01 - 2016-10-14 22:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-27 22:01 - 2016-10-14 22:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-27 22:01 - 2016-10-14 22:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-27 22:01 - 2016-10-14 22:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-27 22:01 - 2016-10-14 22:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-27 22:01 - 2016-10-14 22:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-27 22:01 - 2016-10-14 22:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-27 22:01 - 2016-10-14 22:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-27 22:01 - 2016-10-14 22:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-27 22:01 - 2016-10-14 21:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-27 22:01 - 2016-10-14 21:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-27 22:01 - 2016-10-14 21:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-27 22:01 - 2016-10-14 21:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-27 22:01 - 2016-10-14 21:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-27 22:01 - 2016-10-14 21:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-27 22:01 - 2016-10-14 21:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-27 22:01 - 2016-10-14 21:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-27 22:01 - 2016-10-14 21:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-27 22:01 - 2016-10-14 21:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-27 22:01 - 2016-10-14 21:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-27 22:01 - 2016-10-14 21:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-27 22:01 - 2016-10-14 21:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-27 22:01 - 2016-10-14 21:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-27 22:01 - 2016-10-14 21:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-27 22:01 - 2016-10-14 21:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-27 22:01 - 2016-10-14 21:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-27 22:01 - 2016-10-14 21:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-27 22:01 - 2016-10-14 21:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-27 22:01 - 2016-10-14 21:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-27 22:01 - 2016-10-14 21:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-27 22:01 - 2016-10-14 21:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-27 22:01 - 2016-10-14 21:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-27 22:01 - 2016-10-14 21:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-27 22:01 - 2016-10-14 21:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-27 22:01 - 2016-10-14 21:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-27 22:01 - 2016-10-14 21:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-27 22:01 - 2016-10-14 21:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-27 22:01 - 2016-10-14 21:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 22:01 - 2016-10-14 21:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 22:01 - 2016-10-14 21:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-27 22:01 - 2016-10-14 21:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 22:01 - 2016-10-14 21:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-27 22:01 - 2016-10-14 21:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-27 22:01 - 2016-10-14 21:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-27 22:01 - 2016-10-14 21:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-27 22:01 - 2016-10-14 21:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-27 22:01 - 2016-10-14 21:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-27 22:01 - 2016-10-14 21:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-27 22:01 - 2016-10-14 21:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-27 22:01 - 2016-10-14 21:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-27 22:01 - 2016-10-14 21:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-27 22:01 - 2016-10-14 21:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-27 22:01 - 2016-10-14 21:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-27 22:01 - 2016-10-14 21:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-27 22:01 - 2016-10-14 21:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-27 22:01 - 2016-10-14 21:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-27 22:01 - 2016-10-14 21:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-27 22:01 - 2016-10-14 21:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-27 22:01 - 2016-10-14 21:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-27 22:01 - 2016-10-14 21:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-27 22:01 - 2016-10-14 21:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-27 22:01 - 2016-10-14 21:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-27 22:01 - 2016-08-05 22:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-26 09:58 - 2016-11-12 00:58 - 00000000 ____D C:\Users\Daniel\OSBuddy

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-25 09:37 - 2016-08-03 09:20 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8D9915E6-1226-4A10-BCCF-50CD53A68E0E}
2016-11-25 09:36 - 2016-07-11 18:28 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2016-11-25 09:34 - 2016-08-02 12:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-25 09:34 - 2016-07-11 16:51 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-24 21:23 - 2016-07-30 16:15 - 00000000 ____D C:\Users\Daniel\AppData\Local\Battle.net
2016-11-24 20:23 - 2016-07-30 16:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-24 16:36 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-23 23:05 - 2016-07-30 16:23 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-23 20:25 - 2016-07-30 16:15 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-23 13:18 - 2016-08-03 09:15 - 00000000 __SHD C:\Users\Daniel\AppData\Local\lxss
2016-11-23 09:28 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-22 22:58 - 2016-08-14 15:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\obs-studio
2016-11-22 22:56 - 2016-07-11 17:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2016-11-22 19:02 - 2016-08-28 21:02 - 00003552 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Update {C9A7E374-FFCA-46B7-A0C1-407313000B6B}
2016-11-22 19:02 - 2016-08-28 21:02 - 00003374 _____ C:\WINDOWS\System32\Tasks\EPSON XP-410 Series Invitation {C9A7E374-FFCA-46B7-A0C1-407313000B6B}
2016-11-22 19:02 - 2016-08-28 21:02 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {C9A7E374-FFCA-46B7-A0C1-407313000B6B}.job
2016-11-22 19:02 - 2016-08-28 21:02 - 00000755 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {C9A7E374-FFCA-46B7-A0C1-407313000B6B}.job
2016-11-22 18:43 - 2016-07-11 16:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-22 10:43 - 2016-08-29 16:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\SquirrelTemp
2016-11-21 22:30 - 2016-08-02 12:47 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-21 22:30 - 2016-08-02 12:47 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-21 22:30 - 2016-07-11 15:58 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-21 22:30 - 2016-07-11 15:58 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-21 22:30 - 2016-07-11 15:58 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-21 22:28 - 2016-07-11 17:58 - 03518880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-21 18:10 - 2016-07-12 15:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2016-11-21 09:09 - 2016-08-02 12:44 - 00000000 ____D C:\Users\Daniel
2016-11-21 09:08 - 2016-08-02 12:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-21 09:08 - 2016-08-02 12:43 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-21 09:08 - 2016-08-02 12:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-21 09:08 - 2016-07-11 16:02 - 00000000 __SHD C:\Users\Daniel\IntelGraphicsProfiles
2016-11-20 23:02 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-11-20 16:19 - 2015-10-30 01:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-20 15:27 - 2016-07-11 16:53 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-20 14:50 - 2016-09-24 10:46 - 00000045 _____ C:\Users\Daniel\jagex_cl_oldschool_LIVE.dat
2016-11-20 11:48 - 2016-07-13 20:46 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\deluge
2016-11-20 11:05 - 2016-07-11 17:55 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages
2016-11-19 22:13 - 2016-08-02 12:42 - 00340936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-19 22:12 - 2016-07-16 00:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-11-19 20:57 - 2016-10-08 21:24 - 00281032 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2016-11-19 20:57 - 2016-07-20 19:05 - 00281032 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-11-19 00:25 - 2016-10-15 09:37 - 00001052 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk
2016-11-19 00:25 - 2016-09-12 10:34 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-11-18 15:28 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-18 15:28 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-18 15:28 - 2016-07-12 07:52 - 00000000 ____D C:\Program Files\Microsoft Office
2016-11-18 15:27 - 2016-10-25 09:58 - 00000926 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2016.lnk
2016-11-18 15:27 - 2016-10-23 15:21 - 00001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-11-18 15:27 - 2016-10-12 17:26 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-18 15:27 - 2016-09-24 10:43 - 00002090 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2016-11-18 15:27 - 2016-08-29 19:34 - 00001755 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2016-11-18 15:27 - 2016-08-03 09:30 - 00001814 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bash on Ubuntu on Windows.lnk
2016-11-18 15:27 - 2016-08-02 12:46 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-18 15:27 - 2016-08-01 15:31 - 00001090 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-11-18 15:27 - 2016-07-24 09:48 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-11-18 15:27 - 2016-07-19 07:20 - 00001381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\putty.lnk
2016-11-18 15:27 - 2016-07-18 12:59 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-18 15:27 - 2016-07-18 11:19 - 00001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SsdReady.lnk
2016-11-18 15:27 - 2016-07-16 05:43 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-11-18 15:27 - 2016-07-16 05:43 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-11-18 15:27 - 2016-07-16 05:42 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-11-18 15:27 - 2016-07-13 07:58 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defcon.lnk
2016-11-18 15:27 - 2016-07-12 10:16 - 00000919 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2016-11-18 15:27 - 2016-07-12 09:13 - 00001170 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\putty.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:54 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-11-18 15:27 - 2016-07-12 07:53 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-11-18 15:27 - 2016-07-11 17:57 - 00002364 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-18 14:55 - 2016-09-12 10:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-18 14:55 - 2016-07-11 16:02 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-15 17:47 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-13 19:40 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-13 10:46 - 2016-07-12 07:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\NVIDIA Corporation
2016-11-12 17:54 - 2016-07-11 16:05 - 00000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2016-11-12 15:54 - 2016-09-24 11:05 - 00000000 ____D C:\Simba
2016-11-12 11:01 - 2016-08-03 08:57 - 00000000 ____D C:\ProgramData\Oracle
2016-11-12 11:00 - 2016-09-25 21:23 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-12 11:00 - 2016-09-25 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-12 11:00 - 2016-09-25 21:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-12 10:51 - 2016-08-02 12:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-12 10:51 - 2016-08-02 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-12 10:44 - 2016-09-24 23:54 - 00003930 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-12 10:44 - 2016-09-24 23:53 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-12 10:44 - 2016-09-24 23:53 - 00003966 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-12 10:44 - 2016-09-24 23:53 - 00003904 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-12 10:44 - 2016-09-24 23:53 - 00003742 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-12 10:44 - 2016-09-24 23:53 - 00003700 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-12 10:44 - 2016-08-02 12:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-12 10:39 - 2016-10-25 10:43 - 00000000 ___RD C:\Users\Daniel\Downloads\simba
2016-11-12 10:36 - 2016-04-27 00:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-12 02:15 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-12 02:15 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-12 02:15 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-12 02:15 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-12 02:15 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-12 02:15 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-12 01:44 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-12 01:42 - 2016-07-11 16:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-12 01:40 - 2016-07-11 16:09 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-12 01:11 - 2016-08-02 12:47 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-12 01:09 - 2016-07-16 05:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-12 00:59 - 2016-08-02 12:59 - 00000000 ___SD C:\WINDOWS\system32\lxss
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-12 00:59 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-12 00:59 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-11-12 00:59 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-12 00:59 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-11-12 00:58 - 2016-07-30 18:01 - 00000000 ____D C:\Users\Daniel\Documents\Overwatch
2016-11-12 00:58 - 2016-07-30 16:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Battle.net
2016-11-12 00:58 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-12 00:58 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-11-12 00:58 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-12 00:58 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-11-12 00:58 - 2016-07-11 18:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-12 00:57 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\registration
2016-11-12 00:57 - 2016-07-11 18:28 - 00000000 ____D C:\ProgramData\Skype
2016-11-10 17:51 - 2016-07-19 07:29 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-10 17:51 - 2016-07-19 07:29 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-10 16:38 - 2016-08-02 12:43 - 07511235 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-10 16:38 - 2016-08-02 12:43 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-10 16:38 - 2016-08-02 12:43 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-10 16:38 - 2016-08-02 12:43 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-10 16:38 - 2016-08-02 12:43 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-10 16:38 - 2016-08-02 12:43 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-10 16:38 - 2016-08-02 12:43 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-10 16:38 - 2016-08-02 12:43 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-10 16:35 - 2016-09-24 23:53 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-11-08 20:30 - 2016-09-24 10:44 - 00000024 _____ C:\Users\Daniel\jagexappletviewer.preferences
2016-11-03 12:48 - 2016-07-12 09:02 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\FileZilla
2016-11-02 17:10 - 2016-08-03 09:02 - 00000000 ____D C:\Users\Daniel\.oracle_jre_usage
2016-11-01 13:41 - 2016-07-20 11:02 - 00000000 ____D C:\Users\Daniel\.VirtualBox
2016-11-01 12:50 - 2016-07-11 15:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2016-10-29 18:19 - 2016-08-08 13:56 - 00000000 ____D C:\GOG Games
2016-10-29 10:37 - 2016-10-25 09:58 - 00000000 ____D C:\Program Files (x86)\Pro Evolution Soccer 2016
2016-10-29 03:13 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 03:12 - 2016-07-16 05:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 22:24 - 2016-07-11 16:11 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-28 17:56 - 2016-07-16 05:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 17:56 - 2016-07-16 05:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 10:01 - 2016-09-24 10:44 - 00000024 ____R C:\Users\Daniel\random.dat
2016-10-26 09:35 - 2016-09-24 10:44 - 00000045 _____ C:\Users\Daniel\jagex_cl_runescape_LIVE.dat

==================== Files in the root of some directories =======

2014-09-20 09:59 - 2014-09-20 09:59 - 0070656 _____ (Christian Werner Software & Consulting) C:\Program Files\adddsn.exe
2014-09-20 09:59 - 2014-09-20 09:59 - 0070656 _____ (Christian Werner Software & Consulting) C:\Program Files\addsysdsn.exe
2014-09-20 09:59 - 2014-09-20 09:59 - 0073216 _____ (Christian Werner Software & Consulting) C:\Program Files\instq.exe
2004-11-13 00:12 - 2004-11-13 00:12 - 0001456 _____ () C:\Program Files\license.terms
2014-09-20 10:00 - 2014-09-20 10:00 - 0001482 _____ () C:\Program Files\license.txt
2014-09-20 09:34 - 2014-09-20 09:34 - 0011410 _____ () C:\Program Files\README
2014-09-20 09:34 - 2014-09-20 09:34 - 0011410 _____ () C:\Program Files\readme.txt
2014-09-20 09:59 - 2014-09-20 09:59 - 0070656 _____ (Christian Werner Software & Consulting) C:\Program Files\remdsn.exe
2014-09-20 09:59 - 2014-09-20 09:59 - 0070656 _____ (Christian Werner Software & Consulting) C:\Program Files\remsysdsn.exe
2014-09-20 09:59 - 2014-09-20 09:59 - 0067584 _____ () C:\Program Files\sqlite3.exe
2014-09-20 09:59 - 2014-09-20 09:59 - 0858624 _____ (Christian Werner Software & Consulting) C:\Program Files\sqlite3odbc.dll
2014-09-20 10:00 - 2014-09-20 10:00 - 0852992 _____ (Christian Werner Software & Consulting) C:\Program Files\sqlite3odbcnw.dll
2014-09-20 09:59 - 2014-09-20 09:59 - 0078848 _____ (Christian Werner Software & Consulting) C:\Program Files\sqlite3_mod_blobtoxy.dll
2014-09-20 09:59 - 2014-09-20 09:59 - 0062464 _____ () C:\Program Files\sqlite3_mod_csvtable.dll
2014-09-20 10:00 - 2014-09-20 10:00 - 0059904 _____ () C:\Program Files\sqlite3_mod_extfunc.dll
2014-09-20 10:00 - 2014-09-20 10:00 - 0150528 _____ () C:\Program Files\sqlite3_mod_fts3.dll
2014-09-20 09:59 - 2014-09-20 09:59 - 0057344 _____ () C:\Program Files\sqlite3_mod_impexp.dll
2014-09-20 10:00 - 2014-09-20 10:00 - 0062464 _____ () C:\Program Files\sqlite3_mod_rtree.dll
2014-09-20 09:59 - 2014-09-20 09:59 - 0101376 _____ () C:\Program Files\sqlite3_mod_zipfile.dll
2014-09-20 09:59 - 2014-09-20 09:59 - 0073216 _____ (Christian Werner Software & Consulting) C:\Program Files\uninst.exe
2016-08-24 14:32 - 2016-09-04 20:19 - 0063202 _____ () C:\Program Files\Uninstall.exe
2014-09-20 09:59 - 2014-09-20 09:59 - 0073216 _____ (Christian Werner Software & Consulting) C:\Program Files\uninstq.exe
2016-11-18 13:48 - 2016-11-18 13:48 - 0127721 _____ () C:\Users\Daniel\AppData\Local\31848.exe
2016-11-18 13:48 - 2016-11-18 13:48 - 0048436 _____ () C:\Users\Daniel\AppData\Local\84502.exe
2016-07-19 07:28 - 2016-10-25 10:34 - 0000600 _____ () C:\Users\Daniel\AppData\Local\PUTTY.RND
2016-11-23 18:03 - 2016-11-23 18:03 - 0000218 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel
2016-11-18 14:58 - 2016-11-18 14:58 - 0000003 _____ () C:\Users\Daniel\AppData\Local\run1.txt
Files to move or delete:
====================
C:\Users\Daniel\1386E796930777388C712CCE0CF9DE4F.dat
Some files in TEMP:
====================

C:\Users\Daniel\AppData\Local\Temp\HD-LibraryHandler.dll
C:\Users\Daniel\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Daniel\AppData\Local\Temp\pic30-lm.exe
C:\Users\Daniel\AppData\Local\Temp\Procmon64.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-16 20:06

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Daniel (25-11-2016 09:49:59)
Running from C:\Users\Daniel\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-02 18:48:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-530961615-738628264-3883630054-500 - Administrator - Disabled)
Daniel (S-1-5-21-530961615-738628264-3883630054-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-530961615-738628264-3883630054-503 - Limited - Disabled)
Guest (S-1-5-21-530961615-738628264-3883630054-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Ansel (Version: 375.86 - NVIDIA Corporation) Hidden
Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth)
Cadence Allegro Free Physical Viewers 17.2 (HKLM-x32\...\{011C2373-B72C-4E8F-AEC8-2A9693C12293}) (Version: 17.2 - Cadence Design Systems)
Cadence OrCAD PCB Designer Lite 17.2 (HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\{2D444666-5875-4B28-9ED8-15F750802BF5}) (Version: 17.20.002 - Cadence Design Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
Citra Edge (HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\citra) (Version: 0.1.63 - Citra Development Team)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Defcon v1.6 (HKLM-x32\...\Defcon_is1) (Version: - Introversion Software Ltd)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio)
Discord (HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version: - id Software)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evaer Video Recorder for Skype 1.6.6.19 (HKLM-x32\...\Evaer Video Recorder for Skype) (Version: 1.6.6.19 - Evaer Technology)
EZSearch (HKLM-x32\...\EZSearch) (Version: - )
FileZilla Client 3.22.1 (HKLM-x32\...\FileZilla Client) (Version: 3.22.1 - Tim Kosse)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GitHub (HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Insurgency (HKLM\...\Steam App 222880) (Version: - New World Interactive)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Metro 2033 Redux (HKLM\...\Steam App 286690) (Version: - 4A GAMES)
Metro: Last Light Redux (HKLM\...\Steam App 287390) (Version: - 4A Games)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2105 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorsport.Manager.REPACK-KaOs Uninstaller v3.0 (HKLM-x32\...\Motorsport.Manager.REPACK-KaOs_is1) (Version: 3.0 - KaOsKrew)
MouseRecorder v1.0.47 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.47 - Bartels Media GmbH)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
MPLAB C for PIC24 MCUs and-or dsPIC DSCs (HKLM-x32\...\MPLAB C for PIC24 MCUs and-or dsPIC DSCs v3.30c) (Version: v3.30c - Microchip)
MPLAB Tools v8.92 (HKLM-x32\...\InstallShield_{EFF70ABE-9F88-41B4-A0DF-BE0A803209CF}) (Version: 8.92 - Microchip Technology Inc.)
MPLAB Tools v8.92 (x32 Version: 8.92 - Microchip Technology Inc.) Hidden
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.0 (HKLM\...\{0C801AA7-A02E-4DCF-BD09-0EACB11D9863}) (Version: 5.1.0 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version: - OVERKILL Software)
PCB Artist Version 3.1 (HKLM-x32\...\{284A25AA-96B4-449D-BBA0-D0C97A5E213E}) (Version: 3.1 - Advanced Circuits)
Pharos (HKLM-x32\...\Pharos) (Version: - )
Prey Anti-Theft (x32 Version: 1.6.1 - Prey, Inc.) Hidden
Pro Evolution Soccer 2016 Update v1.03 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNg==_is1) (Version: 1 - )
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.9.8.68 - Bitsum)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Receiver (HKLM\...\Steam App 234190) (Version: - Wolfire Games)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version: - Tripwire Interactive)
RogueKiller version 12.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.1.0 - Adlice Software)
RuneMate (HKLM-x32\...\5153-2584-1271-2038) (Version: 2.4.0.2 - )
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
S.T.A.L.K.E.R. Clear Sky (HKLM-x32\...\GOGPACKSTALKERSTCS_is1) (Version: 2.0.0.8 - GOG.com)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{F9B436DD-8D48-430E-BA89-F85DFA452C55}) (Version: 13.0.9.1312 - SAP)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Simba 1.00 (HKLM-x32\...\{524C9B9A-B57F-4FEC-89BE-292202EBA44D}_is1) (Version: - )
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\slack) (Version: 2.3.2 - Slack Technologies)
SQLite ODBC Driver for Win64 (remove only) (HKLM-x32\...\SQLite ODBC Driver for Win64) (Version: - )
STAR WARS™ Battlefront™ II (HKLM\...\Steam App 6060) (Version: - Pandemic Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Jackbox Party Pack (HKLM-x32\...\The Jackbox Party Pack_is1) (Version: - )
TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal)
TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.15.6404 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment)
Wargame: Red Dragon (HKLM\...\Steam App 251060) (Version: - Eugen Systems)
World of Guns: Gun Disassembly (HKLM\...\Steam App 262410) (Version: - Noble Empire Corp.)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - Xvid Development Team)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\capture.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{15B7EDEC-C27A-4830-869D-7AABCC104E51}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{160497BE-0194-4784-84A6-96FBD633F876}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\modeled.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{189387F1-D978-4524-BF3C-694E8E07EFFF}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\ortruereuse64.ocx ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{1DFD9959-3EE6-45E0-9D43-824EBD4CD389}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{21976533-5648-4E42-B84F-C169898F1ECB}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{27508707-B27E-42D2-BE29-1AF8AEA93A0E}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPIC64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{2B1066C6-1A94-4E0B-BABF-D85DD868B7D5}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\stmed.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{31BDEAF6-95DE-4175-9119-92D525A3B600}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiica64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{33365B87-BA80-4476-AC3F-C126F30656C3}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{348E9523-9774-41DF-A24B-EF4C0A8BCB3F}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orApConCtl64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{358849F0-B260-49CC-8BCE-8FD7FE2A23F8}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\simmgr.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\modeled.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{3DAD4F8B-49BA-4D7C-B348-CBA6A03E22D9}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\simmgr.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{53D45603-B24B-4F0B-8DD7-DA3C1125445F}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{5C192887-CF9F-4E9D-833D-4D5A6366CA4D}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\modeled.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{5EBE72AF-6082-481F-9C6B-9E5F994D8C23}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{60FD2BEA-A369-42DC-985C-BDBE8617C0D8}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{6353D943-5A1D-4495-B23F-49097930CBE8}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\stmed.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\modeled.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{673C46C9-D4C6-414F-94B5-D2439DE33E36}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiica64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{684C263C-4A60-4FE0-9A89-D2FCDFA28D82}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{69F086C1-793F-4B2A-AE35-9668CA58929F}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{6B41BE7A-E146-480C-9D2B-519E1A0A6CE6}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpxllite64.ocx (Cadence Design Systems Inc. )
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{79AE55D2-F2B3-41A6-94D8-E936999AAEC8}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\SimSrvr.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{80EC1B8D-6958-41C3-8F57-03962BBF01FC}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\modeled.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{83637867-7260-4F1E-B2F8-FB4D8E6F5546}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpxllite64.ocx (Cadence Design Systems Inc. )
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{918E2AD0-E4CE-4C8F-A1D3-DE73B3592C48}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{9BCA2D46-3639-466C-828D-662B9C254E93}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\PspiceExplorerSrvr.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{9D272CB5-46DE-4E10-99A3-C8A6BD3A0748}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orlayoutreuse64.ocx (Cadence Design System)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{A3822123-1F17-435C-BE1B-13CC7D64A1F4}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\capture.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{A50B40B5-3AD6-45E9-AE0F-8411180FF935}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\mrksrvr.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{A5BC9D30-4956-44FC-8837-66692742AD07}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPIC64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{A8FC1C08-D635-4C63-AEAA-10C9BC2CE570}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orApConCtl64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{AFC0797D-1E57-4EA0-A0DD-A71297A4ACD8}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPIC64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{AFC4FCF3-0EEE-4448-AE23-0680A88A22AA}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{B246A908-770E-4B98-99EA-EC23648F2532}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\modeled.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{BC52C06A-D1F8-4039-8C44-F78A70B5EA3C}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\capture.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{C04B6E75-FF75-4C5F-9560-89352E9BAA0B}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\capture.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{C262C294-C3F0-48FD-A178-BA3396528151}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpicis64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{C76160CB-15E7-4299-A018-5CE6E15A7D2A}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{CADC842C-7C64-40B4-9F9A-7C82A0FC1DB7}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{CBEF1209-5E8B-47A4-862A-E716EBCA78DA}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{CD2425E4-8141-11D0-8CE4-444553540000}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\simmgr.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{D23CAAEF-6DA2-4797-83D8-021970040DDE}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPspice64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{D70EB2BC-F3DC-4362-89A1-8C1C2BE75459}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{D7C7376A-B776-4266-8108-86A983B62A57}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspiceaa.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpicis64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{DF76FC8B-0E2E-4B81-8417-E46B4B084927}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpxllite64.ocx (Cadence Design Systems Inc. )
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{E5D385DC-2563-45E3-BF55-CB94821EAA0B}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiica64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{E6C99519-1BEA-4F29-B199-F85A462DFF82}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpicis64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{EA0541F9-E147-4F3A-B637-D787673F1699}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpicis64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\capture.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{EB78627A-B70D-41F3-B44E-C1415BF04121}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspiceaa.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{EC0D4058-AAED-4535-8BE6-564062563D5F}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpicis64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{F152E572-47A0-46F9-BE18-E2E83FAE95A2}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspiceaa.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{F2930AA9-1354-4497-A6F5-45C8D3FA73D6}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPIC64.dll ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{F38847C9-55DC-4B52-AB3B-B919CE49C7DF}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orgenlibcom64.dll (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{F614E8A5-E663-4F4D-8ACE-A909A5EA6AED}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orlayoutreuse64.ocx (Cadence Design System)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{F8518828-EC72-4B05-A8C9-040CB8390727}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpxllite64.ocx (Cadence Design Systems Inc. )
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\modeled.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{F9FACC57-5B03-4063-AC9F-DEC6FAB02DDC}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{FD4187F1-FE95-435F-8174-3FC392E5BEC5}\localserver32 -> C:\Cadence\SPB_17.2\tools\bin\pspice.exe (Cadence Design Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{FD829158-7ADE-44B4-91F9-28CF7FD51E4C}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\ortruereuse64.ocx ()
CustomCLSID: HKU\S-1-5-21-530961615-738628264-3883630054-1001_Classes\CLSID\{FEB15EE1-0DD2-4B20-BB58-698FAB59913C}\InprocServer32 -> C:\Cadence\SPB_17.2\tools\bin\orpiPIC64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AB9E64F-1A6C-44D4-8B6C-51F785A676A1} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {0BA051D3-864C-41C4-AE81-20BB14194AEB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {0D1BA046-AF45-4248-B7CE-12FBCB6B25FE} - System32\Tasks\EPSON XP-410 Series Invitation {C9A7E374-FFCA-46B7-A0C1-407313000B6B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2014-11-20] (SEIKO EPSON CORPORATION)
Task: {1F0E5B94-F873-4E99-BA13-7B8332ADC011} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {2370B4A5-1763-4410-BFB2-DF7A7D93D3C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {3860D2A0-A9A1-4A92-80A0-171D0DF94F80} - System32\Tasks\Microsoft\Windows\Windows Subsystem for Linux\AptPackageIndexUpdate => %comspec% [Argument = /c start "AptPackageIndexUpdate" /min %windir%\System32\LxRun.exe /update]
Task: {60BDFDCE-DC13-4342-B54D-048DB41E3B23} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {7250CDB4-3691-43A5-A57B-88DC8BA814F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {880FB99F-D028-42FE-BD98-60B650539325} - \2089576 -> No File <==== ATTENTION
Task: {8E4AB760-C4C9-480F-8F2F-A4895F4ED783} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {8EC9A422-C1E5-4AB2-A8F0-CD1BA252E300} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {90A60D00-90C0-41D0-B121-DB791E9B8973} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2016-11-13] (Bitsum LLC)
Task: {91CAFC76-85BC-4846-A3A8-3E22992690FE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {9D5613B1-1B91-46C7-94C8-C0491269B5F4} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2016-11-13] (Bitsum LLC)
Task: {AA4916A5-EAAC-4735-B34E-7507650864B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {AC445808-5C42-42D1-B018-B6B249731AEA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {BFEB4BE3-8C9F-4D10-9572-960760844E34} - System32\Tasks\EPSON XP-410 Series Update {C9A7E374-FFCA-46B7-A0C1-407313000B6B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2014-11-20] (SEIKO EPSON CORPORATION)
Task: {C81C8B5A-0AB6-4FA7-8507-593657FD81E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-21] (Google Inc.)
Task: {D2B9B0D2-2F7D-46D5-8ADA-12847083FC7C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {D66F6DE1-64E2-4733-84E4-BEA55B7046E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-21] (Google Inc.)
Task: {EC29C3A5-0C78-4DC3-90AA-3A3D17B4CE4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {FA1E3BDE-4427-4AD7-9D5F-649824F723B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {FF3B3F5D-8D37-40CC-B7FE-B9CBD867F91B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {C9A7E374-FFCA-46B7-A0C1-407313000B6B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Update {C9A7E374-FFCA-46B7-A0C1-407313000B6B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE:/EXE:{C9A7E374-FFCA-46B7-A0C1-407313000B6B} /F:UpdateWORKGROUP\DAN-LAPTOP$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
Shortcut: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Flоаting fоr YоuТubе™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Rеmоtе Dеsktоp.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic

ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34f26a0e91f197dc\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 12:46 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-24 23:53 - 2016-10-25 14:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 23:53 - 2016-10-25 14:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 23:54 - 2016-10-25 14:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-07-20 19:05 - 2016-10-08 21:27 - 00076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-08-02 12:43 - 2016-11-10 16:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 12:46 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-03 08:57 - 2016-10-03 08:57 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-06-30 02:23 - 2016-06-30 02:23 - 00592384 _____ () C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX64.dll
2016-08-02 12:50 - 2016-08-02 12:50 - 00959168 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-12 07:54 - 2016-11-18 08:18 - 08919744 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-08-19 00:38 - 2016-08-19 00:38 - 00410600 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-15 08:41 - 2016-09-06 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-12 01:39 - 2016-11-02 04:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-12 01:39 - 2016-11-02 04:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2012-07-18 16:38 - 2012-07-18 16:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 12:24 - 2013-08-01 12:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2016-11-17 08:27 - 2016-11-17 08:27 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 08:27 - 2016-11-17 08:27 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 08:27 - 2016-11-17 08:27 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-12 01:39 - 2016-11-02 04:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-12 01:39 - 2016-11-02 04:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-12 01:39 - 2016-11-02 04:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-12 01:39 - 2016-11-02 04:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-12 01:39 - 2016-11-02 04:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-12 01:39 - 2016-11-02 04:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-21 22:32 - 2016-11-08 15:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-21 22:32 - 2016-11-08 15:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-12 01:39 - 2016-11-02 04:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-11-12 01:39 - 2016-11-02 04:16 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2016-11-12 01:39 - 2016-11-02 04:13 - 01475584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll
2016-09-05 17:09 - 2016-09-05 17:09 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.3\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2016-09-24 23:54 - 2016-10-25 14:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-24 23:54 - 2016-10-25 13:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-24 23:54 - 2016-10-25 13:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-24 23:54 - 2016-10-25 13:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-24 23:53 - 2016-10-25 14:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 23:53 - 2016-10-25 14:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 23:54 - 2016-10-25 13:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-24 23:54 - 2016-10-25 13:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-24 23:54 - 2016-10-25 13:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-24 23:54 - 2016-10-25 13:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-07-11 16:53 - 2016-09-07 21:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-11 16:53 - 2016-08-31 19:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-11 16:53 - 2016-10-12 19:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-11 16:53 - 2016-08-31 19:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-11 16:53 - 2016-08-31 19:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-11 16:53 - 2016-01-27 01:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-11 16:53 - 2016-01-27 01:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-11 16:53 - 2016-01-27 01:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-11 16:53 - 2016-01-27 01:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-11 16:53 - 2016-01-27 01:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-11 16:53 - 2016-10-12 19:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-07-11 16:53 - 2016-07-04 16:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-13 17:00 - 2016-08-04 14:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-11-16 13:32 - 2016-11-16 13:32 - 01942528 _____ () C:\Users\Daniel\AppData\Local\slack\app-2.3.2\ffmpeg.dll
2016-11-16 13:32 - 2016-11-16 13:32 - 00177152 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\nslog\build\Release\nslog.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00083968 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00074240 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\gc\build\Release\gc.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00092672 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\edge-atom-shell\build\Release\edge.node
2016-06-30 05:24 - 2016-06-30 05:24 - 00564224 _____ () C:\Users\Daniel\AppData\Local\MEGAsync\ShellExtX32.dll
2016-08-02 12:50 - 2016-08-02 12:50 - 00679624 _____ () C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2016-07-12 07:55 - 2016-11-18 08:18 - 08919744 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-16 13:32 - 2016-11-16 13:32 - 02222592 _____ () C:\Users\Daniel\AppData\Local\slack\app-2.3.2\libglesv2.dll
2016-11-16 13:32 - 2016-11-16 13:32 - 00080896 _____ () C:\Users\Daniel\AppData\Local\slack\app-2.3.2\libegl.dll
2016-11-16 13:32 - 2016-11-16 13:32 - 00402432 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00129536 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00592384 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@nodert-win10\windows.data.xml.dom\build\Release\binding.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00329728 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@nodert-win10\windows.ui.notifications\build\Release\binding.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00136704 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\ref\build\Release\binding.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00140800 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\ffi\build\Release\ffi_bindings.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00074752 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\system-idle-time\build\Release\system_idle_time.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00072704 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\windows-quiet-hours\build\Release\quiethours.node
2016-11-16 13:32 - 2016-11-16 13:32 - 00320000 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\slack-calls.node
2016-11-16 13:32 - 2016-11-16 13:32 - 06025216 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\CallsCore.dll
2016-11-16 13:32 - 2016-11-16 13:32 - 01182208 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\boringssl.dll
2016-11-16 13:32 - 2016-11-16 13:32 - 00178688 _____ () \\?\C:\Users\Daniel\AppData\Local\slack\app-2.3.2\resources\app.asar.unpacked\node_modules\@paulcbetts\slack-calls\build\Release\protobuf_lite.dll
2016-07-11 16:53 - 2015-09-24 17:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-11-22 09:33 - 2016-11-22 09:33 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-11-22 09:33 - 2016-11-22 09:33 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-11-22 09:33 - 2016-11-22 09:33 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-530961615-738628264-3883630054-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 01:24 - 2016-11-19 00:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-530961615-738628264-3883630054-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: vpnagent => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{85AD1095-E1C0-4EEB-AFFA-CDA4FB126B4B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{1DF0CF2F-CDA3-40AC-A1B2-4BC5BC006C00}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{554F0416-97BA-46EB-9E8D-8049429527F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{41E2724A-850A-4511-9DE3-05921652008D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{FA32E542-DE4D-47A3-90BA-324021B9D87F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{95F20136-6B9D-46ED-846B-BFA9EF44836B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{0DC184DD-0D2C-437F-A695-C20107D26B78}] => (Allow) C:\Program Files (x86)\MouseRecorder\MouseRecorder.exe
FirewallRules: [{43827302-8A07-4495-83BF-4ED505552E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{CA340379-3C54-4D36-9B66-B44BF73C5B32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [UDP Query User{C493286D-7A60-4057-855B-3F2982BF283C}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{42E35278-26EF-4C97-B352-DB7B19C9A606}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{FC41E730-8F96-48D3-A20A-BB7412AC30A3}C:\program files (x86)\defcon\defcon.exe] => (Allow) C:\program files (x86)\defcon\defcon.exe
FirewallRules: [TCP Query User{3444B676-1E2A-4235-9F47-E71773A72D56}C:\program files (x86)\defcon\defcon.exe] => (Allow) C:\program files (x86)\defcon\defcon.exe
FirewallRules: [{1310FEDF-9286-4C3C-B453-028DC78EF589}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{E0F51B8E-E4ED-487F-A44A-46367F8EA701}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{3D268231-5257-41F7-AD0D-3719F0912F90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{1F26C7E8-C14A-494F-8882-6DF07A921CC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{0671DF5C-91FF-47D7-8DB8-0EFA95B92324}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{4335379E-B1B0-4111-AC36-EB293D001720}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Receiver\Receiver.exe
FirewallRules: [{DAA275BE-761A-42E4-8A01-E4D3D78EAE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{D11C544B-91A5-4D43-B53A-CB3EC1AE7CEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{4438D9CC-977D-4EB9-BBB4-BE4A0E0BE72E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{79377A56-820A-4219-929A-3F1270089F08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{560A2BD9-A425-4761-807B-E20747E2F5B6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6A454DFC-805A-4E69-8659-4B5B59EAE4DB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2488AA94-4953-41A0-8506-31E6161747C4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{031612C1-A5E5-448E-8C0A-AD3ECE606BB1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8C343610-6B68-4E0A-A748-A3EF474B737D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{1E24BC76-8F46-4A15-962A-B7F2591AA2CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{B435AA7F-3901-4F36-ADF4-002D3AB009B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{A4D4B961-AF00-4412-A50F-6B016F6510E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{1ED33050-B3EF-48F5-97CD-3E998944F2DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{E4C8B51A-CCFE-4F89-94F8-D41F6D28A824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{74387BD5-F2F6-4084-A8B1-C41E83D5598D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EFEC0D63-6790-481C-9042-FF43DE3C124D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7E22185-4964-4BD2-B8BA-F85E451B1829}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F838478-658A-463E-A862-5D1591DAF565}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08DCC624-00D3-4B9A-BC24-8644EB5A6356}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{8DB4E489-1C1B-40A5-8537-B1E3EA7B7BE3}C:\users\daniel\downloads\release\release\pokemobbot.exe] => (Allow) C:\users\daniel\downloads\release\release\pokemobbot.exe
FirewallRules: [UDP Query User{D7F74B09-F482-40F9-853D-23952F7FA6B9}C:\users\daniel\downloads\release\release\pokemobbot.exe] => (Allow) C:\users\daniel\downloads\release\release\pokemobbot.exe
FirewallRules: [TCP Query User{C5AD0612-6BAD-4ADF-9608-D2FDC0F62618}C:\users\daniel\downloads\release\pokemobbot.exe] => (Allow) C:\users\daniel\downloads\release\pokemobbot.exe
FirewallRules: [UDP Query User{B41F27C9-DE32-4C79-91B2-934811341268}C:\users\daniel\downloads\release\pokemobbot.exe] => (Allow) C:\users\daniel\downloads\release\pokemobbot.exe
FirewallRules: [{0B272D33-5B22-40C4-A1E0-41BBC0FE7361}] => (Allow) %ProgramFiles% (x86)\Overwatch\Overwatch.exe
FirewallRules: [{87E696C8-0BA7-448E-A871-2767E62C065F}] => (Allow) LPort=80
FirewallRules: [{2D667134-0C14-443E-B9D7-528ADB04CC53}] => (Allow) LPort=3479
FirewallRules: [TCP Query User{DE29241B-A43C-4E67-A6EA-A189EE4CE945}C:\users\daniel\downloads\mratio.exe] => (Allow) C:\users\daniel\downloads\mratio.exe
FirewallRules: [UDP Query User{4A53038F-613B-4836-9908-7F3269BAC65E}C:\users\daniel\downloads\mratio.exe] => (Allow) C:\users\daniel\downloads\mratio.exe
FirewallRules: [TCP Query User{4DE58DC2-550F-4810-8906-18A3B3911F50}C:\users\daniel\downloads\mratio\mratio.exe] => (Allow) C:\users\daniel\downloads\mratio\mratio.exe
FirewallRules: [UDP Query User{D12015D0-BC73-46FF-A9AD-2F89D9B1418E}C:\users\daniel\downloads\mratio\mratio.exe] => (Allow) C:\users\daniel\downloads\mratio\mratio.exe
FirewallRules: [{5087EB9A-3ADF-48CF-8459-8D081186B67A}] => (Allow) C:\Users\Daniel\Downloads\Voksi\Steam\Steam.exe
FirewallRules: [{2F08A21E-F9B7-42E1-8AC3-52EDD36B28FB}] => (Allow) C:\Users\Daniel\Downloads\Voksi\Steam\Steam.exe
FirewallRules: [{EEACE1A2-2AEA-462A-855E-C9E7DEECF5A5}] => (Allow) C:\Users\Daniel\Downloads\Voksi\Steam\bin\steamwebhelper.exe
FirewallRules: [{29E783A6-0FEF-4A33-A8CF-3028A17AC07D}] => (Allow) C:\Users\Daniel\Downloads\Voksi\Steam\bin\steamwebhelper.exe
FirewallRules: [{4561AB8B-1874-4D52-97CB-A23A98577562}] => (Allow) C:\Users\Daniel\Downloads\DOOM.SteamRip-Fisher\DOOM\Steam\Steam.exe
FirewallRules: [{52232AAC-E0A9-44C2-9378-AA282244D2AF}] => (Allow) C:\Users\Daniel\Downloads\DOOM.SteamRip-Fisher\DOOM\Steam\Steam.exe
FirewallRules: [{E966D466-A4E9-45D8-B083-DBE7D37F5BF1}] => (Allow) C:\Users\Daniel\Downloads\DOOM.SteamRip-Fisher\DOOM\Steam\bin\steamwebhelper.exe
FirewallRules: [{747B1E57-4FCF-43B8-B6D6-D6741AB6C2ED}] => (Allow) C:\Users\Daniel\Downloads\DOOM.SteamRip-Fisher\DOOM\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1F157681-A799-4D4D-B137-E633C106307F}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [UDP Query User{D1FB253C-4457-4A01-A04C-CA9CB7E03F1F}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [{4B2EFDC9-D5CD-442E-86AB-6948B0FA3EF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{6926D317-37F6-42F7-9021-27A602317F20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{9C09942A-9EBC-409C-98D8-D1D0B721A332}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{78F8F9A0-A5DC-49B3-931F-1C67D32ECAA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{2A0C159F-941C-4D38-9060-6EA8761668BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{53B6DD31-A6C2-4374-9885-C066AAC3C19B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{8AEBC174-3E11-4D77-A530-8F93B19832DC}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{CE7B46D5-349C-47AC-9801-6D04B386D1FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{F5490535-2067-4B5E-A79E-DD923C8E02BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{D630910D-0088-4ED2-B338-B2B997C9F635}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{89868AC7-EB4B-4A31-9466-E70ED9425489}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{F640884C-6E33-41D0-A2CB-97C728C37F33}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaDMTurboServer.exe
FirewallRules: [{82A328F4-1958-47F7-B6B0-1D285A01F36D}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaDMTurboServer.exe
FirewallRules: [{079B689A-C175-4041-BEAE-6E6E3421A155}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaDMTurboServer.exe
FirewallRules: [{97165E65-A318-4468-8F16-AE4851C1C3FF}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaDMTurboServer.exe
FirewallRules: [{3A3FA9BC-ADF5-4932-803A-163D062ED99A}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaFSLockD.exe
FirewallRules: [{C723DE5C-F737-4F76-A75F-73330905DFE3}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaFSLockD.exe
FirewallRules: [{FBE44B09-69CA-42BB-8251-4310B209A1EB}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaFSLockD.exe
FirewallRules: [{9B37E816-686A-4BC8-8CDD-5550D117EFA7}] => (Allow) C:\Cadence\SPB_17.2\OpenAccess\bin\x64\opt\oaFSLockD.exe
FirewallRules: [{F9E8C36D-4F76-4785-B2F5-7DBB04953EA1}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\rmiregistry.exe
FirewallRules: [{DBBA8E28-CE6F-4291-A0CC-0155972AC534}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\rmiregistry.exe
FirewallRules: [{CC268BEB-0426-43CC-AAB0-E52118BB079E}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\rmiregistry.exe
FirewallRules: [{9642B3E9-42B9-4549-B02A-92E1D998009E}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\rmiregistry.exe
FirewallRules: [{84F005E4-31CD-4087-858C-8E11EC5D356B}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\tnameserv.exe
FirewallRules: [{B8B1F9C6-0C82-48A4-8306-046BF6EDB32B}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\tnameserv.exe
FirewallRules: [{C2E89DD9-FE63-4241-8FD3-433BD90E59CC}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\tnameserv.exe
FirewallRules: [{0FA3C31C-4C93-428E-8627-820601CB485E}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\tnameserv.exe
FirewallRules: [{F3594AA3-1B0F-411E-AA03-D3D227B5CAD9}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\java.exe
FirewallRules: [{86E7B155-7E08-40F9-89AB-36FADA347A15}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\java.exe
FirewallRules: [{1786897A-3444-429D-BCF8-AFAA591EB5A0}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\java.exe
FirewallRules: [{92802C41-5DD8-43FA-B888-630A2608AD5B}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\java.exe
FirewallRules: [{8A085158-7AC3-4AC7-8CD0-962C41D2A60E}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\javaw.exe
FirewallRules: [{A8EBDACD-8ABD-4437-A02F-1AE2A9B0598A}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\javaw.exe
FirewallRules: [{5F570FF0-82C0-4D1B-8264-D15C39F81A40}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\javaw.exe
FirewallRules: [{C0B66B60-DCF6-469A-B1F0-096380059ED9}] => (Allow) C:\Cadence\SPB_17.2\tools\jre64\bin\javaw.exe
FirewallRules: [{117A9A37-395B-4374-BC5B-270DB0554C1E}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\swap.exe
FirewallRules: [{D61A0C22-F914-4EFC-B03F-00D26426B045}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\swap.exe
FirewallRules: [{91ABAD81-88E4-436E-9F17-C9A875D2E69B}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\swap.exe
FirewallRules: [{9A962B31-2E84-4AB6-A236-8C76E36B21AA}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\swap.exe
FirewallRules: [{87B7AF4F-E02A-4305-93EA-1F798188E78B}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\clsbd.exe
FirewallRules: [{A425AE5B-47C1-4FA6-8E73-B5905832345E}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\clsbd.exe
FirewallRules: [{41159811-1BC8-41D8-9991-BC45FED1629B}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\clsbd.exe
FirewallRules: [{387DB624-3FA3-499D-951E-3316FB0AFCA9}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\clsbd.exe
FirewallRules: [{4425792D-82DE-4096-90F7-082999D5AEB2}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsMsgServer.exe
FirewallRules: [{9B4FA996-9B81-457F-828D-312DEF69F8A6}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsMsgServer.exe
FirewallRules: [{C11CD3F6-25AC-4B12-95AE-254714F79CE7}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsMsgServer.exe
FirewallRules: [{7A99D999-EC2C-440F-A0F4-464806140448}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsMsgServer.exe
FirewallRules: [{F1BB4483-80E5-4B3D-BF85-9A965A1D2C19}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsNameServer.exe
FirewallRules: [{08CCDC2C-E0FC-4033-8CF7-8BEB263938DF}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsNameServer.exe
FirewallRules: [{48BE5B0B-F44C-4D55-8043-25C6C4204793}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsNameServer.exe
FirewallRules: [{58BF7F66-E5FA-455E-A93A-D36D648E3E9C}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsNameServer.exe
FirewallRules: [{5947EE06-AC32-487C-929A-695E8978FACE}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsmps.exe
FirewallRules: [{9329F578-0CC1-43C1-88EF-77D7A9AFEC64}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsmps.exe
FirewallRules: [{48B4272D-FAA1-4955-BB05-50D1B8A30A40}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsmps.exe
FirewallRules: [{6B0BAF5D-5A83-4D18-81E9-01467A0E464B}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\cdsmps.exe
FirewallRules: [{2EA8588B-9F2D-4F19-89F4-2FEC8A77DF28}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\allegro.exe
FirewallRules: [{E2609894-047F-40AD-8289-5BC3B7E56A8A}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\allegro.exe
FirewallRules: [{10D172B5-3F1A-4D8C-B9C1-A3929B9D9D75}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\allegro.exe
FirewallRules: [{F7D9DE3B-B5A7-46D1-9A7A-A2CC542E8A67}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\allegro.exe
FirewallRules: [{B3FC09D4-459E-4B7C-8B33-37E13E51C3EB}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\productServer.exe
FirewallRules: [{38E566EC-FF8B-4284-BB91-3156BD9C3D15}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\productServer.exe
FirewallRules: [{1818CE2E-A3E4-48F9-9F12-5983332B223E}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\productServer.exe
FirewallRules: [{83DAAE7D-9C1D-4D52-8CE1-4E8BF93F77E3}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\productServer.exe
FirewallRules: [{9EDDF560-6F9F-4BC7-B460-B7D3E62942F0}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigwave.exe
FirewallRules: [{7FB360FE-EAC5-4458-BF25-D7AF23E53EE9}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigwave.exe
FirewallRules: [{806680CC-6E19-43C8-B13F-3493CD6839D4}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigwave.exe
FirewallRules: [{4D1DCDB5-063E-44B7-BFDD-E55E26007617}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigwave.exe
FirewallRules: [{0BE2DE05-2237-4AAC-BC9C-37EB3D152185}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigxsect.exe
FirewallRules: [{858546F9-0048-4EC0-B4F4-CC1C433184A7}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigxsect.exe
FirewallRules: [{F096DA6F-8E19-412D-A445-8BF9AF1F7280}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigxsect.exe
FirewallRules: [{2D275B7C-9C88-4ACD-8904-778A345BA0DC}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\sigxsect.exe
FirewallRules: [{EB60D758-C211-43B3-B0C5-7A2A7C81A009}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\Capture.exe
FirewallRules: [{45AAD44A-FD08-4611-BF06-4E547861D03F}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\Capture.exe
FirewallRules: [{A7234C90-EC3C-49E3-BF94-89A8C33D83B2}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\Capture.exe
FirewallRules: [{4366B2CB-ABDD-4A18-B985-A91EE404B740}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\Capture.exe
FirewallRules: [{FBD8B6BC-EBA9-4936-B3B2-5B7381E94339}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\muserver.exe
FirewallRules: [{0002880A-6597-4B41-86ED-405E8578220D}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\muserver.exe
FirewallRules: [{9D09197F-FDD6-4386-A7E2-0519C69784FF}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\muserver.exe
FirewallRules: [{0A50A785-F8B9-43F8-B80A-AC722F7D6DF9}] => (Allow) C:\Cadence\SPB_17.2\tools\bin\muserver.exe
FirewallRules: [TCP Query User{795850AD-0C87-4158-BD62-CFAD47A14B3C}C:\cadence\spb_17.2\tools\bin\cdsnameserver.exe] => (Allow) C:\cadence\spb_17.2\tools\bin\cdsnameserver.exe
FirewallRules: [UDP Query User{81BAC167-763D-4885-84B3-7A1EE1E961DE}C:\cadence\spb_17.2\tools\bin\cdsnameserver.exe] => (Allow) C:\cadence\spb_17.2\tools\bin\cdsnameserver.exe
FirewallRules: [TCP Query User{D97185DE-1754-4849-B2B3-40511A13411A}C:\cadence\spb_17.2\tools\bin\cdsmsgserver.exe] => (Allow) C:\cadence\spb_17.2\tools\bin\cdsmsgserver.exe
FirewallRules: [UDP Query User{63AA7068-391A-438B-A534-4BAEAA2444BD}C:\cadence\spb_17.2\tools\bin\cdsmsgserver.exe] => (Allow) C:\cadence\spb_17.2\tools\bin\cdsmsgserver.exe
FirewallRules: [{8F2B7681-8068-4860-A5E7-939479C98150}] => (Allow) C:\Windows\Prey\versions\1.6.3\bin\node.exe
FirewallRules: [{07616CE7-0C74-435B-95A3-00576C22305E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C837D08F-89B6-4E6F-A6CB-5D763FA9A40E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{09C2FF06-45C7-40F3-AAD3-DE77F3550BC8}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{22DC8D5B-1475-487D-95A1-E3548193E275}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{FB83C9AC-7F9A-448F-B029-9884FB362DD0}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{630B566B-6528-417A-A5B8-438D736200E4}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{36E3A02C-6568-46C5-A917-FB801B12A1F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7C799461-7B15-43EC-8941-C9DBB0E818CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E1582303-3FFE-4F25-B1AD-F5B79A8B9166}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{37757D15-D026-4B38-8134-90711F3EED2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D802DEB7-126C-4117-99EE-60CA8C7457E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0588C1DE-6F13-41D8-9B3C-C43DF1E58262}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{78082A8B-7543-4501-A47A-E7AD2F8DC192}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1EB699C3-48B7-45A9-B2AD-DD9846A0E6BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51BD9A03-49E6-4A2D-AC7D-2D4272496C9F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{21AD0AD2-72A8-4480-8EEA-F543AD2F0B42}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{33D67B33-82F9-4254-AD2A-E122579D07CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4434D101-70DC-4B24-B689-F207D180155D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{5B3757DD-BD61-46C0-B032-CF700C007654}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe
FirewallRules: [UDP Query User{A1514BAC-A7F5-4C67-BB32-4593429D87E0}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe
FirewallRules: [{CD2549C4-5CAD-4C26-AB9F-D7F08179A3AF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{F9BDECAF-42B1-4B2F-B6BF-B3B27119EB12}C:\users\daniel\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\daniel\jagexcache\jagexlauncher\bin\jagexlauncher.exe
FirewallRules: [UDP Query User{46C8C742-34E1-436B-A9E0-001903C8D801}C:\users\daniel\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\daniel\jagexcache\jagexlauncher\bin\jagexlauncher.exe
FirewallRules: [{85270F52-531C-4906-9E12-36B9104CE07A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [TCP Query User{C273CAB0-8247-441C-8632-037CE8AA8883}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{2EFC5664-55B9-4D38-9580-27BF77582112}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{1556D6D3-B97B-42BA-A450-DBEC4011D473}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
FirewallRules: [{9A268504-7B69-4F3A-8A97-67BCFA653296}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{11306DE8-E982-40F3-A863-B83504C04644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{EF26929F-15EE-4EE6-98C9-82A21DEDF493}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{F0C41526-4701-4215-B14F-1BBD80A2E520}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{B25FA5AE-FF74-457A-9770-63EF6EB029C0}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D235CB60-0D6B-4651-91B3-421EE8357DAF}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe

==================== Restore Points =========================

18-11-2016 18:40:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Scp Virtual Bus Driver
Description: Scp Virtual Bus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Nefarius Software Solutions
Service: ScpVBus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2016 09:34:31 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/25/2016 09:34:31 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/25/2016 09:34:30 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/25/2016 09:34:30 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/25/2016 09:34:27 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/25/2016 09:34:27 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/25/2016 09:34:24 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/25/2016 09:34:24 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0

Error: (11/24/2016 11:48:32 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (11/24/2016 11:48:32 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0


System errors:
=============
Error: (11/24/2016 11:20:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2016 12:08:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2016 08:51:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2016 06:43:39 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DAN-LAPTOP)
Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-530961615-738628264-3883630054-1001-0-ntuser.dat

Error: (11/22/2016 06:43:33 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DAN-LAPTOP)
Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-530961615-738628264-3883630054-1001-0-ntuser.dat

Error: (11/22/2016 01:43:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2016 12:00:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2016 10:22:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2016 12:07:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2016 06:21:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2016-11-21 21:21:30.315
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvtdi.inf_amd64_ffe959c3568f2c22\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-20 15:37:19.828
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvtdi.inf_amd64_ffe959c3568f2c22\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-19 16:40:18.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvtdi.inf_amd64_ffe959c3568f2c22\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-19 16:03:34.284
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvtdi.inf_amd64_ffe959c3568f2c22\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-18 15:31:54.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

Date: 2016-11-18 15:31:54.792
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

Date: 2016-11-18 15:31:54.783
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

Date: 2016-11-18 15:31:54.776
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

Date: 2016-11-18 15:31:54.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

Date: 2016-11-18 15:31:54.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8094.47 MB
Available physical RAM: 4301.06 MB
Total Virtual: 10910.47 MB
Available Virtual: 4549.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:952.5 GB) (Free:554.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 25 November 2016 - 09:31 PM.
Posted modified logs


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 25 November 2016 - 09:24 PM

Greetings dazahn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 25 November 2016 - 10:13 PM

Greetings.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\WINDOWS\system32\bi3.exe
HKU\S-1-5-21-530961615-738628264-3883630054-1001\...\Run: [meritt] => "C:\Program Files (x86)\Rims\redbird.exe"
C:\Program Files (x86)\Rims
SearchScopes: HKU\S-1-5-21-530961615-738628264-3883630054-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
2016-11-24 22:18 - 2016-11-24 22:23 - 00088677 _____ C:\Users\Daniel\Downloads\E4E5.tmp
2016-11-18 13:48 - 2016-11-18 13:48 - 00127721 _____ C:\Users\Daniel\AppData\Local\31848.exe
2016-11-18 13:48 - 2016-11-18 13:48 - 00048436 _____ C:\Users\Daniel\AppData\Local\84502.exe
2016-11-12 00:07 - 2016-11-12 00:58 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Kxoeoaon
2016-11-12 00:07 - 2016-11-12 00:07 - 00000000 ____D C:\SimplyPkCachev1.7
2016-10-26 10:01 - 2016-09-24 10:44 - 00000024 ____R C:\Users\Daniel\random.dat
2016-11-18 13:48 - 2016-11-18 13:48 - 0127721 _____ () C:\Users\Daniel\AppData\Local\31848.exe
2016-11-18 13:48 - 2016-11-18 13:48 - 0048436 _____ () C:\Users\Daniel\AppData\Local\84502.exe
C:\Users\Daniel\1386E796930777388C712CCE0CF9DE4F.dat
Task: {880FB99F-D028-42FE-BD98-60B650539325} - \2089576
Shortcut: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Flоаting fоr YоuТubе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Сhrоmе Rеmоtе Dеsktоp.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
HKU\S-1-5-21-530961615-738628264-3883630054-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
file: C:\WINDOWS\System32\Wbem\wmiprvse.exe
folder: C:\Users\Daniel\AppData\Roaming\Apyblib
folder: C:\WINDOWS\system32\mimk
folder: C:\Program Files (x86)\naftali
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 28 November 2016 - 10:16 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:30 PM

Posted 30 November 2016 - 10:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users