Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Trojan.WisdomEyes and possibly others, can't connect to websites


  • This topic is locked This topic is locked
36 replies to this topic

#1 TKLF2

TKLF2

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 06 January 2017 - 12:51 PM

Quick story:

Made a python script, decided it was easier to distribute it via standalone, installed py2exe and pyinstaller to create a .exe.

pyinstaller standalone created an infected .exe (which I carelessly ran myself to test it).

A user was wise enough to run a virustotal scan, it came up as infected:
https://www.virustotal.com/en/file/2d2d58ebda4dd70bcbc1c2ef67baa4f0f02a28f733fbf11fa25f17bd4de1eb96/analysis/

 

Could've been pyinstaller or could've been those clickbait articles... Anyways.

Ran a full scan using Window Securtity Essentials, came back clean.

Ran a Malwarebytes scan of the infected .exe file, also came back clean (lol)

 

Upon reboot after the scan, browser loads pages slow, sometimes hangs and refuses to connect to certain sites, bleepingcomputer.com included.

I had to download FRST64 on my laptop and reupload it to a different url, then redownload it - not using USB or Dropbox in case of risk of it hopping onto that.

This site can't be reached, www.google.com's server DNS address could not be found.

 

Haven't noticed any other symptoms yet, hence "and possibly others".

 

As such, when I ran FRST64.exe, it couldn't check for updates and threw the error (Failed to Update (1)), current version 01-01-2017.

 

EDIT: FRST was also run while the infected computer was NOT connected to the internet

 

 

Logs

-------------------------------------------------------------

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Duranta (administrator) on AARON-PC (06-01-2017 09:21:27)
Running from H:\Users\Duranta\Downloads
Loaded Profiles: Duranta (Available Profiles: Aaron & Duranta)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SUPERAntiSpyware.com) H:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) H:\Program Files\SCP\bin\ScpService.exe
(Hi-Rez Studios) H:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SUPERAntiSpyware) H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Flux Software LLC) C:\Users\Duranta\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) F:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Dropbox, Inc.) H:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ShareX Team) H:\Program Files\ShareX\ShareX.exe
() H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unicodeinput.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Autodesk Inc.) C:\Users\Duranta\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Malwarebytes) H:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) H:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) H:\Users\Duranta\Downloads\uvhczl.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-12-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2016-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Malwarebytes TrayApp] => H:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => F:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2015-01-28] (Autodesk, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [SUPERAntiSpyware] => H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-13] (SUPERAntiSpyware)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Duranta\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [Dropbox Update] => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [Google Update] => C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [f.lux] => C:\Users\Duranta\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\MountPoints2: {a31acc46-86e6-11e4-9234-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\THEMAT~1.SCR [1474560 2014-10-18] (The Matrix Trilogy Screensaver Development Team)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-12-18]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2016-12-07]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> H:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-22]
ShortcutTarget: Dropbox.lnk -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-12-03]
ShortcutTarget: ShareX.lnk -> H:\Program Files\ShareX\ShareX.exe (ShareX Team)
Startup: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unicodeinput.exe [2005-08-27] ()
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.59.144.18 64.59.144.19 64.59.144.93
Tcpip\..\Interfaces\{9A3FBC21-F614-488E-8AAE-D504C7F23C40}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{B51737F8-7650-4BED-9880-A5AD9B741DEB}: [DhcpNameServer] 64.59.144.18 64.59.144.19 64.59.144.93
 
Internet Explorer:
==================
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-06] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5dpzb8lw.default
FF ProfilePath: H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default [2017-01-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5dpzb8lw.default -> DuckDuckGo
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\5dpzb8lw.default -> DuckDuckGo
FF Session Restore: Mozilla\Firefox\Profiles\5dpzb8lw.default -> is enabled.
FF Extension: (Ank Pixiv Tool) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\ankpixiv@snca.net.xpi [2015-12-22]
FF Extension: (YouTube Video and Audio Downloader) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-12-05]
FF Extension: (Firebug) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-10]
FF Extension: (MEGA) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\firefox@mega.co.nz.xpi [2017-01-03]
FF Extension: (ExHentai Easy 2) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-11]
FF Extension: (Media Converter and Muxer) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2016-11-28]
FF Extension: (Pixiv Stack Preloader) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\jid1-NIBnScNighr6Pw@jetpack.xpi [2016-04-27]
FF Extension: (NicoFox) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\nicofox@littlebtc.xpi [2016-03-04]
FF Extension: (Rikaichan Japanese-English Dictionary File) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\rikaichan-jpen@polarcloud.com [2016-01-03]
FF Extension: (S3.Google Translator) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\s3google@translator.xpi [2016-10-19]
FF Extension: (Scriptish) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\scriptish@erikvold.com.xpi [2016-11-16]
FF Extension: (Tab Groups) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\tabgroups@quicksaver.xpi [2016-12-13]
FF Extension: (The Addon Bar (restored)) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-03]
FF Extension: (Rikaichan) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2015-05-29]
FF Extension: (Stylish) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-10]
FF Extension: (Image Search Options) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2016-03-04]
FF Extension: (Adblock Plus) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Tab Mix Plus) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-28]
FF Extension: (DownThemAll!) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29]
FF Extension: (Greasemonkey) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> H:\Program Files (x86)\GPAC\nposmozilla.dll [2015-05-11] ( )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @talk.google.com/GoogleTalkPlugin -> H:\Users\Duranta\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @talk.google.com/O1DPlugin -> H:\Users\Duranta\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @unity3d.com/UnityPlayer,version=1.0 -> H:\Users\Duranta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: SkypePlugin -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\npGatewayNpapi.dll [2016-11-24] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: SkypePlugin64 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\npGatewayNpapi-x64.dll [2016-11-24] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: H:\Users\Duranta\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: H:\Users\Duranta\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - H:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default [2017-01-06]
CHR Extension: (Google Slides) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (Skype Calling) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-12-10]
CHR Extension: (YouTube) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (uBlock Origin) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-01-01]
CHR Extension: (Google Search) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Tampermonkey) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-08]
CHR Extension: (Axure RP Extension for Chrome) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2016-04-14]
CHR Extension: (Google Sheets) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Stylish) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-12-09]
CHR Extension: (appchan x) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfibffekgcmgabbfaibbbcapgnfobnoi [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (rikaikun) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; H:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-12-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 Ds3Service; H:\Program Files\SCP\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
U2 HiPatchService; H:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MBAMService; H:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 Origin Client Service; H:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S3 OVRService; H:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe [231560 2015-03-26] (Oculus VR) [File not signed]
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-10-08] (Power Admin LLC)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SEVPNCLIENT; H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2016-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-04] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-06-28] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-06] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-06] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0116.sys [28640 2015-02-24] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN-CB; C:\Windows\System32\DRIVERS\Neo_0004.sys [28640 2015-02-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [61048 2015-03-26] (Oculus VR, LLC)
R1 RiftEnabler; C:\Windows\System32\DRIVERS\RiftEnabler.sys [55880 2015-03-26] (Oculus VR, LLC)
R1 SASDIFSV; H:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; H:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-12-19] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-06 09:21 - 2017-01-06 09:21 - 00000000 ____D C:\FRST
2017-01-06 08:17 - 2017-01-06 08:17 - 00000000 ____D C:\ProgramData\Baidu
2017-01-06 07:50 - 2017-01-06 07:50 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-06 07:49 - 2017-01-06 07:50 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-06 07:49 - 2017-01-06 07:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-06 07:49 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-30 11:41 - 2016-12-30 11:41 - 00000000 ____D C:\Users\Duranta\AppData\Local\FluxSoftware
2016-12-27 01:48 - 2016-12-27 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2016-12-12 21:12 - 2016-12-12 21:12 - 00000000 ____D C:\Users\Duranta\AppData\Local\Chromium
2016-12-11 20:42 - 2016-12-11 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodics
2016-12-11 20:42 - 2016-12-11 20:42 - 00000000 ____D C:\Users\Duranta\AppData\Local\Melodics
2016-12-11 20:38 - 2016-12-11 20:38 - 00000398 __RSH C:\ProgramData\ntuser.pol
2016-12-11 20:38 - 2016-12-11 20:38 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-12-11 00:53 - 2016-12-11 00:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-11 00:53 - 2016-12-11 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-10 17:55 - 2016-12-10 17:55 - 00000000 ____D C:\Users\Duranta\Tracing
2016-12-10 17:54 - 2016-12-10 17:55 - 00000000 ____D C:\Users\Duranta\AppData\Local\SkypePlugin
2016-12-07 16:20 - 2016-12-07 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2016-12-07 16:08 - 2016-12-07 16:20 - 00000992 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2016-12-07 16:08 - 2016-12-07 16:20 - 00000992 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-06 08:54 - 2015-06-18 22:27 - 00000704 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA.job
2017-01-06 08:25 - 2016-03-20 19:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-06 07:53 - 2009-07-13 20:45 - 00022416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-06 07:53 - 2009-07-13 20:45 - 00022416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-06 07:51 - 2016-04-15 09:28 - 00390260 _____ C:\Windows\system32\prfh0404.dat
2017-01-06 07:51 - 2016-04-15 09:28 - 00373088 _____ C:\Windows\system32\prfh0804.dat
2017-01-06 07:51 - 2016-04-15 09:28 - 00119574 _____ C:\Windows\system32\prfc0804.dat
2017-01-06 07:51 - 2016-04-15 09:28 - 00115072 _____ C:\Windows\system32\prfc0404.dat
2017-01-06 07:51 - 2015-05-13 12:51 - 00416826 _____ C:\Windows\system32\perfh011.dat
2017-01-06 07:51 - 2015-05-13 12:51 - 00122208 _____ C:\Windows\system32\perfc011.dat
2017-01-06 07:51 - 2009-07-13 21:13 - 02310432 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-06 07:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-01-06 07:45 - 2014-12-19 02:02 - 00000000 ____D C:\Users\Duranta\AppData\Local\Adobe
2017-01-06 07:45 - 2014-12-18 20:16 - 00000000 __SHD C:\Users\Duranta\IntelGraphicsProfiles
2017-01-06 07:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-06 00:17 - 2014-12-18 19:45 - 00000000 ____D C:\Users\Duranta
2017-01-05 20:54 - 2015-06-18 22:27 - 00000652 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core.job
2017-01-05 18:46 - 2015-02-11 12:07 - 00001456 _____ C:\Users\Duranta\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-05 16:49 - 2014-12-29 18:30 - 00000000 ____D C:\Users\Duranta\AppData\Local\Warframe
2017-01-04 13:03 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-01-04 10:03 - 2015-03-14 22:43 - 00000000 ____D C:\Users\Duranta\AppData\Local\CrashDumps
2016-12-31 21:21 - 2015-04-10 17:31 - 00000000 ____D C:\Users\Duranta\AppData\Local\Proclaim
2016-12-16 17:10 - 2015-01-28 00:04 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 17:10 - 2015-01-28 00:04 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 17:10 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-16 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Tasks
2016-12-16 16:41 - 2015-09-28 19:12 - 00003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA
2016-12-16 16:41 - 2015-09-28 19:12 - 00003030 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core
2016-12-15 11:11 - 2015-01-28 00:06 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-13 11:25 - 2016-03-20 19:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 11:25 - 2014-12-19 02:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 11:25 - 2014-12-19 02:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 11:25 - 2014-12-18 16:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 11:25 - 2014-12-18 16:12 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 11:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-12 21:12 - 2015-02-18 21:07 - 00000000 ____D C:\Users\Duranta\AppData\Local\Steam
2016-12-11 20:38 - 2014-12-18 19:45 - 00000000 ____D C:\Users\Duranta\AppData\Roaming
2016-12-11 20:38 - 2014-12-18 13:53 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-11 20:38 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-11 20:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-11 20:38 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files
2016-12-11 20:33 - 2016-12-06 18:30 - 00000000 ____D C:\Users\Public\Downloads\LaunchKey Mini downloads
2016-12-11 00:53 - 2014-12-18 22:51 - 00000000 ____D C:\Users\Duranta\AppData\Local\Skype
2016-12-11 00:53 - 2014-12-18 22:51 - 00000000 ____D C:\ProgramData\Skype
2016-12-11 00:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-07 16:20 - 2014-12-19 09:56 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2016-12-07 16:20 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-07 16:20 - 2009-07-13 19:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
 
==================== Files in the root of some directories =======
 
2015-12-08 12:15 - 2015-12-08 12:15 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-11-04 18:07 - 2016-08-01 23:44 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-04-06 23:16 - 2017-01-05 20:17 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-12-02 23:42 - 2016-12-02 23:44 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe Targa Format CS6 Prefs
2015-09-21 16:31 - 2016-08-15 19:24 - 0000034 _____ () H:\Users\Duranta\AppData\Roaming\AdobeWLCMCache.dat
2015-02-11 12:07 - 2017-01-05 18:46 - 0001456 _____ () C:\Users\Duranta\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-05-10 17:30 - 2012-05-10 17:30 - 0024836 _____ () C:\Users\Duranta\AppData\Local\CurrentSessionPL.ls3
2015-07-19 13:06 - 2015-10-24 15:58 - 0003584 _____ () C:\Users\Duranta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-30 17:50 - 2016-09-30 17:50 - 0000600 _____ () C:\Users\Duranta\AppData\Local\PUTTY.RND
2016-09-15 11:13 - 2016-09-15 11:13 - 0000856 _____ () C:\Users\Duranta\AppData\Local\recently-used.xbel
2015-04-07 14:08 - 2015-04-07 14:08 - 0007612 _____ () C:\Users\Duranta\AppData\Local\Resmon.ResmonCfg
2015-09-09 18:52 - 2015-09-09 18:52 - 0000032 RSHOT () C:\Users\Duranta\AppData\Local\t70rc.dat
2016-09-15 21:14 - 2016-09-15 21:14 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-03 19:18
 
==================== End of FRST.txt ============================
 
ADDITION.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Duranta (06-01-2017 09:22:01)
Running from H:\Users\Duranta\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2014-12-18 21:51:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Aaron (S-1-5-21-257327388-1608073867-2457305106-1000 - Administrator - Enabled) => C:\Users\Aaron
Admin (S-1-5-21-257327388-1608073867-2457305106-1001 - Administrator - Enabled)
Administrator (S-1-5-21-257327388-1608073867-2457305106-500 - Administrator - Disabled)
Duranta (S-1-5-21-257327388-1608073867-2457305106-1002 - Administrator - Enabled) => C:\Users\Duranta
Guest (S-1-5-21-257327388-1608073867-2457305106-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Lite (HKLM\...\{C8DBD634-0B82-4B2A-BB89-E027DA31E04B}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Production Premium (HKLM-x32\...\{045D4EDF-8DC1-43D7-BAFC-7AAEF99C7168}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC5}) (Version: 19.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.9 - Arduino LLC)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk)
Autodesk Download Manager (HKLM-x32\...\{EC92633C-8F08-470A-BCDF-3FE5FD778C8D}) (Version: 4.0.14.0 - Autodesk, Inc.)
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.2.1633.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.2.1633.0 - Autodesk) Hidden
Autodesk Maya 2015 SP2 (HKLM\...\Autodesk Maya 2015 SP2) (Version: 15.2.1633.0 - Autodesk)
AutoHotkey 1.1.13.00 (HKLM\...\AutoHotkey) (Version: 1.1.13.00 - Lexikos)
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3169 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 (x32 Version: 7.0.0.3169 - Axure Software Solutions, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.73a - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Animation Factory (HKLM-x32\...\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}) (Version: 1.4.1.0 - D01 MicroApps)
Charles 3.10.1 (HKLM\...\{8713B034-63EC-45DE-8195-D475CE12513E}) (Version: 3.10.1.1 - XK72 Ltd)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{961D5D7E-3DEC-4E3B-9065-EA8074923B18}) (Version: 3.31.7643.1 - Sony Computer Entertainment Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
CosmicBreak_eng (HKLM-x32\...\{F67DA720-DDF8-4DFD-925A-D53D5C23A8E7}) (Version: 1.00.0000 - CyberStep, Inc.)
CosmicBreak2 (HKLM-x32\...\{3A79837F-AC28-432D-94F6-F51BCD50F597}) (Version: 1.00.0000 - CyberStep, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls III, âåðñèÿ 2.0 (HKLM-x32\...\Dark Souls III_is1) (Version: 2.0 - Bandai Namco)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version:  - FromSoftware, Inc)
Discord (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dying Light Demo (HKLM\...\Steam App 381570) (Version:  - Techland)
EDGE (HKLM-x32\...\Steam App 38740) (Version:  - Two Tribes)
Epic Games Launcher (HKLM-x32\...\{DC13677B-1214-409C-8127-41BBC4445C61}) (Version: 1.1.73.0 - Epic Games, Inc.)
EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
f.lux (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Flux) (Version:  - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.242.35310 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Helen's Mysterious Castle (HKLM\...\Steam App 418190) (Version:  - Satsu)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version:  - Arkedo)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotspot Shield 5.0.2 (HKLM-x32\...\HotspotShield) (Version: 5.0.2 - AnchorFree Inc.)
HuniePop (HKLM-x32\...\Steam App 339800) (Version:  - HuniePot)
Hyper Light Drifter (HKLM-x32\...\1452863689_is1) (Version: 2.6.0.8 - GOG.com)
iFunbox (v2.91.2439.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.91.2439.748 - )
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.5 - PACE Anti-Piracy)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 6.1.1 - JPEXS)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version:  - Avalanche Studios)
K-Lite Codec Pack 11.2.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.0 - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Legend of Grimrock 2 (HKLM-x32\...\Legend of Grimrock 2) (Version:  - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
Live2D Cubism 2.1.01 (HKLM-x32\...\Live2D Cubism) (Version: 2.1.01 - Live2D Inc.)
LukaV4 English Soft Vocaloid4 Library (HKLM-x32\...\LukaV4 English Soft Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
LukaV4 English Straight Vocaloid4 Library (HKLM-x32\...\LukaV4 English Straight Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
LukaV4 Japanese Hard Vocaloid4 Library (HKLM-x32\...\LukaV4 Japanese Hard Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
LukaV4 Japanese Soft Vocaloid4 Library (HKLM-x32\...\LukaV4 Japanese Soft Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Max 5.0.7 (HKLM-x32\...\{0470A26E-E4C4-47AF-9152-B04B0121FC3B}) (Version: 5.0.7 - Cycling '74)
MeGUI (remove only) (HKLM-x32\...\MeGUI) (Version: 0.3.5 - MeGUI Team)
Melodics version 1.0.3577.0 (HKLM\...\Melodics_is1) (Version: 1.0.3577.0 - )
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.2.1633.0 - mental ray)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-CA, Heather) (HKLM-x32\...\{6483CAE5-A44C-4CC4-8DD2-4F73C00471EC}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, Helen) (HKLM-x32\...\{8466EAED-7024-4AEE-9D13-F3A55B98D114}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (es-ES, Helena) (HKLM-x32\...\{8A732901-9531-4CC2-8D5B-9CBA1D8DE4FD}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (es-MX, Hilda) (HKLM-x32\...\{01C2594B-FA78-4C33-A9B7-6090A5EF7E90}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MKVToolNix 7.9.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.9.0 - Moritz Bunkus)
Momodora III (HKLM\...\Steam App 302790) (Version:  - rdein)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-US) (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MultiSkypeLauncher (remove only) (HKLM-x32\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Node.js (HKLM\...\{68EDB54E-2CFB-454E-BBF0-3E41E157E552}) (Version: 6.2.2 - Node.js Foundation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
Oculus Display Driver (Install Only) (HKLM\...\{50700EF8-2D6A-4122-B307-E37A5E1F32D5}) (Version: 1.2.4.0 - Oculus VR, LLC)
Oculus Positional Tracker Driver (Install Only) (HKLM\...\{8741739C-8CB4-47C2-B36C-A860AD180BDA}) (Version: 1.0.9.0 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.5.0.1) (Version: 0.5.0.1 - Oculus VR, LLC)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
Proclaim (HKLM-x32\...\{06D16094-4B51-47F1-951F-DC775C129D03}) (Version: 2.0.32 - Faithlife Corporation)
Proclaim Prerequisites (HKLM\...\{BAD7A1DD-09F9-474E-A798-0695F49B2A03}) (Version: 1.28.0151 - Faithlife Corporation)
Python 2.7 py2exe-0.6.9 (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\py2exe-py2.7) (Version:  - )
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
qBittorrent 3.3.0 (HKLM-x32\...\qBittorrent) (Version: 3.3.0 - The qBittorrent project)
Qcma (HKLM\...\Qcma) (Version: 0.3.9 - codestation)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Red Giant Complete Suite (HKLM\...\{6CC14806-DDC9-4050-AF28-B41CAE31580F}) (Version:  - Red Giant Software)
Resource Hacker Version 4.2.5 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
RPG Maker MV (HKLM-x32\...\RPGMV_is1) (Version: 1.0.0.0 - KADOKAWA)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.4.1 - ShareX Team)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Voice Changer (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\d8f4b4d52e33052f) (Version: 1.4.0.0 - Mark Heath)
Skype Web Plugin (HKLM-x32\...\{16A6A6CB-6959-4C8B-82FC-57F87332B4A2}) (Version: 7.29.0.72 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SmartGit (HKLM-x32\...\SmartGit h:/program files (x86)/smartgit_is1) (Version:  - syntevo GmbH)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.03 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM-x32\...\Steam App 250820) (Version:  - )
Steins;Gate version 1.0 (HKLM\...\{2A05A52B-BDD8-4FD5-A65A-687CB10D98DF}_is1) (Version: 1.0 - JAST USA)
StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.12 - StepMania)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
SWFRIP 0.4 (HKLM-x32\...\SWFRIP) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Matrix Trilogy Screensaver (HKLM-x32\...\MX-3 Starfield Screensaver) (Version: 0.58 - Jan Ringoš)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Tiled (HKLM-x32\...\{45A2308F-C6C2-468D-B8C1-95AF5797ACEF}) (Version: 0.16.0 - mapeditor.org)
Tiled2Unity (win32) (HKLM-x32\...\{91B20082-6384-40D1-B090-33DCBA492ABE}) (Version: 1.0.4.8 - Sean)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.9.6 - Electronic Arts)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Tree of Savior (English Ver.) (HKLM-x32\...\Steam App 372000) (Version:  - )
TumblRipper (HKLM-x32\...\{39CCA8F3-19C1-4246-B4BA-8174D665407C}_is1) (Version: 2.17 - TumblRipper)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.4.0.0 - Manuel Hoefs (Zottel))
Unity (HKLM-x32\...\Unity) (Version: 5.3.5p8 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\UnityWebPlayer) (Version: 5.2.3f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
Vindictus (HKLM-x32\...\Steam App 212160) (Version:  - Nexon)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vocaloid4 4.2.1 Free Edition (HKLM-x32\...\Vocaloid4 4.2.1 Free Edition_is1) (Version: Vocaloid4 4.2.1 Free Edition - )
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
XnViewMP 0.72 (HKLM\...\XnViewMP_is1) (Version: 0.72 - Gougelet Pierre-e)
闇夜ト星ノ冥土館 ~ぷにゅぷりXX~ (HKLM-x32\...\闇夜ト星ノ冥土館 ~ぷにゅぷりXX~) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{0284FA1D-248C-45D4-9AD0-DAF9D6F409DD}\localserver32 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{542D7DEF-9319-488A-AF69-9FD2ED9D48A2}\InprocServer32 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> H:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {046D2FDF-B863-4141-8CBB-118A9B9B8BC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA => C:\Users\Duranta\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.)
Task: {0541AD9C-1A4F-43EB-AB10-D7AECB9B185E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core => C:\Users\Duranta\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.)
Task: {0D788B03-6467-4410-830C-77F93C7375B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {0E81A2F1-1019-445E-9D0A-102D71FC3169} - System32\Tasks\AdobeAAMUpdater-1.0-Aaron-PC-Duranta => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {2A62B816-E938-497D-B7BE-948AD208328B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {32DEE7CD-5E52-4F5A-B6A9-2F9E83B6AE81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {33499B59-A35F-49B4-A653-25D44481F91A} - System32\Tasks\{D592055B-A443-43C1-A9D0-D5F9C5F39AFE} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/go/help.faq.installer?LastError=1603
Task: {553D3733-6155-49AA-82D0-D4B60430238F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {9053FA9A-AB23-4DF7-9FC9-AA7D490C90AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B4404C3B-E937-472F-82F5-9383F5973EC8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {C2B54C37-02DE-4C25-B33C-ECBC0AD99033} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {EDE42026-DF1A-4FC8-AAF8-25E614906A20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {EE7E6999-F8C0-4120-90D3-D2EEED7CF73E} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core.job => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA.job => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Duranta\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Duranta\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Duranta\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-22 13:55 - 2016-01-22 13:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-10-20 12:58 - 2014-04-04 20:24 - 00109568 _____ () H:\Users\Duranta\Downloads\ntleas046_x64\ntleasCtx.dll
2015-01-01 13:04 - 2014-11-04 10:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-12-18 20:43 - 2013-01-25 11:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-12-18 20:43 - 2013-01-25 11:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-08-08 14:30 - 2013-08-08 14:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-04-06 23:16 - 2005-08-27 10:59 - 00053248 _____ () H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unicodeinput.exe
2016-01-22 13:54 - 2016-01-22 13:54 - 31420080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-01-06 07:49 - 2016-12-14 12:55 - 02259232 _____ () H:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-06 07:49 - 2016-12-14 12:55 - 02813904 _____ () H:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-06 07:49 - 2016-12-14 12:55 - 02247632 _____ () H:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-12-18 20:43 - 2013-01-25 11:07 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-12-18 20:43 - 2013-01-25 11:04 - 00248320 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-12-09 16:30 - 2016-11-11 12:36 - 00035792 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-09 16:30 - 2016-11-11 12:36 - 00100296 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-09 16:30 - 2016-11-11 12:36 - 00018888 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-09 16:30 - 2016-12-21 10:26 - 00019760 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-09 16:30 - 2016-11-11 12:36 - 00694224 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00020816 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-09 16:30 - 2016-11-11 12:37 - 00123856 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 01682760 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00020808 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-12-22 00:50 - 2016-11-11 12:36 - 00145864 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-12-22 00:50 - 2016-11-11 12:37 - 00019408 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-12-22 00:50 - 2016-11-11 12:36 - 00116688 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-09 16:30 - 2016-11-11 12:38 - 00105928 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00021312 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00052024 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00038696 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-12-22 00:50 - 2016-11-11 12:36 - 00392144 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-12-22 00:50 - 2016-11-11 12:38 - 00020936 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00024528 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00116176 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-09 16:30 - 2016-12-21 10:26 - 00381752 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00124880 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00025424 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00024016 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00175560 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00030160 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00043472 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00048592 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00057808 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00024016 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00246592 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00026456 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 11:57 - 2016-11-11 12:37 - 00241104 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00020280 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00028616 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-09 16:30 - 2016-12-21 10:26 - 00023376 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00020800 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00019776 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00020800 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00350152 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00022352 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00024392 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 00:50 - 2016-11-11 12:35 - 00036296 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\librsync.dll
2016-12-22 00:50 - 2016-12-21 10:26 - 00084280 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-12-22 00:50 - 2016-12-21 10:26 - 01826096 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-09 16:30 - 2016-11-11 12:37 - 00083912 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\sip.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00531248 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 03928880 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 01972528 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00133424 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00224056 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00207672 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00020288 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-12-22 00:50 - 2016-11-11 12:42 - 00017864 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-12-22 00:50 - 2016-11-11 12:42 - 01631184 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-12-22 00:50 - 2016-12-21 10:26 - 00042808 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00171320 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00357680 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00060880 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00024904 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00546096 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-01-28 12:32 - 2016-01-28 12:32 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-01-28 12:32 - 2016-01-28 12:32 - 01365696 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2016-01-28 12:32 - 2016-01-28 12:32 - 00219328 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2016-01-21 00:22 - 2016-01-21 00:22 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-21 00:22 - 2016-01-21 00:22 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-21 00:23 - 2016-01-21 00:23 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-01-21 00:23 - 2016-01-21 00:23 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-12 10:24 - 2016-02-12 10:24 - 00089280 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2016-01-21 00:22 - 2016-01-21 00:22 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-01-06 07:45 - 2014-12-04 18:27 - 00104328 _____ () C:\Users\Duranta\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-10-08 16:45 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-10-08 16:45 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Duranta\AppData\Local\Temp:Dz8URKblVxTjuL3T7BQCcw7 [2280]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\skype.com -> hxxps://apps.skype.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Control Panel\Desktop\\Wallpaper -> H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.18 - 64.59.144.19
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OculusConfigUtil.lnk => C:\Windows\pss\OculusConfigUtil.lnk.CommonStartup
MSCONFIG\startupfolder: H:^Users^Duranta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QCMA.lnk => C:\Windows\pss\QCMA.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "H:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A9F21774-9E4F-4C95-BDE2-1F51DC9CB8C9}] => C:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C0B71966-C415-46E7-B22E-20D2A6DA7522}] => C:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{14BDC1F1-119A-4E86-8505-7429929EC514}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9508D630-718B-4032-A836-8FF299F2D583}] => H:\Program Files (x86)\LAV Filters\x86\PotPlayer\sumire.exe
FirewallRules: [{E6E4BB44-A0FF-4241-9C0F-C1739A6E213C}] => H:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9075D4AC-FA94-4596-BFAC-4FD74778D2FB}] => H:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FFF849C-5A35-400E-90EF-0E3464A99DCF}] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{F66EF129-A686-4F6D-8DED-F255279DCD83}] => C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{C54F9DF1-3450-4BEC-B26F-EADE45CBF6CD}] => C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{EB612530-806E-479A-A7DE-A212FC2264AA}] => C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{801454A0-2E25-48E4-BDB2-653B29AAA895}] => C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{6020CE00-F2ED-4F50-958A-E225DFBAA754}] => C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{CBD7C5C0-BAD2-4271-B491-6CFCCECACA17}] => H:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{989CAF32-12D7-44AA-9DA2-C0B6CC575AB1}] => H:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5EEF297-5B00-4F3D-BAF1-B7ED11EC8DF3}] => H:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D9D51C4D-2E45-46B0-BD6F-34C8263237CA}] => H:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C0951BAA-799B-4661-88BC-3B118DD87BEB}] => H:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3E88BA04-A024-4594-BD19-C3F0E2CEF1F7}] => H:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{8D47537C-0455-46A0-A542-496B1522FB66}H:\program files (x86)\qbittorrent\qbittorrent.exe] => H:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{6D29D4A7-4940-4564-B762-3E83621B81D3}H:\program files (x86)\qbittorrent\qbittorrent.exe] => H:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{AB0BB83A-6DCD-487E-AE6E-9F9F6AED87BE}] => H:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{6A4FA666-335C-4701-A564-C42DE7D6A21C}] => H:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{7D7D67AF-2A4E-4B6C-8B02-C7BF45431321}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{11AF5762-C477-439F-869C-18F17E61AB32}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [TCP Query User{EBE956F3-BDD2-497F-84CE-BDF6BC01A44C}H:\program files\hexchat\hexchat.exe] => H:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{E9081DC1-5E63-42A1-A04D-7DE6BFBFFB01}H:\program files\hexchat\hexchat.exe] => H:\program files\hexchat\hexchat.exe
FirewallRules: [{1612B17E-8CFE-4EBF-BBDB-2728329C2725}] => H:\program files\hexchat\hexchat.exe
FirewallRules: [{81FC5CC8-63C3-4F7E-AF08-F1BD028AA63B}] => H:\program files\hexchat\hexchat.exe
FirewallRules: [{947AB1A1-2CC1-43C6-9EE5-D3DC39A2389D}] => H:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{976CB181-6D21-4341-8CFB-5BF81C3F9C13}] => H:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{0956CFBF-D420-4B0E-A24C-48A997E2BDFB}] => H:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D588C4D1-A0FD-4183-B7F7-BF788D124A67}] => H:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{800C5445-36F5-4F35-B3A0-445F69D549AF}] => H:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{D8FE2269-1223-47CB-BCD1-1A7C2BBC5687}] => H:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [TCP Query User{5A329D02-E328-481B-8301-54B77002368B}H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{EAE38977-A802-4AC0-9F9E-8BF5189AE599}H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{74CD9B54-A190-4CB1-AEE2-C247A49929D3}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{64B3267F-9F09-463D-BCD9-C16A53A655A2}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8798F1A3-59CA-4863-AE80-F2069D58F500}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{5AE23157-B8E5-43AC-A2FF-A77288D50E2F}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{AD5CFAAB-EA46-4390-8D54-8FA4B4DF667F}] => H:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{5AD8E69F-AF04-4D0C-BDA3-00161E7F1A10}] => H:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{AE3C461E-2696-4623-82CC-A728A013E1A1}] => H:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{8B426488-51E5-4411-A0D8-97D0CAFD9E41}] => H:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{7BBF6E92-A33A-40D3-83D6-A368BC3FAEDE}] => H:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{D3B76C66-869E-472D-81FE-D717D93B087F}] => H:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{F71DAE10-4BF5-4E11-923E-B58C6EDB1CBC}] => H:\Program Files (x86)\Steam\steamapps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{7D9598FE-9F96-4587-92A9-E9FA0E260F64}] => H:\Program Files (x86)\Steam\steamapps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{77BF5992-C580-49DF-AAEA-B3130D078176}] => H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{9BB2023C-C284-47CD-8150-C7D5490C6A83}] => H:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{2F324B76-8FD8-4526-B131-1FC0C2EC1B46}] => H:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{96573D50-449F-4844-BD84-0904CAE32A0C}] => H:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{E4547E54-C301-4550-B8D8-22915B90F079}] => H:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{7330C5FD-0C04-480B-A46E-356F2F55BAFE}] => H:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{8EDF783A-10E5-4BED-81DE-2640315C24FC}] => H:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F03AAEA8-826C-4E80-9AB4-37C0F84B74C7}] => H:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{31299395-6BDB-411E-8C59-8ADE576650E8}] => H:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{F78BAAC7-C3B4-4341-BD2F-679A02973535}] => H:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{ACEA5A31-0632-4F8F-AE9B-F27FFE9CDAB2}] => H:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{C2A6D14C-3350-4D12-A584-E87440F4D809}] => H:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [TCP Query User{2E9421D5-1254-4A0C-85E7-60F2452461A4}H:\program files (x86)\mozilla firefox\firefox.exe] => H:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{43188BB8-7871-4F6B-BC67-13EA06036341}H:\program files (x86)\mozilla firefox\firefox.exe] => H:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{101EE8E9-EAF3-4694-9836-DB0B21BB1926}] => H:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{1F3BE2F9-7CDF-4AE3-83CE-3F4D93FE7756}] => H:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [TCP Query User{FF3C4285-6B1E-48A7-A517-A8E515485016}H:\xampp\apache\bin\httpd.exe] => H:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{5D316066-E218-4ABF-A794-8CC60BA3B258}H:\xampp\apache\bin\httpd.exe] => H:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{6556E253-170E-40A5-BB5C-08DB922DBB77}H:\xampp\mysql\bin\mysqld.exe] => H:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{552FDEF4-3151-487D-A198-E2B13F1360CE}H:\xampp\mysql\bin\mysqld.exe] => H:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{CDF27A1B-620F-444D-86D7-E33C754BE88B}] => H:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{4D06D298-4AF0-438F-89CC-BABEAF5B8FE1}] => H:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{60ED758B-734A-4EA8-8BF6-AD1A2391B992}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [UDP Query User{F6C6D25B-7749-4BE3-8D59-0B5B6E2FB534}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [{E65B5666-058D-4920-9A2F-218A870CA0BB}] => H:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{4B56EE60-FC87-41DE-A84F-0F891DB518FA}] => H:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [TCP Query User{CAB7089B-4C57-4729-BF39-18D33A973A4B}H:\program files\qcma\qcma.exe] => H:\program files\qcma\qcma.exe
FirewallRules: [UDP Query User{D22F85A7-C6B1-486A-A740-6DFC65BF95EC}H:\program files\qcma\qcma.exe] => H:\program files\qcma\qcma.exe
FirewallRules: [{068F900B-B972-4C2F-9C94-026DE6B0FD76}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{5872E8DA-07C3-4231-AE7C-E529E2680976}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{C5DD1FCF-887A-407C-857E-DCAED31062AC}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{A2E074DC-F25C-46C8-8BE0-97078791EF1E}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [{CD5D294B-033D-4DF4-A2D7-C4BCBF0275E3}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\demo\bin\win32\hellovr_sdl.exe
FirewallRules: [{D2D77AF7-4669-4C62-844E-CE1289D4221C}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\demo\bin\win32\hellovr_sdl.exe
FirewallRules: [TCP Query User{5721ECBF-A678-4849-9D6C-1FA04255E679}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{514784F6-9E3B-4978-B909-5BBABC9079E2}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{462CA27C-615F-4496-9ABD-42EFC2BF5172}H:\program files\charlesproxy\charles.exe] => H:\program files\charlesproxy\charles.exe
FirewallRules: [UDP Query User{21F4AEEC-229E-4F2B-B210-864018909CDA}H:\program files\charlesproxy\charles.exe] => H:\program files\charlesproxy\charles.exe
FirewallRules: [TCP Query User{43E780F0-E77E-4501-8B69-596821F5BFB8}H:\program files\charles\charles.exe] => H:\program files\charles\charles.exe
FirewallRules: [UDP Query User{3D29AA5C-1140-494F-8881-54BD163ADD5B}H:\program files\charles\charles.exe] => H:\program files\charles\charles.exe
FirewallRules: [{A5A58932-BCAD-4739-B02F-F7A1D6BCC247}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{4405FD9E-39FE-4280-AA6B-18486F7D16FB}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => %systemroot%\system32\tlntsvr.exe
FirewallRules: [TCP Query User{1A94770B-769D-468A-9C47-39D9B198EA96}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1F9B35D9-EAF2-4885-B7D0-09BF1E1482F5}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0733A093-DF57-47A4-BEED-75E390AFA6A2}] => H:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{207C6820-C8F7-462C-B9C8-4C4ADCCB3819}] => H:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{D7777E78-D6D2-4379-9259-BA80AF719C66}] => H:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{49B3F394-B79E-4035-B9D2-7608F98338F0}] => H:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{29D39E77-6555-4CA0-B860-AFA5CCF53725}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{BC0E7741-6030-4549-9848-B6BBCB8770C6}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{B05B135C-3F24-4866-A282-5E9B25FB8830}] => H:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{B1CD4095-4548-4DC9-B3A9-FC02958D6D3A}] => H:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [TCP Query User{E53D1BD8-D75F-4517-87B3-7858EA8A416C}H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{13825871-B2A2-4C69-9627-B6CDEC5D2ECB}H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{2F81C7EF-A3F0-4207-ABBD-11576919078C}] => H:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{82BA6C27-24AF-45DD-A9A9-4ADD0DE6821C}] => H:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{CFD355DD-64C5-4B9A-B431-9783185B9048}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{73BC5F11-3317-4F2A-8B0B-B8274D9845C7}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{12661177-566A-4D65-B577-E00431534277}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{EFB9FEEC-54C4-4853-B887-6272A7AFE105}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{BCF2FA06-5FC8-452F-A95D-AAD516F2191D}H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe] => H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [UDP Query User{321EC159-C94E-42C0-9554-CB474A847CE7}H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe] => H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [{AE15433E-A2E1-4985-B5C9-FBF79A12BDE1}] => H:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{9C91675C-71DA-4627-AF46-444C9901E585}] => H:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{31F5F231-8237-440C-886D-CEE29F293DAD}] => H:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{D705A15B-1DE6-49D7-9E52-63204DBBBA15}] => H:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{D1BBFADB-517C-4014-9EDD-7684B304A718}H:\program files\adobe\adobe flash cs6\flash.exe] => H:\program files\adobe\adobe flash cs6\flash.exe
FirewallRules: [UDP Query User{E5BE346C-4895-4C94-A26C-8AC57BEAD0B1}H:\program files\adobe\adobe flash cs6\flash.exe] => H:\program files\adobe\adobe flash cs6\flash.exe
FirewallRules: [TCP Query User{97EA571F-2170-41DF-AE2A-3A41C9B0A280}H:\python27\pythonw.exe] => H:\python27\pythonw.exe
FirewallRules: [UDP Query User{55F67684-D87E-4FDA-A784-B02F4836EDCD}H:\python27\pythonw.exe] => H:\python27\pythonw.exe
FirewallRules: [{71F2490A-F596-499C-9507-BF4CC534D38C}] => H:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{86BCA907-B5D7-4475-A3DF-78CA1F95D230}] => H:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{C2D3CF3A-7911-4721-AF21-631074D3EB9C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C78CE6B2-AE18-4C62-BCBC-336A4A62AB54}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0F39497-C253-4DD0-8E5D-7C3D7245C42B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C10F955-00F5-457D-B80E-97F9C85917EC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{069453F5-C6A9-49E6-A380-DBCBDA45E0AF}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{CB854EAC-3BFC-40C6-994A-BB98448108D1}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{095C7189-F9AD-44D6-BA93-2FA4505DD249}] => H:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{0D411350-35F4-457D-BF27-33102433796D}] => H:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [TCP Query User{F0609EB7-5E48-4D1A-8F9A-F93F8E395856}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3D77C1E9-7F3B-4D2E-9578-BC6607EC1715}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CA291E73-DAD7-41C4-AD98-76636BAFB48C}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [UDP Query User{ECCB1CEC-6B65-4B72-9538-5899F7EC4043}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [TCP Query User{CEF78263-54CB-4AC8-9F61-16DC85881F4D}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8872D162-A623-462D-808A-19026EEA4355}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5E1DCC6B-9489-43AE-8945-6CE02AC133A4}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3D21EE3B-A52B-4CEE-A84A-7EC5CC45E5B5}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F31E37DD-968E-4A44-85E7-32C26BC8F66C}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{17CCB679-B359-41FD-8030-FBB62EC1C82C}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5F26AC32-2D07-4FCC-B122-E1422601D721}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{27CE43D1-88B1-462C-BE86-5B6E6B6C2217}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{7EA9D334-6A4D-4ED3-8839-29AA492168C1}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{30996D83-787E-4C99-AD74-3E1818AEE945}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5D7BAD12-6694-4937-A96F-05977D4FCF54}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{21E87AD9-E3A1-440A-9265-A59FDF18F312}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{553E5FCA-F885-46CE-920D-AD595B65678E}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{101E8354-F7FC-494F-AE54-AD6EB698B681}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{2A01B7AA-32B1-4A3D-A7DE-2FCD08D9BC8C}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{3C479ABA-50F4-42DA-90DB-339CAEA91C1B}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [{104D2721-1E1F-40E6-BD48-6AE15531D904}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{1573C055-BBCA-4986-B39A-E59B467C5C9D}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{25F866BC-962D-4FE8-BD6C-5EFEBDB633BD}] => H:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{25523F8E-D971-4043-A0CF-7E02C1B2EC0E}] => H:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{01FCB387-8EB0-4947-87CC-F0C0A9005F19}] => H:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{F8CDB9A5-E68F-4037-83F6-2593983270B8}] => H:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [TCP Query User{D531685B-9913-4161-99D5-F4A9413D14CC}H:\program files\unity\monodevelop\bin\monodevelop.exe] => H:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{350E9FD7-786F-4529-A705-AF3D8571DABF}H:\program files\unity\monodevelop\bin\monodevelop.exe] => H:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{E46759F7-7C8E-424A-BD87-17DE417DFDCE}] => H:\Program Files (x86)\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [{994B652C-2115-4416-8041-0E9AF87F6EAF}] => H:\Program Files (x86)\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [TCP Query User{ACB122E3-011E-42A0-8648-B33D4EF18557}H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe] => H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe
FirewallRules: [UDP Query User{A04FCFD7-4A1C-4106-9CE4-061CE75F0DA0}H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe] => H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe
FirewallRules: [TCP Query User{06D94B6A-93AF-4EB6-BF77-05E89844BD83}H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe] => H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe
FirewallRules: [UDP Query User{69E03B0E-C877-4CE4-AC2C-EF3E2F2A16F3}H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe] => H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe
FirewallRules: [{56F26B19-FB9D-4F6F-BDAA-4A48A73C6FD6}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{80C39C54-6519-4920-A680-12466C1EE236}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [TCP Query User{87224811-B33A-48E9-B09E-31B55D81707B}H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe] => H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe
FirewallRules: [UDP Query User{AF9AC695-8947-4F97-8D19-CB0E4B1560F9}H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe] => H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe
FirewallRules: [TCP Query User{9A5BC22A-1D94-4B79-93FE-080D96352BD3}H:\program files (x86)\battle.net\overwatch\overwatch.exe] => H:\program files (x86)\battle.net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{32764D9F-4E45-4411-AC56-8D2D48F39762}H:\program files (x86)\battle.net\overwatch\overwatch.exe] => H:\program files (x86)\battle.net\overwatch\overwatch.exe
FirewallRules: [{DA39ED84-2024-4FDB-8B2C-863D63D06CCF}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{6644982D-4A62-419F-BACF-800DFCC7CB28}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{C0EE1AA7-6291-4497-A7D0-52FF7DEC30B6}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B60B3019-1184-49CA-9623-8ADECA657934}] => LPort=2869
FirewallRules: [{CA1AB140-1F21-404A-9CD2-2CDC8E84AEA3}] => LPort=1900
FirewallRules: [TCP Query User{DD3951F5-2159-42B1-8604-98463A879DC4}H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{EFA5F58A-5FCB-4A97-810F-5A7FF588FC11}H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{59C03880-8CA2-455E-AAEF-E4D0CF519D9A}H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{CA7C2FC5-AC30-440D-AEA4-DE8950144F4B}H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{5BC94CCB-0E3B-491F-BDA2-B8B75F2F82B9}H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe] => H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{B3103729-DBF5-4D88-8F22-226BED38F796}H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe] => H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe
FirewallRules: [{88C7E1DB-3121-40CA-8A74-00D5F4B5942C}] => H:\Program Files (x86)\Steam\steamapps\common\Helen's Mysterious Castle\helen\start.exe
FirewallRules: [{361AFE77-9BB5-4B1E-BC2F-3F3FCC7852B0}] => H:\Program Files (x86)\Steam\steamapps\common\Helen's Mysterious Castle\helen\start.exe
FirewallRules: [{5387826C-D545-4DC5-AD2D-98BFA9ED28FD}] => H:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe
FirewallRules: [{27A6D6B0-C6C1-44B9-888A-15A3535FD569}] => H:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe
FirewallRules: [TCP Query User{AE9F3EB2-0C58-4A06-9646-35A3B0A15D95}H:\program files (x86)\arduino\java\bin\javaw.exe] => H:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{D3B7BA05-F4DA-4617-914F-FC64493CCF69}H:\program files (x86)\arduino\java\bin\javaw.exe] => H:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{50551B7E-2B3B-444A-9306-C3FE03DAEFE7}] => H:\Users\Duranta\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{EC886BE3-5D5B-46B9-8A67-1829CDB8F46C}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [TCP Query User{46927148-FB17-424B-B600-AB758D23F9D3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe] => C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe
FirewallRules: [UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe] => C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe
FirewallRules: [TCP Query User{E8760EF3-7E6C-47F2-A56E-84C5409F42A6}H:\games\stepmania 5\program\stepmania.exe] => H:\games\stepmania 5\program\stepmania.exe
FirewallRules: [UDP Query User{2FAD8C34-83A6-49F3-A7A7-6476698C9D59}H:\games\stepmania 5\program\stepmania.exe] => H:\games\stepmania 5\program\stepmania.exe
FirewallRules: [{10996719-D7E3-4710-A9D7-EB8B022F6B15}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{7B5AC723-D4E7-4A50-AEDE-1202DE3E1445}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{8E9736C5-615A-4B36-8367-A29B55A9298C}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{870228C5-9613-4883-A7AC-98AFEF2C0AC9}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{8720E9E0-FDF0-42C4-B8F0-2FBA948E4C03}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{D777A63B-C44A-4AC0-9295-0A073547B10F}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{62050D13-5299-4490-A1FC-E2D08A549513}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{4230C3B5-D8AC-4595-BC04-046EB657F9D7}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{B7F4D2C8-99D7-4362-B379-662D29785666}] => H:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D6467C55-911C-4C5A-BACC-EEAE81F6189D}] => H:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{C7148E4D-3A75-434A-AB6F-A7FE8CF191E0}H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{EF2DCEF6-DE53-4F64-A0EE-4D58033D75AB}H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{273B25E7-F292-4C29-918E-65C38A3B564E}C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe] => C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{B22F4F79-1F6C-4B4E-8C33-2629AED02DC4}C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe] => C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{345C10E7-BA32-4DF1-A8BA-5C6E4BA7FA4C}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{1409FF4E-FA91-45A8-822E-3924344CEE2B}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{3C43859D-20C1-41ED-AF0B-EAFD88C9A317}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{599D1C6F-642E-46FD-90BB-4CC28FB8F5C3}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{D1DC69D3-8174-4F6B-84F2-595C9B0BAF23}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{75FB2834-755D-4FB6-A5A1-692C1E7F0DDB}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{F55CE67E-3E63-4FFE-A797-F057F50ED654}] => H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{323F64FA-ACDE-4A9F-BC58-5D7C61829715}] => H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{75DE6C70-580F-4450-ACC9-17C951F24480}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C47F78C-1CFD-4FBB-92DD-5003873FA188}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{E4E48063-75C7-4D81-8D4C-91A772B9AD1F}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
 
==================== Restore Points =========================
 
30-12-2016 11:22:34 Windows Update
31-12-2016 21:21:33 Installed Proclaim
03-01-2017 12:11:37 Windows Update
04-01-2017 12:58:32 Installed Microsoft Server Speech Text to Speech Voice (en-US, Helen)
04-01-2017 12:59:04 Installed Microsoft Server Speech Text to Speech Voice (en-CA, Heather)
04-01-2017 12:59:17 Installed Microsoft Server Speech Text to Speech Voice (es-ES, Helena)
04-01-2017 12:59:25 Installed Microsoft Server Speech Text to Speech Voice (es-MX, Hilda)
04-01-2017 12:59:33 Installed Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro)
04-01-2017 13:03:40 Installed Microsoft Server Speech Platform Runtime (x64)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/06/2017 07:45:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/05/2017 06:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/05/2017 10:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/05/2017 01:21:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cosmic(2).exe version 1.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1e08
 
Start Time: 01d267313cdf57c4
 
Termination Time: 47
 
Application Path: H:\CyberStep\CosmicBreak_eng\programs\cosmic(2).exe
 
Report Id: 4cb92252-d328-11e6-b970-00acd8b67a8d
 
Error: (01/04/2017 06:08:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cosmic(2).exe version 1.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17b0
 
Start Time: 01d266f6897f210a
 
Termination Time: 31
 
Application Path: H:\CyberStep\CosmicBreak_eng\programs\cosmic(2).exe
 
Report Id: c9bf0d80-d2eb-11e6-b970-00acd8b67a8d
 
Error: (01/04/2017 05:53:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cosmic(2).exe version 1.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c48
 
Start Time: 01d266f1d08f8489
 
Termination Time: 25
 
Application Path: H:\CyberStep\CosmicBreak_eng\programs\cosmic(2).exe
 
Report Id: be530bdb-d2e9-11e6-b970-00acd8b67a8d
 
Error: (01/04/2017 05:19:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cosmic(2).exe version 1.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 20a8
 
Start Time: 01d266edbfb8271f
 
Termination Time: 42
 
Application Path: H:\CyberStep\CosmicBreak_eng\programs\cosmic(2).exe
 
Report Id: f835fb45-d2e4-11e6-b970-00acd8b67a8d
 
Error: (01/04/2017 10:55:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cosmic(2).exe version 1.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b0c
 
Start Time: 01d266b4d84b26ff
 
Termination Time: 42
 
Application Path: H:\CyberStep\CosmicBreak_eng\programs\cosmic(2).exe
 
Report Id: 61849791-d2af-11e6-b970-00acd8b67a8d
 
Error: (01/04/2017 10:03:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XBoxStat.exe, version: 1.20.146.0, time stamp: 0x4ac3f515
Faulting module name: XBoxStat.exe, version: 1.20.146.0, time stamp: 0x4ac3f515
Exception code: 0x40000015
Fault offset: 0x000000000002385e
Faulting process id: 0x1074
Faulting application start time: 0x01d266b4c13bfb07
Faulting application path: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
Faulting module path: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
Report Id: 10bf2986-d2a8-11e6-b970-00acd8b67a8d
 
Error: (01/04/2017 10:01:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (01/06/2017 08:17:18 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Bav Mini Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/06/2017 07:45:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Display Driver Service service to connect.
 
Error: (01/06/2017 07:44:25 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (01/05/2017 06:52:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Display Driver Service service to connect.
 
Error: (01/05/2017 06:51:47 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (01/05/2017 10:40:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.72.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x800704e8
 
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
 
Error: (01/05/2017 10:28:38 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (01/04/2017 10:01:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Display Driver Service service to connect.
 
Error: (01/04/2017 10:01:10 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (01/03/2017 12:12:13 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.233.3794.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13303.0
 
Error code: 0x800704e8
 
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-02 03:38:04.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:38:04.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:38:04.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:38:04.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:38:03.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:38:03.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:38:03.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-02 03:38:03.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-01 20:01:20.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-01 20:01:20.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 15797.36 MB
Available physical RAM: 10795.77 MB
Total Virtual: 15795.55 MB
Available Virtual: 10393.24 MB
 
==================== Drives ================================
 
Drive c: (BLAZE) (Fixed) (Total:223.35 GB) (Free:90.35 GB) NTFS
Drive f: (THE 1ST COMING) (Fixed) (Total:931.51 GB) (Free:391.26 GB) NTFS
Drive h: (THE_NEW) (Fixed) (Total:2794.39 GB) (Free:1169.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 57308FE2)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 0CD10CD1)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4B1ABF4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


Edited by TKLF2, 06 January 2017 - 02:16 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 11 January 2017 - 12:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/636690 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 TKLF2

TKLF2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 11 January 2017 - 03:31 PM

Quick story:

Made a python script, decided it was easier to distribute it via standalone, installed py2exe and pyinstaller to create a .exe.

pyinstaller standalone created an infected .exe (which I carelessly ran myself to test it).

A user was wise enough to run a virustotal scan, it came up as infected:
https://www.virustotal.com/en/file/2d2d58ebda4dd70bcbc1c2ef67baa4f0f02a28f733fbf11fa25f17bd4de1eb96/analysis/

 

Could've been pyinstaller or could've been those clickbait articles... Anyways.

Ran a full scan using Window Securtity Essentials, came back clean.

Ran a Malwarebytes scan of the infected .exe file, also came back clean (lol)

 

Upon reboot after the scan, browser loads pages slow, sometimes hangs and refuses to connect to certain sites, bleepingcomputer.com included.

I had to download FRST64 on my laptop and reupload it to a different url, then redownload it - not using USB or Dropbox in case of risk of it hopping onto that.

This site can't be reached, www.google.com's server DNS address could not be found.

 

Haven't noticed any other symptoms yet, hence "and possibly others".

 

As such, when I ran FRST64.exe, it couldn't check for updates and threw the error (Failed to Update (1)), current version 01-01-2017.

 

EDIT: FRST was also run while the infected computer was NOT connected to the internet

 

To append on what's happened in the time between:

I've connected to the internet with the infected PC a couple times (mainly to re-download FRST), but otherwise the ethernet cable was popped out, and the PC in question hasn't been in much use since, though I do need to use it in the following week or so.

I don't know where my Windows DVD is, can look for it, but not too hopeful on that front.

 

Yesterday I booted it up into safemode and uninstalled a couple of older programs that weren't in use, then shut it down after that was done.

LOGS === 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2017
Ran by Duranta (administrator) on AARON-PC (11-01-2017 12:21:42)
Running from H:\Users\Duranta\Downloads
Loaded Profiles: Duranta (Available Profiles: Aaron & Duranta)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SUPERAntiSpyware.com) H:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) H:\Program Files\SCP\bin\ScpService.exe
(Hi-Rez Studios) H:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) H:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Malwarebytes) H:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SUPERAntiSpyware) H:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Users\Duranta\AppData\Local\Google\Update\GoogleUpdate.exe
(Flux Software LLC) C:\Users\Duranta\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) H:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Creative Technology Ltd) F:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Dropbox, Inc.) H:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Autodesk Inc.) C:\Users\Duranta\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(ShareX Team) H:\Program Files\ShareX\ShareX.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unicodeinput.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) H:\Users\Duranta\Downloads\lmpzrj.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-12-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2016-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Malwarebytes TrayApp] => H:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => F:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2015-01-28] (Autodesk, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [SUPERAntiSpyware] => H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-13] (SUPERAntiSpyware)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Duranta\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [Dropbox Update] => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [Google Update] => C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [f.lux] => C:\Users\Duranta\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\MountPoints2: {a31acc46-86e6-11e4-9234-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\THEMAT~1.SCR [1474560 2014-10-18] (The Matrix Trilogy Screensaver Development Team)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-12-18]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2016-12-07]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> H:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-22]
ShortcutTarget: Dropbox.lnk -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-12-03]
ShortcutTarget: ShareX.lnk -> H:\Program Files\ShareX\ShareX.exe (ShareX Team)
Startup: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unicodeinput.exe [2005-08-27] ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.144.18 64.59.144.19 64.59.144.93
Tcpip\..\Interfaces\{9A3FBC21-F614-488E-8AAE-D504C7F23C40}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{B51737F8-7650-4BED-9880-A5AD9B741DEB}: [DhcpNameServer] 64.59.144.18 64.59.144.19 64.59.144.93

Internet Explorer:
==================
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-06] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5dpzb8lw.default
FF ProfilePath: H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default [2017-01-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5dpzb8lw.default -> DuckDuckGo
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\5dpzb8lw.default -> DuckDuckGo
FF Session Restore: Mozilla\Firefox\Profiles\5dpzb8lw.default -> is enabled.
FF Extension: (Ank Pixiv Tool) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\ankpixiv@snca.net.xpi [2015-12-22]
FF Extension: (YouTube Video and Audio Downloader) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-12-05]
FF Extension: (Firebug) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-10]
FF Extension: (MEGA) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\firefox@mega.co.nz.xpi [2017-01-03]
FF Extension: (ExHentai Easy 2) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-11]
FF Extension: (Media Converter and Muxer) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2016-11-28]
FF Extension: (Pixiv Stack Preloader) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\jid1-NIBnScNighr6Pw@jetpack.xpi [2016-04-27]
FF Extension: (NicoFox) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\nicofox@littlebtc.xpi [2016-03-04]
FF Extension: (Rikaichan Japanese-English Dictionary File) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\rikaichan-jpen@polarcloud.com [2016-01-03]
FF Extension: (S3.Google Translator) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\s3google@translator.xpi [2016-10-19]
FF Extension: (Scriptish) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\scriptish@erikvold.com.xpi [2016-11-16]
FF Extension: (Tab Groups) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\tabgroups@quicksaver.xpi [2016-12-13]
FF Extension: (The Addon Bar (restored)) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-03]
FF Extension: (Rikaichan) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2015-05-29]
FF Extension: (Stylish) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-08-10]
FF Extension: (Image Search Options) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2016-03-04]
FF Extension: (Adblock Plus) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Tab Mix Plus) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-28]
FF Extension: (DownThemAll!) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29]
FF Extension: (Greasemonkey) - H:\Users\Duranta\AppData\Roaming\Mozilla\Firefox\Profiles\5dpzb8lw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> H:\Program Files (x86)\GPAC\nposmozilla.dll [2015-05-11] ( )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @talk.google.com/GoogleTalkPlugin -> H:\Users\Duranta\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @talk.google.com/O1DPlugin -> H:\Users\Duranta\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: @unity3d.com/UnityPlayer,version=1.0 -> H:\Users\Duranta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: SkypePlugin -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\npGatewayNpapi.dll [2016-11-24] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-257327388-1608073867-2457305106-1002: SkypePlugin64 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\npGatewayNpapi-x64.dll [2016-11-24] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: H:\Users\Duranta\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: H:\Users\Duranta\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - H:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
CHR Extension: (Google Slides) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (Skype Calling) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-12-10]
CHR Extension: (YouTube) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (uBlock Origin) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-01-01]
CHR Extension: (Google Search) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Tampermonkey) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-08]
CHR Extension: (Axure RP Extension for Chrome) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2016-04-14]
CHR Extension: (Google Sheets) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Stylish) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-12-09]
CHR Extension: (appchan x) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfibffekgcmgabbfaibbbcapgnfobnoi [2016-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (rikaikun) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Duranta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; H:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-12-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 Ds3Service; H:\Program Files\SCP\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
U2 HiPatchService; H:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MBAMService; H:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 Origin Client Service; H:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S3 OVRService; H:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe [231560 2015-03-26] (Oculus VR) [File not signed]
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-10-08] (Power Admin LLC)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SEVPNCLIENT; H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2016-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-04] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-06-28] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-06] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-06] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-06] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-06] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-06] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0116.sys [28640 2015-02-24] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN-CB; C:\Windows\System32\DRIVERS\Neo_0004.sys [28640 2015-02-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 OCUSBVID; C:\Windows\System32\DRIVERS\OCUSBVID.sys [61048 2015-03-26] (Oculus VR, LLC)
R1 RiftEnabler; C:\Windows\System32\DRIVERS\RiftEnabler.sys [55880 2015-03-26] (Oculus VR, LLC)
R1 SASDIFSV; H:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; H:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-12-19] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-06 09:21 - 2017-01-11 12:21 - 00000000 ____D C:\FRST
2017-01-06 08:17 - 2017-01-06 08:17 - 00000000 ____D C:\ProgramData\Baidu
2017-01-06 07:50 - 2017-01-06 07:50 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-06 07:49 - 2017-01-06 07:50 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-06 07:49 - 2017-01-06 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-06 07:49 - 2017-01-06 07:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-06 07:49 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-30 11:41 - 2016-12-30 11:41 - 00000000 ____D C:\Users\Duranta\AppData\Local\FluxSoftware
2016-12-27 01:48 - 2016-12-27 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2016-12-12 21:12 - 2016-12-12 21:12 - 00000000 ____D C:\Users\Duranta\AppData\Local\Chromium

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 12:20 - 2009-07-13 20:45 - 00022416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-11 12:20 - 2009-07-13 20:45 - 00022416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-11 12:18 - 2016-04-15 09:28 - 00390260 _____ C:\Windows\system32\prfh0404.dat
2017-01-11 12:18 - 2016-04-15 09:28 - 00373088 _____ C:\Windows\system32\prfh0804.dat
2017-01-11 12:18 - 2016-04-15 09:28 - 00119574 _____ C:\Windows\system32\prfc0804.dat
2017-01-11 12:18 - 2016-04-15 09:28 - 00115072 _____ C:\Windows\system32\prfc0404.dat
2017-01-11 12:18 - 2015-05-13 12:51 - 00416826 _____ C:\Windows\system32\perfh011.dat
2017-01-11 12:18 - 2015-05-13 12:51 - 00122208 _____ C:\Windows\system32\perfc011.dat
2017-01-11 12:18 - 2009-07-13 21:13 - 02310432 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-11 12:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-01-11 12:17 - 2014-12-19 02:02 - 00000000 ____D C:\Users\Duranta\AppData\Local\Adobe
2017-01-11 12:17 - 2014-12-18 20:16 - 00000000 __SHD C:\Users\Duranta\IntelGraphicsProfiles
2017-01-11 12:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-10 18:28 - 2015-02-09 12:13 - 01771978 _____ C:\Windows\ntbtlog.txt
2017-01-10 18:24 - 2015-03-08 13:43 - 00000000 ____D C:\Users\Duranta\AppData\Local\Deployment
2017-01-10 18:19 - 2014-12-18 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberStep, Inc
2017-01-10 18:19 - 2014-12-18 13:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-06 15:25 - 2016-03-20 19:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-06 14:54 - 2015-06-18 22:27 - 00000704 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA.job
2017-01-06 00:17 - 2014-12-18 19:45 - 00000000 ____D C:\Users\Duranta
2017-01-05 20:54 - 2015-06-18 22:27 - 00000652 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core.job
2017-01-05 18:46 - 2015-02-11 12:07 - 00001456 _____ C:\Users\Duranta\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-05 16:49 - 2014-12-29 18:30 - 00000000 ____D C:\Users\Duranta\AppData\Local\Warframe
2017-01-04 13:03 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-01-04 10:03 - 2015-03-14 22:43 - 00000000 ____D C:\Users\Duranta\AppData\Local\CrashDumps
2016-12-31 21:21 - 2015-04-10 17:31 - 00000000 ____D C:\Users\Duranta\AppData\Local\Proclaim
2016-12-16 17:10 - 2015-01-28 00:04 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 17:10 - 2015-01-28 00:04 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 17:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Tasks
2016-12-16 16:41 - 2015-09-28 19:12 - 00003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA
2016-12-16 16:41 - 2015-09-28 19:12 - 00003030 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core
2016-12-15 11:11 - 2015-01-28 00:06 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-13 11:25 - 2016-03-20 19:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 11:25 - 2014-12-19 02:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 11:25 - 2014-12-19 02:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 11:25 - 2014-12-18 16:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 11:25 - 2014-12-18 16:12 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 11:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-12 21:12 - 2015-02-18 21:07 - 00000000 ____D C:\Users\Duranta\AppData\Local\Steam

==================== Files in the root of some directories =======

2015-12-08 12:15 - 2015-12-08 12:15 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-11-04 18:07 - 2016-08-01 23:44 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-04-06 23:16 - 2017-01-05 20:17 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-12-02 23:42 - 2016-12-02 23:44 - 0000132 _____ () H:\Users\Duranta\AppData\Roaming\Adobe Targa Format CS6 Prefs
2015-09-21 16:31 - 2016-08-15 19:24 - 0000034 _____ () H:\Users\Duranta\AppData\Roaming\AdobeWLCMCache.dat
2015-02-11 12:07 - 2017-01-05 18:46 - 0001456 _____ () C:\Users\Duranta\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-05-10 17:30 - 2012-05-10 17:30 - 0024836 _____ () C:\Users\Duranta\AppData\Local\CurrentSessionPL.ls3
2015-07-19 13:06 - 2015-10-24 15:58 - 0003584 _____ () C:\Users\Duranta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-30 17:50 - 2016-09-30 17:50 - 0000600 _____ () C:\Users\Duranta\AppData\Local\PUTTY.RND
2016-09-15 11:13 - 2016-09-15 11:13 - 0000856 _____ () C:\Users\Duranta\AppData\Local\recently-used.xbel
2015-04-07 14:08 - 2015-04-07 14:08 - 0007612 _____ () C:\Users\Duranta\AppData\Local\Resmon.ResmonCfg
2015-09-09 18:52 - 2015-09-09 18:52 - 0000032 RSHOT () C:\Users\Duranta\AppData\Local\t70rc.dat
2016-09-15 21:14 - 2016-09-15 21:14 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 19:18

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2017
Ran by Duranta (11-01-2017 12:22:53)
Running from H:\Users\Duranta\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2014-12-18 21:51:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Aaron (S-1-5-21-257327388-1608073867-2457305106-1000 - Administrator - Enabled) => C:\Users\Aaron
Admin (S-1-5-21-257327388-1608073867-2457305106-1001 - Administrator - Enabled)
Administrator (S-1-5-21-257327388-1608073867-2457305106-500 - Administrator - Disabled)
Duranta (S-1-5-21-257327388-1608073867-2457305106-1002 - Administrator - Enabled) => C:\Users\Duranta
Guest (S-1-5-21-257327388-1608073867-2457305106-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Lite (HKLM\...\{C8DBD634-0B82-4B2A-BB89-E027DA31E04B}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Production Premium (HKLM-x32\...\{045D4EDF-8DC1-43D7-BAFC-7AAEF99C7168}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC5}) (Version: 19.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.9 - Arduino LLC)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk)
Autodesk Download Manager (HKLM-x32\...\{EC92633C-8F08-470A-BCDF-3FE5FD778C8D}) (Version: 4.0.14.0 - Autodesk, Inc.)
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.2.1633.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.2.1633.0 - Autodesk) Hidden
Autodesk Maya 2015 SP2 (HKLM\...\Autodesk Maya 2015 SP2) (Version: 15.2.1633.0 - Autodesk)
AutoHotkey 1.1.13.00 (HKLM\...\AutoHotkey) (Version: 1.1.13.00 - Lexikos)
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3169 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 (x32 Version: 7.0.0.3169 - Axure Software Solutions, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.73a - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Animation Factory (HKLM-x32\...\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}) (Version: 1.4.1.0 - D01 MicroApps)
Charles 3.10.1 (HKLM\...\{8713B034-63EC-45DE-8195-D475CE12513E}) (Version: 3.10.1.1 - XK72 Ltd)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version: - Torn Banner Studios)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{961D5D7E-3DEC-4E3B-9065-EA8074923B18}) (Version: 3.31.7643.1 - Sony Computer Entertainment Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
CosmicBreak_eng (HKLM-x32\...\{F67DA720-DDF8-4DFD-925A-D53D5C23A8E7}) (Version: 1.00.0000 - CyberStep, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls III, âåðñèÿ 2.0 (HKLM-x32\...\Dark Souls III_is1) (Version: 2.0 - Bandai Namco)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version: - FromSoftware)
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc)
Discord (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dying Light Demo (HKLM\...\Steam App 381570) (Version: - Techland)
EDGE (HKLM-x32\...\Steam App 38740) (Version: - Two Tribes)
Epic Games Launcher (HKLM-x32\...\{DC13677B-1214-409C-8127-41BBC4445C61}) (Version: 1.1.73.0 - Epic Games, Inc.)
EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: - EVGA)
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
f.lux (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Flux) (Version: - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.242.35310 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\GameMaker-Studio14) (Version: - YoYo Games Ltd.)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version: - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Helen's Mysterious Castle (HKLM\...\Steam App 418190) (Version: - Satsu)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotspot Shield 5.0.2 (HKLM-x32\...\HotspotShield) (Version: 5.0.2 - AnchorFree Inc.)
HuniePop (HKLM-x32\...\Steam App 339800) (Version: - HuniePot)
Hyper Light Drifter (HKLM-x32\...\1452863689_is1) (Version: 2.6.0.8 - GOG.com)
iFunbox (v2.91.2439.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.91.2439.748 - )
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.5 - PACE Anti-Piracy)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 6.1.1 - JPEXS)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version: - Avalanche Studios)
K-Lite Codec Pack 11.2.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.0 - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Legend of Grimrock 2 (HKLM-x32\...\Legend of Grimrock 2) (Version: - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
Live2D Cubism 2.1.01 (HKLM-x32\...\Live2D Cubism) (Version: 2.1.01 - Live2D Inc.)
LukaV4 English Soft Vocaloid4 Library (HKLM-x32\...\LukaV4 English Soft Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
LukaV4 English Straight Vocaloid4 Library (HKLM-x32\...\LukaV4 English Straight Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
LukaV4 Japanese Hard Vocaloid4 Library (HKLM-x32\...\LukaV4 Japanese Hard Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
LukaV4 Japanese Soft Vocaloid4 Library (HKLM-x32\...\LukaV4 Japanese Soft Vocaloid4 Library_is1) (Version: Vocaloid4 Library - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Max 5.0.7 (HKLM-x32\...\{0470A26E-E4C4-47AF-9152-B04B0121FC3B}) (Version: 5.0.7 - Cycling '74)
MeGUI (remove only) (HKLM-x32\...\MeGUI) (Version: 0.3.5 - MeGUI Team)
Melodics version 1.0.3577.0 (HKLM\...\Melodics_is1) (Version: 1.0.3577.0 - )
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.2.1633.0 - mental ray)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-CA, Heather) (HKLM-x32\...\{6483CAE5-A44C-4CC4-8DD2-4F73C00471EC}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, Helen) (HKLM-x32\...\{8466EAED-7024-4AEE-9D13-F3A55B98D114}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (es-ES, Helena) (HKLM-x32\...\{8A732901-9531-4CC2-8D5B-9CBA1D8DE4FD}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (es-MX, Hilda) (HKLM-x32\...\{01C2594B-FA78-4C33-A9B7-6090A5EF7E90}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MKVToolNix 7.9.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.9.0 - Moritz Bunkus)
Momodora III (HKLM\...\Steam App 302790) (Version: - rdein)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-US) (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Node.js (HKLM\...\{68EDB54E-2CFB-454E-BBF0-3E41E157E552}) (Version: 6.2.2 - Node.js Foundation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
Oculus Display Driver (Install Only) (HKLM\...\{50700EF8-2D6A-4122-B307-E37A5E1F32D5}) (Version: 1.2.4.0 - Oculus VR, LLC)
Oculus Positional Tracker Driver (Install Only) (HKLM\...\{8741739C-8CB4-47C2-B36C-A860AD180BDA}) (Version: 1.0.9.0 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.5.0.1) (Version: 0.5.0.1 - Oculus VR, LLC)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
Proclaim (HKLM-x32\...\{06D16094-4B51-47F1-951F-DC775C129D03}) (Version: 2.0.32 - Faithlife Corporation)
Proclaim Prerequisites (HKLM\...\{BAD7A1DD-09F9-474E-A798-0695F49B2A03}) (Version: 1.28.0151 - Faithlife Corporation)
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
qBittorrent 3.3.0 (HKLM-x32\...\qBittorrent) (Version: 3.3.0 - The qBittorrent project)
Qcma (HKLM\...\Qcma) (Version: 0.3.9 - codestation)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Red Giant Complete Suite (HKLM\...\{6CC14806-DDC9-4050-AF28-B41CAE31580F}) (Version: - Red Giant Software)
Resource Hacker Version 4.2.5 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
RPG Maker MV (HKLM-x32\...\RPGMV_is1) (Version: 1.0.0.0 - KADOKAWA)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version: - )
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.4.1 - ShareX Team)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Web Plugin (HKLM-x32\...\{16A6A6CB-6959-4C8B-82FC-57F87332B4A2}) (Version: 7.29.0.72 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SmartGit (HKLM-x32\...\SmartGit h:/program files (x86)/smartgit_is1) (Version: - syntevo GmbH)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.03 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM-x32\...\Steam App 250820) (Version: - )
Steins;Gate version 1.0 (HKLM\...\{2A05A52B-BDD8-4FD5-A65A-687CB10D98DF}_is1) (Version: 1.0 - JAST USA)
StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.12 - StepMania)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
SWFRIP 0.4 (HKLM-x32\...\SWFRIP) (Version: - )
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Matrix Trilogy Screensaver (HKLM-x32\...\MX-3 Starfield Screensaver) (Version: 0.58 - Jan Ringoš)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
Tiled (HKLM-x32\...\{45A2308F-C6C2-468D-B8C1-95AF5797ACEF}) (Version: 0.16.0 - mapeditor.org)
Tiled2Unity (win32) (HKLM-x32\...\{91B20082-6384-40D1-B090-33DCBA492ABE}) (Version: 1.0.4.8 - Sean)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.9.6 - Electronic Arts)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Tree of Savior (English Ver.) (HKLM-x32\...\Steam App 372000) (Version: - )
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.3.5p8 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\UnityWebPlayer) (Version: 5.2.3f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version: - SEGA)
Vindictus (HKLM-x32\...\Steam App 212160) (Version: - Nexon)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vocaloid4 4.2.1 Free Edition (HKLM-x32\...\Vocaloid4 4.2.1 Free Edition_is1) (Version: Vocaloid4 4.2.1 Free Edition - )
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XnViewMP 0.72 (HKLM\...\XnViewMP_is1) (Version: 0.72 - Gougelet Pierre-e)
闇夜ト星ノ冥土館 ~ぷにゅぷりXX~ (HKLM-x32\...\闇夜ト星ノ冥土館 ~ぷにゅぷりXX~) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{0284FA1D-248C-45D4-9AD0-DAF9D6F409DD}\localserver32 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{542D7DEF-9319-488A-AF69-9FD2ED9D48A2}\InprocServer32 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Duranta\AppData\Local\SkypePlugin\7.29.0.72\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> H:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> H:\Users\Duranta\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046D2FDF-B863-4141-8CBB-118A9B9B8BC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA => C:\Users\Duranta\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.)
Task: {0541AD9C-1A4F-43EB-AB10-D7AECB9B185E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core => C:\Users\Duranta\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.)
Task: {0D788B03-6467-4410-830C-77F93C7375B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {0E81A2F1-1019-445E-9D0A-102D71FC3169} - System32\Tasks\AdobeAAMUpdater-1.0-Aaron-PC-Duranta => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {26D3422D-D1F5-438A-8A2B-4EF0C0B7FBFF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {2A62B816-E938-497D-B7BE-948AD208328B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {32DEE7CD-5E52-4F5A-B6A9-2F9E83B6AE81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {33499B59-A35F-49B4-A653-25D44481F91A} - System32\Tasks\{D592055B-A443-43C1-A9D0-D5F9C5F39AFE} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/go/help.faq.installer?LastError=1603
Task: {9053FA9A-AB23-4DF7-9FC9-AA7D490C90AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B4404C3B-E937-472F-82F5-9383F5973EC8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {C2B54C37-02DE-4C25-B33C-ECBC0AD99033} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {EDE42026-DF1A-4FC8-AAF8-25E614906A20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {EE7E6999-F8C0-4120-90D3-D2EEED7CF73E} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002Core.job => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-257327388-1608073867-2457305106-1002UA.job => C:\Users\Duranta\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Duranta\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Duranta\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Duranta\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-22 13:55 - 2016-01-22 13:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-03-16 02:17 - 2016-03-16 02:17 - 00052912 _____ () H:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-10-20 12:58 - 2014-04-04 20:24 - 00109568 _____ () H:\Users\Duranta\Downloads\ntleas046_x64\ntleasCtx.dll
2015-01-01 13:04 - 2014-11-04 10:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-12-18 20:43 - 2013-01-25 11:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-12-18 20:43 - 2013-01-25 11:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-08-08 14:30 - 2013-08-08 14:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-01-22 13:54 - 2016-01-22 13:54 - 31420080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-04-06 23:16 - 2005-08-27 10:59 - 00053248 _____ () H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unicodeinput.exe
2016-08-10 10:14 - 2016-08-10 10:14 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2014-12-18 20:43 - 2013-01-25 11:07 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-12-18 20:43 - 2013-01-25 11:04 - 00248320 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-01-28 12:32 - 2016-01-28 12:32 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-12-09 16:30 - 2016-11-11 12:36 - 00035792 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-09 16:30 - 2016-11-11 12:36 - 00100296 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-09 16:30 - 2016-11-11 12:36 - 00018888 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-09 16:30 - 2016-12-21 10:26 - 00019760 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-09 16:30 - 2016-11-11 12:36 - 00694224 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00020816 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-09 16:30 - 2016-11-11 12:37 - 00123856 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 01682760 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00020808 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-12-22 00:50 - 2016-11-11 12:36 - 00145864 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-12-22 00:50 - 2016-11-11 12:37 - 00019408 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-12-22 00:50 - 2016-11-11 12:36 - 00116688 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-09 16:30 - 2016-11-11 12:38 - 00105928 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00021312 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00052024 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00038696 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-12-22 00:50 - 2016-11-11 12:36 - 00392144 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-12-22 00:50 - 2016-11-11 12:38 - 00020936 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00024528 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00116176 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-09 16:30 - 2016-12-21 10:26 - 00381752 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00124880 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00025424 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00024016 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00175560 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00030160 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00043472 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00048592 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-09 16:30 - 2016-11-11 12:38 - 00057808 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00024016 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00246592 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00026456 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 11:57 - 2016-11-11 12:37 - 00241104 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00020280 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00028616 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-09 16:30 - 2016-12-21 10:26 - 00023376 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00020800 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00019776 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00020800 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00350152 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-18 02:34 - 2016-12-21 10:26 - 00022352 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00024392 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 00:50 - 2016-11-11 12:35 - 00036296 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\librsync.dll
2016-12-22 00:50 - 2016-12-21 10:26 - 00084280 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-12-22 00:50 - 2016-12-21 10:26 - 01826096 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-09 16:30 - 2016-11-11 12:37 - 00083912 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\sip.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00531248 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 03928880 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 01972528 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00133424 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00224056 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00207672 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00020288 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-12-22 00:50 - 2016-11-11 12:42 - 00017864 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-12-22 00:50 - 2016-11-11 12:42 - 01631184 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-12-22 00:50 - 2016-12-21 10:26 - 00042808 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00171320 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 00:50 - 2016-12-21 10:26 - 00357680 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-09 16:30 - 2016-11-11 12:39 - 00060880 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 11:57 - 2016-12-21 10:26 - 00024904 _____ () H:\Users\Duranta\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-01-28 12:32 - 2016-01-28 12:32 - 01365696 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2016-01-28 12:32 - 2016-01-28 12:32 - 00219328 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2017-01-11 12:17 - 2014-12-04 18:27 - 00104328 _____ () C:\Users\Duranta\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-21 00:22 - 2016-01-21 00:22 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-21 00:22 - 2016-01-21 00:22 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-21 00:23 - 2016-01-21 00:23 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-01-21 00:23 - 2016-01-21 00:23 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-12 10:24 - 2016-02-12 10:24 - 00089280 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2016-01-21 00:22 - 2016-01-21 00:22 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Duranta\AppData\Local\Temp:Dz8URKblVxTjuL3T7BQCcw7 [2280]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Control Panel\Desktop\\Wallpaper -> H:\Users\Duranta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OculusConfigUtil.lnk => C:\Windows\pss\OculusConfigUtil.lnk.CommonStartup
MSCONFIG\startupfolder: H:^Users^Duranta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QCMA.lnk => C:\Windows\pss\QCMA.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "H:\Program Files (x86)\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A9F21774-9E4F-4C95-BDE2-1F51DC9CB8C9}] => C:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C0B71966-C415-46E7-B22E-20D2A6DA7522}] => C:\Users\Duranta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{14BDC1F1-119A-4E86-8505-7429929EC514}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9508D630-718B-4032-A836-8FF299F2D583}] => H:\Program Files (x86)\LAV Filters\x86\PotPlayer\sumire.exe
FirewallRules: [{E6E4BB44-A0FF-4241-9C0F-C1739A6E213C}] => H:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9075D4AC-FA94-4596-BFAC-4FD74778D2FB}] => H:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FFF849C-5A35-400E-90EF-0E3464A99DCF}] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{F66EF129-A686-4F6D-8DED-F255279DCD83}] => C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{C54F9DF1-3450-4BEC-B26F-EADE45CBF6CD}] => C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{EB612530-806E-479A-A7DE-A212FC2264AA}] => C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{801454A0-2E25-48E4-BDB2-653B29AAA895}] => C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{6020CE00-F2ED-4F50-958A-E225DFBAA754}] => C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{CBD7C5C0-BAD2-4271-B491-6CFCCECACA17}] => H:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{989CAF32-12D7-44AA-9DA2-C0B6CC575AB1}] => H:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5EEF297-5B00-4F3D-BAF1-B7ED11EC8DF3}] => H:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D9D51C4D-2E45-46B0-BD6F-34C8263237CA}] => H:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C0951BAA-799B-4661-88BC-3B118DD87BEB}] => H:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3E88BA04-A024-4594-BD19-C3F0E2CEF1F7}] => H:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{8D47537C-0455-46A0-A542-496B1522FB66}H:\program files (x86)\qbittorrent\qbittorrent.exe] => H:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{6D29D4A7-4940-4564-B762-3E83621B81D3}H:\program files (x86)\qbittorrent\qbittorrent.exe] => H:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{AB0BB83A-6DCD-487E-AE6E-9F9F6AED87BE}] => H:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{6A4FA666-335C-4701-A564-C42DE7D6A21C}] => H:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{7D7D67AF-2A4E-4B6C-8B02-C7BF45431321}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{11AF5762-C477-439F-869C-18F17E61AB32}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [TCP Query User{EBE956F3-BDD2-497F-84CE-BDF6BC01A44C}H:\program files\hexchat\hexchat.exe] => H:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{E9081DC1-5E63-42A1-A04D-7DE6BFBFFB01}H:\program files\hexchat\hexchat.exe] => H:\program files\hexchat\hexchat.exe
FirewallRules: [{1612B17E-8CFE-4EBF-BBDB-2728329C2725}] => H:\program files\hexchat\hexchat.exe
FirewallRules: [{81FC5CC8-63C3-4F7E-AF08-F1BD028AA63B}] => H:\program files\hexchat\hexchat.exe
FirewallRules: [{947AB1A1-2CC1-43C6-9EE5-D3DC39A2389D}] => H:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{976CB181-6D21-4341-8CFB-5BF81C3F9C13}] => H:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{0956CFBF-D420-4B0E-A24C-48A997E2BDFB}] => H:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D588C4D1-A0FD-4183-B7F7-BF788D124A67}] => H:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{800C5445-36F5-4F35-B3A0-445F69D549AF}] => H:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{D8FE2269-1223-47CB-BCD1-1A7C2BBC5687}] => H:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [TCP Query User{5A329D02-E328-481B-8301-54B77002368B}H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{EAE38977-A802-4AC0-9F9E-8BF5189AE599}H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => H:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{74CD9B54-A190-4CB1-AEE2-C247A49929D3}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{64B3267F-9F09-463D-BCD9-C16A53A655A2}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8798F1A3-59CA-4863-AE80-F2069D58F500}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{5AE23157-B8E5-43AC-A2FF-A77288D50E2F}] => H:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{AD5CFAAB-EA46-4390-8D54-8FA4B4DF667F}] => H:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{5AD8E69F-AF04-4D0C-BDA3-00161E7F1A10}] => H:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{AE3C461E-2696-4623-82CC-A728A013E1A1}] => H:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{8B426488-51E5-4411-A0D8-97D0CAFD9E41}] => H:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{7BBF6E92-A33A-40D3-83D6-A368BC3FAEDE}] => H:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{D3B76C66-869E-472D-81FE-D717D93B087F}] => H:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{F71DAE10-4BF5-4E11-923E-B58C6EDB1CBC}] => H:\Program Files (x86)\Steam\steamapps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{7D9598FE-9F96-4587-92A9-E9FA0E260F64}] => H:\Program Files (x86)\Steam\steamapps\common\StrikeVector\Binaries\Win32\UDK.exe
FirewallRules: [{77BF5992-C580-49DF-AAEA-B3130D078176}] => H:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{9BB2023C-C284-47CD-8150-C7D5490C6A83}] => H:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{2F324B76-8FD8-4526-B131-1FC0C2EC1B46}] => H:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{96573D50-449F-4844-BD84-0904CAE32A0C}] => H:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{E4547E54-C301-4550-B8D8-22915B90F079}] => H:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{7330C5FD-0C04-480B-A46E-356F2F55BAFE}] => H:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{8EDF783A-10E5-4BED-81DE-2640315C24FC}] => H:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F03AAEA8-826C-4E80-9AB4-37C0F84B74C7}] => H:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{31299395-6BDB-411E-8C59-8ADE576650E8}] => H:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{F78BAAC7-C3B4-4341-BD2F-679A02973535}] => H:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{ACEA5A31-0632-4F8F-AE9B-F27FFE9CDAB2}] => H:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{C2A6D14C-3350-4D12-A584-E87440F4D809}] => H:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [TCP Query User{2E9421D5-1254-4A0C-85E7-60F2452461A4}H:\program files (x86)\mozilla firefox\firefox.exe] => H:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{43188BB8-7871-4F6B-BC67-13EA06036341}H:\program files (x86)\mozilla firefox\firefox.exe] => H:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{101EE8E9-EAF3-4694-9836-DB0B21BB1926}] => H:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{1F3BE2F9-7CDF-4AE3-83CE-3F4D93FE7756}] => H:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [TCP Query User{FF3C4285-6B1E-48A7-A517-A8E515485016}H:\xampp\apache\bin\httpd.exe] => H:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{5D316066-E218-4ABF-A794-8CC60BA3B258}H:\xampp\apache\bin\httpd.exe] => H:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{6556E253-170E-40A5-BB5C-08DB922DBB77}H:\xampp\mysql\bin\mysqld.exe] => H:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{552FDEF4-3151-487D-A198-E2B13F1360CE}H:\xampp\mysql\bin\mysqld.exe] => H:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{CDF27A1B-620F-444D-86D7-E33C754BE88B}] => H:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{4D06D298-4AF0-438F-89CC-BABEAF5B8FE1}] => H:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{60ED758B-734A-4EA8-8BF6-AD1A2391B992}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [UDP Query User{F6C6D25B-7749-4BE3-8D59-0B5B6E2FB534}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [{E65B5666-058D-4920-9A2F-218A870CA0BB}] => H:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{4B56EE60-FC87-41DE-A84F-0F891DB518FA}] => H:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [TCP Query User{CAB7089B-4C57-4729-BF39-18D33A973A4B}H:\program files\qcma\qcma.exe] => H:\program files\qcma\qcma.exe
FirewallRules: [UDP Query User{D22F85A7-C6B1-486A-A740-6DFC65BF95EC}H:\program files\qcma\qcma.exe] => H:\program files\qcma\qcma.exe
FirewallRules: [{068F900B-B972-4C2F-9C94-026DE6B0FD76}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{5872E8DA-07C3-4231-AE7C-E529E2680976}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{C5DD1FCF-887A-407C-857E-DCAED31062AC}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{A2E074DC-F25C-46C8-8BE0-97078791EF1E}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [{CD5D294B-033D-4DF4-A2D7-C4BCBF0275E3}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\demo\bin\win32\hellovr_sdl.exe
FirewallRules: [{D2D77AF7-4669-4C62-844E-CE1289D4221C}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\demo\bin\win32\hellovr_sdl.exe
FirewallRules: [TCP Query User{5721ECBF-A678-4849-9D6C-1FA04255E679}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{514784F6-9E3B-4978-B909-5BBABC9079E2}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{462CA27C-615F-4496-9ABD-42EFC2BF5172}H:\program files\charlesproxy\charles.exe] => H:\program files\charlesproxy\charles.exe
FirewallRules: [UDP Query User{21F4AEEC-229E-4F2B-B210-864018909CDA}H:\program files\charlesproxy\charles.exe] => H:\program files\charlesproxy\charles.exe
FirewallRules: [TCP Query User{43E780F0-E77E-4501-8B69-596821F5BFB8}H:\program files\charles\charles.exe] => H:\program files\charles\charles.exe
FirewallRules: [UDP Query User{3D29AA5C-1140-494F-8881-54BD163ADD5B}H:\program files\charles\charles.exe] => H:\program files\charles\charles.exe
FirewallRules: [{A5A58932-BCAD-4739-B02F-F7A1D6BCC247}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{4405FD9E-39FE-4280-AA6B-18486F7D16FB}] => H:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [TCP Query User{1A94770B-769D-468A-9C47-39D9B198EA96}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1F9B35D9-EAF2-4885-B7D0-09BF1E1482F5}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0733A093-DF57-47A4-BEED-75E390AFA6A2}] => H:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{207C6820-C8F7-462C-B9C8-4C4ADCCB3819}] => H:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{D7777E78-D6D2-4379-9259-BA80AF719C66}] => H:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{49B3F394-B79E-4035-B9D2-7608F98338F0}] => H:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{29D39E77-6555-4CA0-B860-AFA5CCF53725}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{BC0E7741-6030-4549-9848-B6BBCB8770C6}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{B05B135C-3F24-4866-A282-5E9B25FB8830}] => H:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{B1CD4095-4548-4DC9-B3A9-FC02958D6D3A}] => H:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [TCP Query User{E53D1BD8-D75F-4517-87B3-7858EA8A416C}H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [UDP Query User{13825871-B2A2-4C69-9627-B6CDEC5D2ECB}H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => H:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{2F81C7EF-A3F0-4207-ABBD-11576919078C}] => H:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{82BA6C27-24AF-45DD-A9A9-4ADD0DE6821C}] => H:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{CFD355DD-64C5-4B9A-B431-9783185B9048}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{73BC5F11-3317-4F2A-8B0B-B8274D9845C7}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{12661177-566A-4D65-B577-E00431534277}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{EFB9FEEC-54C4-4853-B887-6272A7AFE105}] => H:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{BCF2FA06-5FC8-452F-A95D-AAD516F2191D}H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe] => H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [UDP Query User{321EC159-C94E-42C0-9554-CB474A847CE7}H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe] => H:\users\duranta\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [{AE15433E-A2E1-4985-B5C9-FBF79A12BDE1}] => H:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{9C91675C-71DA-4627-AF46-444C9901E585}] => H:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{31F5F231-8237-440C-886D-CEE29F293DAD}] => H:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{D705A15B-1DE6-49D7-9E52-63204DBBBA15}] => H:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{D1BBFADB-517C-4014-9EDD-7684B304A718}H:\program files\adobe\adobe flash cs6\flash.exe] => H:\program files\adobe\adobe flash cs6\flash.exe
FirewallRules: [UDP Query User{E5BE346C-4895-4C94-A26C-8AC57BEAD0B1}H:\program files\adobe\adobe flash cs6\flash.exe] => H:\program files\adobe\adobe flash cs6\flash.exe
FirewallRules: [TCP Query User{97EA571F-2170-41DF-AE2A-3A41C9B0A280}H:\python27\pythonw.exe] => H:\python27\pythonw.exe
FirewallRules: [UDP Query User{55F67684-D87E-4FDA-A784-B02F4836EDCD}H:\python27\pythonw.exe] => H:\python27\pythonw.exe
FirewallRules: [{71F2490A-F596-499C-9507-BF4CC534D38C}] => H:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{86BCA907-B5D7-4475-A3DF-78CA1F95D230}] => H:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{C2D3CF3A-7911-4721-AF21-631074D3EB9C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C78CE6B2-AE18-4C62-BCBC-336A4A62AB54}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0F39497-C253-4DD0-8E5D-7C3D7245C42B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C10F955-00F5-457D-B80E-97F9C85917EC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{069453F5-C6A9-49E6-A380-DBCBDA45E0AF}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{CB854EAC-3BFC-40C6-994A-BB98448108D1}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{095C7189-F9AD-44D6-BA93-2FA4505DD249}] => H:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{0D411350-35F4-457D-BF27-33102433796D}] => H:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [TCP Query User{F0609EB7-5E48-4D1A-8F9A-F93F8E395856}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3D77C1E9-7F3B-4D2E-9578-BC6607EC1715}C:\users\duranta\appdata\local\akamai\netsession_win.exe] => C:\users\duranta\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CA291E73-DAD7-41C4-AD98-76636BAFB48C}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [UDP Query User{ECCB1CEC-6B65-4B72-9538-5899F7EC4043}H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe] => H:\users\duranta\downloads\ygopro-1.033.4-percy-full\ygopro-1.033.4-percy\ygopro_vs.exe
FirewallRules: [TCP Query User{CEF78263-54CB-4AC8-9F61-16DC85881F4D}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8872D162-A623-462D-808A-19026EEA4355}H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe] => H:\users\duranta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5E1DCC6B-9489-43AE-8945-6CE02AC133A4}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3D21EE3B-A52B-4CEE-A84A-7EC5CC45E5B5}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F31E37DD-968E-4A44-85E7-32C26BC8F66C}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{17CCB679-B359-41FD-8030-FBB62EC1C82C}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5F26AC32-2D07-4FCC-B122-E1422601D721}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{27CE43D1-88B1-462C-BE86-5B6E6B6C2217}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{7EA9D334-6A4D-4ED3-8839-29AA492168C1}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{30996D83-787E-4C99-AD74-3E1818AEE945}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5D7BAD12-6694-4937-A96F-05977D4FCF54}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{21E87AD9-E3A1-440A-9265-A59FDF18F312}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{553E5FCA-F885-46CE-920D-AD595B65678E}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{101E8354-F7FC-494F-AE54-AD6EB698B681}] => H:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{2A01B7AA-32B1-4A3D-A7DE-2FCD08D9BC8C}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{3C479ABA-50F4-42DA-90DB-339CAEA91C1B}H:\program files\unity\editor\unity.exe] => H:\program files\unity\editor\unity.exe
FirewallRules: [{104D2721-1E1F-40E6-BD48-6AE15531D904}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{1573C055-BBCA-4986-B39A-E59B467C5C9D}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{25F866BC-962D-4FE8-BD6C-5EFEBDB633BD}] => H:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{25523F8E-D971-4043-A0CF-7E02C1B2EC0E}] => H:\Program Files (x86)\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{01FCB387-8EB0-4947-87CC-F0C0A9005F19}] => H:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{F8CDB9A5-E68F-4037-83F6-2593983270B8}] => H:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [TCP Query User{D531685B-9913-4161-99D5-F4A9413D14CC}H:\program files\unity\monodevelop\bin\monodevelop.exe] => H:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{350E9FD7-786F-4529-A705-AF3D8571DABF}H:\program files\unity\monodevelop\bin\monodevelop.exe] => H:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{E46759F7-7C8E-424A-BD87-17DE417DFDCE}] => H:\Program Files (x86)\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [{994B652C-2115-4416-8041-0E9AF87F6EAF}] => H:\Program Files (x86)\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [TCP Query User{ACB122E3-011E-42A0-8648-B33D4EF18557}H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe] => H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe
FirewallRules: [UDP Query User{A04FCFD7-4A1C-4106-9CE4-061CE75F0DA0}H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe] => H:\users\duranta\downloads\godot_v2.0.2_stable_win64.exe\godot_v2.0.2_stable_win64.exe
FirewallRules: [TCP Query User{06D94B6A-93AF-4EB6-BF77-05E89844BD83}H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe] => H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe
FirewallRules: [UDP Query User{69E03B0E-C877-4CE4-AC2C-EF3E2F2A16F3}H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe] => H:\users\duranta\appdata\roaming\gamemaker-studio\runner.exe
FirewallRules: [{56F26B19-FB9D-4F6F-BDAA-4A48A73C6FD6}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{80C39C54-6519-4920-A680-12466C1EE236}] => H:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [TCP Query User{87224811-B33A-48E9-B09E-31B55D81707B}H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe] => H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe
FirewallRules: [UDP Query User{AF9AC695-8947-4F97-8D19-CB0E4B1560F9}H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe] => H:\users\duranta\downloads\halite-0.4.0.4-x64\halite.exe
FirewallRules: [TCP Query User{9A5BC22A-1D94-4B79-93FE-080D96352BD3}H:\program files (x86)\battle.net\overwatch\overwatch.exe] => H:\program files (x86)\battle.net\overwatch\overwatch.exe
FirewallRules: [UDP Query User{32764D9F-4E45-4411-AC56-8D2D48F39762}H:\program files (x86)\battle.net\overwatch\overwatch.exe] => H:\program files (x86)\battle.net\overwatch\overwatch.exe
FirewallRules: [{DA39ED84-2024-4FDB-8B2C-863D63D06CCF}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{6644982D-4A62-419F-BACF-800DFCC7CB28}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{C0EE1AA7-6291-4497-A7D0-52FF7DEC30B6}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B60B3019-1184-49CA-9623-8ADECA657934}] => LPort=2869
FirewallRules: [{CA1AB140-1F21-404A-9CD2-2CDC8E84AEA3}] => LPort=1900
FirewallRules: [TCP Query User{DD3951F5-2159-42B1-8604-98463A879DC4}H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{EFA5F58A-5FCB-4A97-810F-5A7FF588FC11}H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{59C03880-8CA2-455E-AAEF-E4D0CF519D9A}H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{CA7C2FC5-AC30-440D-AEA4-DE8950144F4B}H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => H:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{5BC94CCB-0E3B-491F-BDA2-B8B75F2F82B9}H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe] => H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{B3103729-DBF5-4D88-8F22-226BED38F796}H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe] => H:\program files (x86)\epic games\4.12\engine\binaries\win64\ue4editor.exe
FirewallRules: [{88C7E1DB-3121-40CA-8A74-00D5F4B5942C}] => H:\Program Files (x86)\Steam\steamapps\common\Helen's Mysterious Castle\helen\start.exe
FirewallRules: [{361AFE77-9BB5-4B1E-BC2F-3F3FCC7852B0}] => H:\Program Files (x86)\Steam\steamapps\common\Helen's Mysterious Castle\helen\start.exe
FirewallRules: [{5387826C-D545-4DC5-AD2D-98BFA9ED28FD}] => H:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe
FirewallRules: [{27A6D6B0-C6C1-44B9-888A-15A3535FD569}] => H:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe
FirewallRules: [TCP Query User{AE9F3EB2-0C58-4A06-9646-35A3B0A15D95}H:\program files (x86)\arduino\java\bin\javaw.exe] => H:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{D3B7BA05-F4DA-4617-914F-FC64493CCF69}H:\program files (x86)\arduino\java\bin\javaw.exe] => H:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{50551B7E-2B3B-444A-9306-C3FE03DAEFE7}] => H:\Users\Duranta\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{EC886BE3-5D5B-46B9-8A67-1829CDB8F46C}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [TCP Query User{46927148-FB17-424B-B600-AB758D23F9D3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe] => C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe
FirewallRules: [UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe] => C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe
FirewallRules: [TCP Query User{E8760EF3-7E6C-47F2-A56E-84C5409F42A6}H:\games\stepmania 5\program\stepmania.exe] => H:\games\stepmania 5\program\stepmania.exe
FirewallRules: [UDP Query User{2FAD8C34-83A6-49F3-A7A7-6476698C9D59}H:\games\stepmania 5\program\stepmania.exe] => H:\games\stepmania 5\program\stepmania.exe
FirewallRules: [{10996719-D7E3-4710-A9D7-EB8B022F6B15}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{7B5AC723-D4E7-4A50-AEDE-1202DE3E1445}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{8E9736C5-615A-4B36-8367-A29B55A9298C}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{870228C5-9613-4883-A7AC-98AFEF2C0AC9}] => H:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{8720E9E0-FDF0-42C4-B8F0-2FBA948E4C03}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{D777A63B-C44A-4AC0-9295-0A073547B10F}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{62050D13-5299-4490-A1FC-E2D08A549513}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{4230C3B5-D8AC-4595-BC04-046EB657F9D7}] => H:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{B7F4D2C8-99D7-4362-B379-662D29785666}] => H:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D6467C55-911C-4C5A-BACC-EEAE81F6189D}] => H:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{C7148E4D-3A75-434A-AB6F-A7FE8CF191E0}H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{EF2DCEF6-DE53-4F64-A0EE-4D58033D75AB}H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => H:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{273B25E7-F292-4C29-918E-65C38A3B564E}C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe] => C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{B22F4F79-1F6C-4B4E-8C33-2629AED02DC4}C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe] => C:\users\duranta\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{345C10E7-BA32-4DF1-A8BA-5C6E4BA7FA4C}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{1409FF4E-FA91-45A8-822E-3924344CEE2B}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{3C43859D-20C1-41ED-AF0B-EAFD88C9A317}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{599D1C6F-642E-46FD-90BB-4CC28FB8F5C3}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{D1DC69D3-8174-4F6B-84F2-595C9B0BAF23}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{75FB2834-755D-4FB6-A5A1-692C1E7F0DDB}] => H:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{F55CE67E-3E63-4FFE-A797-F057F50ED654}] => H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{323F64FA-ACDE-4A9F-BC58-5D7C61829715}] => H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{75DE6C70-580F-4450-ACC9-17C951F24480}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C47F78C-1CFD-4FBB-92DD-5003873FA188}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{E4E48063-75C7-4D81-8D4C-91A772B9AD1F}] => H:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe

==================== Restore Points =========================

30-12-2016 11:22:34 Windows Update
31-12-2016 21:21:33 Installed Proclaim
03-01-2017 12:11:37 Windows Update
04-01-2017 12:58:32 Installed Microsoft Server Speech Text to Speech Voice (en-US, Helen)
04-01-2017 12:59:04 Installed Microsoft Server Speech Text to Speech Voice (en-CA, Heather)
04-01-2017 12:59:17 Installed Microsoft Server Speech Text to Speech Voice (es-ES, Helena)
04-01-2017 12:59:25 Installed Microsoft Server Speech Text to Speech Voice (es-MX, Hilda)
04-01-2017 12:59:33 Installed Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro)
04-01-2017 13:03:40 Installed Microsoft Server Speech Platform Runtime (x64)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2017 12:12:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/10/2017 06:30:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Error: (01/10/2017 06:26:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Duranta\AppData\Local\Temp\~nsu.tmp\Au_.exe _?=C:\Program Files (x86)\UltraUXThemePatcher\; Description = Uninstalled UltraUXThemePatcher 2.4; Error = 0x8007043c).

Error: (01/10/2017 06:19:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Duranta\AppData\Local\Temp\{B16E2132-399C-4606-BB19-63779E09274E}\setup.exe -runfromtemp -l0x0411 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{3A79837F-AC28-432D-94F6-F51BCD50F597}\" -tempdisk1folder:"C:\Users\Duranta\AppData\Local\Temp\{B16E2132-399C-4606-BB19-63779E09274E}\"; Description = 削除済み CosmicBreak2; Error = 0x8007043c).

Error: (01/10/2017 06:19:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/06/2017 07:45:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/05/2017 06:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/05/2017 10:29:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/05/2017 01:21:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cosmic(2).exe version 1.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e08

Start Time: 01d267313cdf57c4

Termination Time: 47

Application Path: H:\CyberStep\CosmicBreak_eng\programs\cosmic(2).exe

Report Id: 4cb92252-d328-11e6-b970-00acd8b67a8d

Error: (01/04/2017 06:08:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cosmic(2).exe version 1.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17b0

Start Time: 01d266f6897f210a

Termination Time: 31

Application Path: H:\CyberStep\CosmicBreak_eng\programs\cosmic(2).exe

Report Id: c9bf0d80-d2eb-11e6-b970-00acd8b67a8d


System errors:
=============
Error: (01/11/2017 12:22:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 116.72.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.12706.0&sig=116.72.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 2.1.12706.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (01/11/2017 12:22:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.233.4010.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.4010.0&asdelta=1.233.4010.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.13303.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (01/11/2017 12:22:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.233.4010.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.4010.0&asdelta=1.233.4010.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.13303.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (01/11/2017 12:22:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.233.4010.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.13303.0

    Error code: 0x8024402c

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (01/11/2017 12:12:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Display Driver Service service to connect.

Error: (01/11/2017 12:11:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (01/10/2017 06:30:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server:
{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

Error: (01/10/2017 06:28:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/10/2017 06:28:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: Network Inspection System

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 0.0.0.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved

Error: (01/10/2017 06:28:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.233.4010.0

    Update Source: Microsoft Malware Protection Center

    Update Stage: Search

    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13303.0&avdelta=1.233.4010.0&asdelta=1.233.4010.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature Type: AntiSpyware

    Update Type: Full

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version:

    Previous Engine Version: 1.1.13303.0

    Error code: 0x80072ee7

    Error description: The server name or address could not be resolved


CodeIntegrity:
===================================
Date: 2016-03-02 03:38:04.105
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 03:38:04.071
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 03:38:04.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 03:38:04.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 03:38:03.972
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 03:38:03.938
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 03:38:03.905
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 03:38:03.871
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-01 20:01:20.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-01 20:01:20.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 15797.36 MB
Available physical RAM: 12497.16 MB
Total Virtual: 15795.55 MB
Available Virtual: 12596.36 MB

==================== Drives ================================

Drive c: (BLAZE) (Fixed) (Total:223.35 GB) (Free:126.31 GB) NTFS
Drive f: (THE 1ST COMING) (Fixed) (Total:931.51 GB) (Free:391.26 GB) NTFS
Drive h: (THE_NEW) (Fixed) (Total:2794.39 GB) (Free:1171.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 57308FE2)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 0CD10CD1)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4B1ABF4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 


Edited by TKLF2, 11 January 2017 - 03:33 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 14 January 2017 - 10:19 PM

Greetings TKLF2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Did you restrict Group Policies?
 

GroupPolicy: Restriction


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-09-15 21:14 - 2016-09-15 21:14 - 0000016 _____ () C:\ProgramData\mntemp
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Duranta\AppData\Local\Temp:Dz8URKblVxTjuL3T7BQCcw7 [2280]
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

System Summary Information

--------------------

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog.txt
  • System Summary Information
  • Update on current symptoms

Edited by Oh My!, 14 January 2017 - 10:36 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 TKLF2

TKLF2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 14 January 2017 - 10:34 PM

Heya Gary,

Not too sure on what GroupPolicy is, and how to un?restrict it.

 

Quick google revealed it's something to do with mmc (and/or the registry), but I'm lost from there on.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 14 January 2017 - 10:37 PM

I just modified the script to deal with it. Redo the copy/paste into Notepad if you already did that then complete the steps.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 14 January 2017 - 11:01 PM

I am ending for the evening but will check your reply first thing in the morning.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 TKLF2

TKLF2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 14 January 2017 - 11:18 PM

Alrighty, here goes.

Things out of the ordinary when I rebooted:

Much longer than normal boot and login time, my wallpaper to flicker purple for a bit, back to normal, and then

"updaterstartuputility.exe - Application Error

The application was unable to start correctly (0xc0000005). Click OK to close the application."

edit: for the record updaterstartuputility.exe, mbamtray.exe, DropboxUpdate.exe, GoogleUpdateCore.exe, flux.exe, NetworkManager.exe, Dropbox.exe, unicodeinput.exe - running most other .exe applications seem to do the same.

My browsers (chrome, firefox) won't open at all, tried reinstalling and running the reinstaller gave the same message as above.

 

For now, I can open browsers through safemode, but booting up normally gives me the 0xc0000005 error (or it crashes silently in the background).

 

I'll edit the post to attach the Summary since I'm trying to figure out a way to get the file off the computer.

EDIT: attached.

 

fixlog.txt ===

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Duranta (14-01-2017 19:40:13) Run:1
Running from H:\Users\Duranta\Downloads
Loaded Profiles: Duranta (Available Profiles: Aaron & Duranta)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-09-15 21:14 - 2016-09-15 21:14 - 0000016 _____ () C:\ProgramData\mntemp
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Duranta\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Duranta\AppData\Local\Temp:Dz8URKblVxTjuL3T7BQCcw7 [2280]
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
C:\ProgramData\mntemp => moved successfully
HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-257327388-1608073867-2457305106-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\Users\Duranta\AppData\Local\Temp => ":Dz8URKblVxTjuL3T7BQCcw7" ADS removed successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:40:24 ====

Attached Files


Edited by TKLF2, 15 January 2017 - 12:15 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 15 January 2017 - 02:52 PM

Thank you for the information.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Malwarebytes

  • Reboot and test your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 TKLF2

TKLF2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 15 January 2017 - 07:50 PM

I uninstalled Malwarebytes and the same error (0xc0000005) is still popping up, and I can't run a lot of programs.

 

EDIT: When I bring up the Advanced Bot Options menu (safe mode menu?), there's now an option for "Repair Your Computer" at the top.


Edited by TKLF2, 15 January 2017 - 08:14 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 16 January 2017 - 10:10 AM

Thank you for the information. Because of the number of errors related to Malwarebytes in your System Summary report I wanted to uninstall it anyway whether or not it is the cause of your issues.

Please boot into Safe Mode with Networking and test your computer, surfing the net again, launching programs, and other errors.

Please do this.

===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 TKLF2

TKLF2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 16 January 2017 - 01:22 PM

Hey Gary, most applications in Safe Mode seem to be running of the ones I've checked, save for a few games (which is normal)

 

 

 

RK.txt ===

 

 

 

RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Duranta [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/16/2017 10:00:19 (Duration : 00:13:56)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} (H:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavShx64.dll) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock | (default) : {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} (H:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavShx64.dll)  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.18 64.59.144.19 64.59.144.93 ([-][Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.59.144.18 64.59.144.19 64.59.144.93 ([-][Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B51737F8-7650-4BED-9880-A5AD9B741DEB} | DhcpNameServer : 64.59.144.18 64.59.144.19 64.59.144.93 ([-][Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B51737F8-7650-4BED-9880-A5AD9B741DEB} | DhcpNameServer : 64.59.144.18 64.59.144.19 64.59.144.93 ([-][Canada][Canada])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {50551B7E-2B3B-444A-9306-C3FE03DAEFE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=H:\Users\Duranta\AppData\Roaming\Nox\bin\Nox.exe|Name=Nox.exe|Desc=| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{46927148-FB17-424B-B600-AB758D23F9D3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {50551B7E-2B3B-444A-9306-C3FE03DAEFE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=H:\Users\Duranta\AppData\Roaming\Nox\bin\Nox.exe|Name=Nox.exe|Desc=| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{46927148-FB17-424B-B600-AB758D23F9D3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-257327388-1608073867-2457305106-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Duranta\AppData\Local\PackageAware -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] 5dpzb8lw.default : user_pref("browser.search.defaultenginename", "DuckDuckGo"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Patriot Blaze ATA Device +++++
--- User ---
[MBR] fabca99f352d7c9a91862869eb04a9c2
[BSP] fad3b5a12d9bc7bee7db47767d3b0f7f : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 228707 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD30EFRX-68EUZN0 ATA Device +++++
--- User ---
[MBR] e1b74f0304dc41dc6befba126fb1e6f1
[BSP] 716fb54ec595d2fd055f0b7f15f1e6b6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: ST31000524AS ATA Device +++++
--- User ---
[MBR] 65da96d0b04ce4ceaf69bbb94091173c
[BSP] 0b819c0c8c8745be75822cf90ccc8b76 : Linux|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 16 January 2017 - 04:47 PM

Thank you for the information. Are you aware of these programs on your computer?

Bignox
Baidu
Pokemon Go


Please do this.

===================================================

Troubleshooting in Clean Boot Environment

--------------------
  • While in a Clean Boot Environment place a check mark in half of the unchecked items and reboot your computer
  • If your symptoms reappear, uncheck an item, reboot your computer and see if your symptoms disappear. Repeat the process as necessary
  • If your symptoms do not appear, check an additional item, reboot your computer and see if your symptoms reappear. Repeat the process as necessary
  • Note: It is possible the unchecking and rechecking of items resolves the underlying issue without a particular item being identified as the culprit
  • List the program(s) causing your difficulties in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize programs?
  • Results of Clean Boot troubleshooting

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 TKLF2

TKLF2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 16 January 2017 - 05:39 PM

Bignox and Pokemon GO map are/were programs I installed back during the whole craze of it, not needed now, can be removed, Nox being an Android environment emulator, and the latter being a tool someone made based on the game's API, if i recall correctly.

Baidu was an antivirus program a friend installed (don't particularly think I need it, could also be removed).

During Clean Boot, Baidu re-checkmarks itself in msconfig after I hit apply.

igfxEM.exe (I think was the name) also crashed when I logged in.

With everything disabled (except Baidu since it persists), I still get the 0xc0000005 error.

 

Also of note is that Baidu also starts up when I'm in Safe Mode.

Services:

Baidu Antivirus Service

Baidu BdSandbox Virtual Service

Baidu Hips Service

Startup:

Baidu Antivirus

 

Not sure if I should continue on re-enabling stuff in Clean Boot when disabling everything still gives me errors.

 

On the upside, the login time is a lot faster now.


Edited by TKLF2, 16 January 2017 - 05:41 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:54 AM

Posted 16 January 2017 - 08:28 PM

Thank you.

Please do this while still in the Clean Boot state.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click Scan
  • When the Status box shows Scan Finished place a check mark in the following and select Delete

[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} (H:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavShx64.dll) -> Found

[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock | (default) : {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} (H:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavShx64.dll) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {50551B7E-2B3B-444A-9306-C3FE03DAEFE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=H:\Users\Duranta\AppData\Roaming\Nox\bin\Nox.exe|Name=Nox.exe|Desc=| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{46927148-FB17-424B-B600-AB758D23F9D3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {50551B7E-2B3B-444A-9306-C3FE03DAEFE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=H:\Users\Duranta\AppData\Roaming\Nox\bin\Nox.exe|Name=Nox.exe|Desc=| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{46927148-FB17-424B-B600-AB758D23F9D3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe|Name=Electron|Desc=Electron|Defer=User| [x] -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Baidu
H:\Program Files (x86)\Baidu Security
H:\Users\Duranta\AppData\Roaming\Nox
C:\users\duranta\appdata\local\pokemon
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
C:\Windows\System32\DRIVERS\XQHDrv.sys
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys
C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys
FirewallRules: [{50551B7E-2B3B-444A-9306-C3FE03DAEFE7}] => H:\Users\Duranta\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{EC886BE3-5D5B-46B9-8A67-1829CDB8F46C}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [TCP Query User{46927148-FB17-424B-B600-AB758D23F9D3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe] => C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe
FirewallRules: [UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe] => C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users