Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Am Infected With a Particularly Difficult Adware That I Cannot Remove


  • This topic is locked This topic is locked
10 replies to this topic

#1 Aggort

Aggort

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 11 March 2017 - 08:53 PM

Hello Bleeping Computer,

Over the past several days I have been trying to remove a piece of adware that continues to plague me by every so often generating a popup in Chrome. I have used several tools, in and out of safe mode, cleared temporary files, and reset Chrome as well as check it's shortcuts for anything nefarious and yet I am still infected. I come to you defeated and would appreciate assistance.

There doesn't seem to be any other effect on my system besides the random popups and as far as I can tell, they are completely random. Just on occasion a new tab will open to a URL similar to this http://vnovostyah.net/hewolsm and then redirect to this URL: b2.ijquery11.com and finally my adblocker will grab it and say it blocked this page from loading: http://wonderlandads.com/afu.php?zoneid=184394 

As I said, it seems to be completely random. I have been away from my machine and had this occur. I've used Windows Defender, Malwarebytes, mbar, ADWCleaner, HitmanPro, ZAM, RogueKiller, JRT, Sophos Virus Removal Tool, and TFC and the problem persists.

I am encountering a problem in which DDS is hanging when generating "attach.txt" So it would seem I am unable to provide any logs from it.

In following the Preparation Guide I have provided the FRST and Addition logs. I used rkill before using these tools. Hope I've been detailed enough, if you need anything else, please don't hesitate to ask. I've got a few days away from work so I'll be paying attention to tackle this problem! Thanks!
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Randy (administrator) on HOME (11-03-2017 20:11:55)
Running from C:\Users\Randy\Desktop\Tools
Loaded Profiles: Randy (Available Profiles: Randy & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(The Within Network, LLC) C:\Windows\unsignedthemes.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Everything\Everything.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\dexpot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\Dexpot64.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
(Flux Software LLC) C:\Users\Randy\AppData\Local\FluxSoftware\Flux\flux.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Swearware) C:\Users\Randy\Desktop\Tools\dds.com
(Microsoft Corporation) C:\Windows\System32\wscript.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-22] (Razer Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-03-10] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [Steam] => "F:\Valve\steam.exe" -silent
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [$Volumouse$] => C:\Users\Randy\Apps\Volmouse\volumouse.exe [88576 2015-08-17] (NirSoft)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [Dexpot] => C:\Program Files (x86)\Dexpot\dexpot.exe [1845296 2014-09-04] (Dexpot GbR)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [f.lux] => C:\Users\Randy\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [AudioSwitcher] => C:\Users\Randy\Apps\Audio Switcher\AudioSwitcher.exe [458240 2016-05-15] (Forty One Ltd.)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [ClipCube] => C:\Users\Randy\Apps\ClibCube\ClipCube.exe [1369600 2013-01-29] ()
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [Google Update] => C:\Users\Randy\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [Wox] => C:\Users\Randy\Apps\Wox\Wox.exe [229376 2015-12-13] (Wox-launcher)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [8654456 2017-03-10] (Sand Studio)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\RunOnce: [Uninstall C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-09-07]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-03-02]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{95800507-c28b-46b1-8fe9-6442f5483dca}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{df02ade6-9882-4f8a-a5a4-c7ee76a811e8}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-26] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-26] (Oracle Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\Y63Qq1kv.default [2016-02-02]
FF Extension: (Avira Browser Safety) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\Y63Qq1kv.default\Extensions\abs@avira.com.xpi [2016-02-02]
FF ProfilePath: C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default [2017-02-21]
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\a51hngqt.default -> Google
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\a51hngqt.default -> Google
FF Homepage: Moonchild Productions\Pale Moon\Profiles\a51hngqt.default -> file:///C:/Users/Randy/System/Site/Home.html
FF Extension: (Dark Moon) - C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default\Extensions\darkmoon@lootyhoof-pm.xpi [2016-04-13] [not signed]
FF Extension: (Stylish) - C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-01-30]
FF Extension: (Australium) - C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default\Extensions\{6a2ffbbc-4f20-42f0-b98e-98e62085837f}.xpi [2016-05-31] [not signed]
FF Extension: (PMChrome) - C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default\Extensions\{87a59598-d2b6-45ba-b98e-98e62085837f}.xpi [2016-04-13] [not signed]
FF Extension: (OPML Support) - C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default\Extensions\{9458ca25-39fd-4ba8-9520-acc5c0d877b6}.xpi [2017-02-20]
FF ProfilePath: C:\Users\Randy\AppData\Roaming\KompoZer\Profiles\dfhrtp5h.default [2016-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-09-16] [not signed]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-26] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-20] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1413348635-3526239420-3300952408-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1413348635-3526239420-3300952408-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Dewey Bookmarks) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahpfefkmihhdabllidnlipghcjgpkdm [2016-03-14]
CHR Extension: (NooBoss - Extensions Manager, Update Notifier) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aajodjghehmlpahhboidcpfjcncmcklf [2017-03-07]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-03-07]
CHR Extension: (WorldBrain - The (Re)search-Engine) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfbakhjpmblaafnpgjppbmioombali [2017-01-31]
CHR Extension: (SHINE for reddit) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoiihnnfofnpbnofdcgcapbjlcopifa [2016-09-18]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2017-03-10]
CHR Extension: (Write Space) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2015-08-09]
CHR Extension: (BetterTTV) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-07]
CHR Extension: (Google Docs) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08]
CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-06]
CHR Extension: (miniGestures) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apnjnepphihnjahpbfjiebcnpgmjnhfp [2015-09-13]
CHR Extension: (MEGA) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-10]
CHR Extension: (Auto Copy) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg [2015-12-06]
CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Enhanced History) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpnkmdkoapbdhpmemnaikpbhajknmdb [2017-02-12]
CHR Extension: (Share Extensions) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2016-04-21]
CHR Extension: (OneTab) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
CHR Extension: (uBlock Origin) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-10]
CHR Extension: (QueueTube for YouTube!) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgmibjndnhopdjednaoapagmpchagmg [2016-09-18]
CHR Extension: (Google Search) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Good News) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deegloljmdbfbjhlimieancmcfombgjj [2015-08-09]
CHR Extension: (Smart Tab Mute) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfbgicfhchdpogmafjifjgbcjdaikgn [2016-07-14]
CHR Extension: (Papaly Bookmark Manager) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebaemiclbgheekdodbcengpahonmfnla [2016-06-25]
CHR Extension: (Session Buddy) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-12-05]
CHR Extension: (Black Menu for Google™) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2017-03-10]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2016-10-09]
CHR Extension: (Save Image to Downloads) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjefpkmlibebgbbgidmhpmjhcdffhfm [2016-09-15]
CHR Extension: (FrankerFaceZ) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2015-10-05]
CHR Extension: (Google Play Music) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-03-10]
CHR Extension: (EditThisCookie) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-01-28]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-08]
CHR Extension: (HTTPS Everywhere) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-03-10]
CHR Extension: (Don't track me Google) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbofhhdmcladcmmfjolgndfkpobecpg [2016-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (The Camelizer) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2017-03-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-03-01]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-06-19]
CHR Extension: (Google Play Music) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-03-07]
CHR Extension: (Imagus) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-02-20]
CHR Extension: (ReChat for Twitch™) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-03-14]
CHR Extension: (Video Blocker) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2016-12-29]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-20]
CHR Extension: (Better Youtube Subscriptions) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgicdngjllamjgijagdkoalhkpplipnd [2017-03-01]
CHR Extension: (Google Hangouts) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-14]
CHR Extension: (Play Midnight for Google Play Music™) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmjmhjkcgfmfdhgplikncgndbdeckci [2017-02-20]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-08-22]
CHR Extension: (Humble New Tab Page) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-12-05]
CHR Extension: (Save to Pocket) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-03-10]
CHR Extension: (Save Image As PNG) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkokmeaibnajheohncaamjggkanfbphi [2016-09-15]
CHR Extension: (Twitch Now) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2016-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Prime Player for Google Play Music™) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\npngaakpdgeaajbnidkkginekmnaejbi [2017-01-14]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2017-02-20]
CHR Extension: (No Smooth Scrolling) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikddacoldignalphkgeppnpalkmkgbo [2015-08-09]
CHR Extension: (Enhanced Steam) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-02-06]
CHR Extension: (Mercury Reader) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2017-03-01]
CHR Extension: (Always Show HTML5 Video Controls) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\olapbecfjokjlmkkdldjfmdolkkadebm [2017-01-09]
CHR Extension: (Skrifa) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfdkhjakblfafmapniifbpkjblgolipd [2017-02-06]
CHR Extension: (Minimalist Markdown Editor) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pghodfjepegmciihfhdipmimghiakcjf [2017-01-05]
CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-14]
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-30]
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-11]
CHR Extension: (I'm a Gentleman) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afjaicccalbbickikgdegaihmajaidpd [2016-01-17]
CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (uBlock Origin) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-11]
CHR Extension: (Image Downloader) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2017-01-30]
CHR Extension: (Google Search) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Session Buddy) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-12-06]
CHR Extension: (One-click Downloader) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efjodfcplkcccafghgnbnpgedgakohog [2017-01-30]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-10-30]
CHR Extension: (Imagus) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-02-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (uBlock Origin Extra) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2017-03-11]
CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-14]
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-02]
CHR Extension: (Google Slides) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-06]
CHR Extension: (Google Docs) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-06]
CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-06]
CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-06]
CHR Extension: (uBlock Origin) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-01-06]
CHR Extension: (Google Sheets) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-06]
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [243984 2016-03-27] (EasyAntiCheat Ltd)
S2 Everything; C:\Users\Randy\Apps\Wox\Plugins\Wox.Plugin.Everything\PortableEverything\Everything.exe [1048576 2015-11-03] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-08] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-08] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-08] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-20] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
R2 UnsignedThemes; C:\WINDOWS\unsignedthemes.exe [22184 2015-03-01] (The Within Network, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
S3 Origin Client Service; "F:\Origin\OriginClientService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Andbus; C:\WINDOWS\System32\drivers\lgandbus64.sys [19456 2013-02-21] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\drivers\lganddiag64.sys [27648 2013-02-21] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\drivers\lgandgps64.sys [27136 2013-02-21] (LG Electronics Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
S3 EtronSTOR; C:\WINDOWS\System32\Drivers\EtronSTOR.sys [39296 2013-08-05] (Etron Technology Inc)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-08] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 1999-12-31] (Realtek                                            )
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [33448 2013-11-15] (Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [39080 2013-11-15] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [21160 2013-11-15] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [27816 2014-01-10] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [32936 2013-11-15] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [34984 2013-11-15] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [39080 2013-11-15] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [136312 2016-06-27] (Razer, Inc.)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [30888 2013-11-15] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [30888 2013-11-15] (Razer Inc)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 secubus; C:\WINDOWS\System32\drivers\secubus.sys [118784 2010-04-26] (MCCI Corporation)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2010-04-26] (MobileTop)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [29936 1999-12-31] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 1999-12-31] (Synaptics Incorporated)
S3 ssaebus; C:\WINDOWS\System32\drivers\ssaebus.sys [136264 2010-04-26] (MCCI Corporation)
S3 ssaeunic; C:\WINDOWS\System32\drivers\ssaeunic.sys [178760 2010-04-26] (MCCI Corporation)
S3 ssbcbus; C:\WINDOWS\System32\drivers\ssbcbus.sys [108032 2010-04-26] (MCCI)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [141384 2010-04-26] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [129024 2010-04-26] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [91208 2010-06-23] (MCCI)
S3 ssecbus; C:\WINDOWS\System32\drivers\ssecbus.sys [113664 2010-04-26] (MCCI Corporation)
S3 ssecmgmt; C:\WINDOWS\System32\drivers\ssecmgmt.sys [132096 2010-04-26] (MCCI Corporation)
S3 ssecobex; C:\WINDOWS\System32\drivers\ssecobex.sys [127488 2010-04-26] (MCCI Corporation)
S3 ssecunic; C:\WINDOWS\System32\drivers\ssecunic.sys [145408 2010-04-26] (MCCI Corporation)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2010-04-26] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2010-04-26] (MCCI Corporation)
S3 sssdbus; C:\WINDOWS\System32\drivers\sssdbus.sys [129352 2010-04-26] (MCCI Corporation)
S3 sssdmgmt; C:\WINDOWS\System32\drivers\sssdmgmt.sys [142664 2010-04-26] (MCCI Corporation)
S3 sssdobex; C:\WINDOWS\System32\drivers\sssdobex.sys [138056 2010-04-26] (MCCI Corporation)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SSUSBDownload; C:\WINDOWS\System32\drivers\SSUSBDownload.sys [23040 2010-04-26] (SAMSUNG Electronics Co.,Ltd.)
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2010-04-26] (MCCI Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-08] ()
S3 usbbus; C:\WINDOWS\System32\drivers\lgx64bus.sys [17920 2014-11-17] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\drivers\lgx64diag.sys [28160 2014-11-21] (LG Electronics Inc.)
S3 UsbGps; C:\WINDOWS\System32\drivers\lgx64gps.sys [27136 2014-11-17] (LG Electronics Inc.)
S3 UsbserFilt; C:\WINDOWS\System32\drivers\usbser_lowerfltsax64j.sys [9216 2010-04-26] (Nokia)
R2 uxstyle; C:\WINDOWS\system32\Drivers\elytsxu.sys [32424 2015-03-01] (The Within Network, LLC)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [115208 2015-06-21] (Oracle Corporation)
S3 VIA_USB_ETS; C:\WINDOWS\System32\drivers\VIA_USB_ETS.sys [21760 2010-04-26] (Via Telecom, Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 vzandnetbus; C:\WINDOWS\System32\drivers\lgvzandnetbus64.sys [27648 2014-12-12] (LG Electronics Inc.)
S3 vzandnetdiag; C:\WINDOWS\System32\drivers\lgvzandnetdiag64.sys [30208 2014-12-12] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\WINDOWS\System32\drivers\lgvzandnetdiag264.sys [29696 2014-10-23] (LG Electronics Inc.)
S3 vzandnetgps; C:\WINDOWS\System32\drivers\lgvzandnetgps64.sys [29184 2014-10-01] (LG Electronics Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-07] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-11 07:56 - 2017-03-11 07:58 - 00069547 _____ C:\Users\Randy\Downloads\FRST.txt
2017-03-11 07:55 - 2017-03-11 20:11 - 00000000 ____D C:\FRST
2017-03-11 07:55 - 2017-03-11 07:55 - 00000000 ____D C:\Users\Randy\Downloads\FRST-OlderVersion
2017-03-11 00:34 - 2017-03-11 00:34 - 00465536 _____ (Bleeping Computer, LLC) C:\Users\Randy\Downloads\sc-cleaner.exe
2017-03-11 00:31 - 2017-03-11 00:31 - 00688992 ____R (Swearware) C:\Users\Randy\Downloads\dds (1).com
2017-03-11 00:30 - 2017-03-11 00:30 - 00688992 _____ (Swearware) C:\Users\Randy\Downloads\dds.com
2017-03-11 00:28 - 2017-03-11 07:55 - 00002525 _____ C:\Users\Randy\Downloads\FSS.txt
2017-03-10 22:03 - 2017-03-10 22:03 - 00000000 ____D C:\ProgramData\SquirrelMachineInstalls
2017-03-10 22:02 - 2017-03-10 22:02 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\Randy\Downloads\DiscordSetup.exe
2017-03-10 21:26 - 2017-03-10 21:26 - 00000000 ____D C:\Users\Randy\AppData\Local\DiscJam
2017-03-10 19:21 - 2017-03-10 19:21 - 02095421 _____ C:\Users\Randy\Downloads\rGLwBomJ0PLV-VRPU_2jF6rNbxatxvpN7wSDJCxyHKs.mp4
2017-03-10 18:57 - 2017-03-10 18:57 - 00001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-10 18:57 - 2017-03-10 18:57 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-10 18:56 - 2017-03-10 19:04 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-10 18:54 - 2017-03-10 18:55 - 11581544 _____ (SurfRight B.V.) C:\Users\Randy\Downloads\hitmanpro_x64.exe
2017-03-10 18:28 - 2017-03-10 18:28 - 00000000 ____D C:\Users\Randy\Downloads\Stardock
2017-03-10 18:28 - 2017-03-10 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-03-08 17:15 - 2017-03-09 16:48 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-08 17:12 - 2017-03-08 17:12 - 00847272 _____ C:\Users\Randy\Downloads\bookmarks_3_8_17.html
2017-03-08 17:11 - 2017-03-08 17:11 - 01341812 _____ C:\Users\Randy\Downloads\RES-2017-3-8-1489011118-5_4_3.resbackup
2017-03-08 17:11 - 2017-03-08 17:11 - 01341812 _____ C:\Users\Randy\Downloads\RES-2017-3-8-1489011117-5_4_3.resbackup
2017-03-08 16:55 - 2017-03-11 20:11 - 00000000 ___RD C:\Users\Randy\Desktop\Tools
2017-03-07 20:54 - 2017-03-07 20:54 - 00000000 ____D C:\ProgramData\Sophos
2017-03-07 20:42 - 2017-03-08 23:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-07 19:51 - 2017-03-08 23:30 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-07 19:47 - 2017-03-07 23:03 - 00003634 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-03-07 19:45 - 2017-03-07 19:45 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-07 19:44 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-03-07 19:44 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-03-07 19:44 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-07 19:44 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-03-07 19:44 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-03-07 19:44 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-03-07 19:44 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-03-07 19:44 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-03-07 19:44 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-03-07 19:44 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-03-07 19:44 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-03-07 19:44 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-03-07 19:44 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-03-07 19:44 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-03-07 19:44 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-03-07 19:44 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-03-07 19:44 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-03-07 19:44 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-03-07 19:44 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-03-07 19:44 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-03-07 19:44 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-03-07 19:44 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-03-07 19:44 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-07 19:44 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-03-07 19:44 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-03-07 19:44 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-03-07 19:44 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-03-07 19:44 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-03-07 19:44 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-03-07 19:44 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-03-07 19:44 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-03-07 19:44 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-03-07 19:44 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-03-07 19:44 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-07 19:44 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-03-07 19:44 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-07 19:44 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-03-07 19:44 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-03-07 19:44 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-03-07 19:44 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-07 19:44 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-07 19:44 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-03-07 19:44 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-07 19:44 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-03-07 19:44 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-07 19:44 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-07 19:44 - 2016-12-13 23:44 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-03-07 19:44 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-03-07 19:44 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-03-07 19:44 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-03-07 19:44 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-07 19:44 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-07 19:44 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-07 19:44 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-03-07 19:44 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-03-07 19:44 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-03-07 19:44 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-03-07 19:44 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-03-07 19:44 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-03-07 19:44 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-03-07 19:44 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-03-07 19:44 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-03-07 19:44 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-03-07 19:44 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-03-07 19:44 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-07 19:44 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-03-07 19:44 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-03-07 19:44 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-07 19:44 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-07 19:44 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-07 19:44 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-03-07 19:44 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-07 19:44 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-07 19:44 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-03-07 19:44 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-03-07 19:44 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-03-07 19:44 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-03-07 19:44 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-03-07 19:44 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-03-07 19:44 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-03-07 19:44 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-03-07 19:44 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-03-07 19:44 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-03-07 19:44 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-03-07 19:44 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-03-07 19:44 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-03-07 19:44 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-03-07 19:44 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-03-07 19:44 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-03-07 19:44 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-03-07 19:44 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-03-07 19:44 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-03-07 19:44 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-03-07 19:44 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-03-07 19:44 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-03-07 19:44 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-03-07 19:44 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-03-07 19:44 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-03-07 19:44 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-07 19:44 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-07 19:44 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-03-07 19:44 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-03-07 19:44 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-03-07 19:44 - 2016-11-11 05:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2017-03-07 19:44 - 2016-11-11 05:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-07 19:44 - 2016-11-11 05:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-07 19:44 - 2016-11-11 05:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-03-07 19:44 - 2016-11-11 05:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-07 19:44 - 2016-11-11 05:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2017-03-07 19:44 - 2016-11-11 05:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-07 19:44 - 2016-11-11 05:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-07 19:44 - 2016-11-11 05:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-07 19:44 - 2016-11-11 05:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-03-07 19:44 - 2016-11-11 04:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-07 19:44 - 2016-11-11 04:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-03-07 19:44 - 2016-11-11 04:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-07 19:44 - 2016-11-11 04:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-03-07 19:44 - 2016-11-11 04:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2017-03-07 19:44 - 2016-11-11 04:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-03-07 19:44 - 2016-11-11 04:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-03-07 19:44 - 2016-11-11 04:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-03-07 19:44 - 2016-11-11 04:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-03-07 19:44 - 2016-11-11 04:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-07 19:44 - 2016-11-11 04:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2017-03-07 19:44 - 2016-11-11 04:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-03-07 19:44 - 2016-11-11 04:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-03-07 19:44 - 2016-11-11 04:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2017-03-07 19:44 - 2016-11-11 04:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-03-07 19:44 - 2016-11-11 04:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-03-07 19:44 - 2016-11-11 04:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-03-07 19:44 - 2016-11-11 04:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-07 19:44 - 2016-11-11 04:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-03-07 19:44 - 2016-11-11 04:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-03-07 19:44 - 2016-11-11 04:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-03-07 19:44 - 2016-11-11 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-03-07 19:44 - 2016-11-11 04:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-03-07 19:44 - 2016-11-11 04:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-03-07 19:44 - 2016-11-11 04:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-03-07 19:44 - 2016-11-11 04:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-03-07 19:44 - 2016-11-11 04:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-03-07 19:44 - 2016-11-11 04:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-03-07 19:44 - 2016-11-11 04:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2017-03-07 19:44 - 2016-11-11 04:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-07 19:44 - 2016-11-11 04:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-03-07 19:44 - 2016-11-11 04:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2017-03-07 19:44 - 2016-11-11 04:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-03-07 19:44 - 2016-11-11 04:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-03-07 19:44 - 2016-11-11 04:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-03-07 19:44 - 2016-11-11 04:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-03-07 19:44 - 2016-11-11 04:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-07 19:44 - 2016-11-11 04:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-07 19:44 - 2016-11-11 04:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-03-07 19:44 - 2016-11-11 04:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-03-07 19:44 - 2016-11-11 04:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-03-07 19:44 - 2016-11-11 04:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-07 19:44 - 2016-11-11 04:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-03-07 19:44 - 2016-11-11 04:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2017-03-07 19:44 - 2016-11-11 03:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-07 19:44 - 2016-11-11 03:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-03-07 19:44 - 2016-11-11 02:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-07 19:44 - 2016-11-11 02:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-03-07 19:44 - 2016-11-11 02:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-03-07 19:44 - 2016-11-11 02:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-07 19:44 - 2016-11-11 02:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-03-07 19:44 - 2016-11-11 02:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-03-07 19:44 - 2016-11-11 02:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-03-07 19:44 - 2016-11-11 02:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-03-07 19:44 - 2016-11-11 02:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-03-07 19:44 - 2016-11-11 02:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-03-07 19:44 - 2016-11-11 02:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-03-07 19:44 - 2016-11-11 02:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-03-07 19:44 - 2016-11-11 02:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-03-07 19:44 - 2016-11-11 02:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-07 19:44 - 2016-11-11 02:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2017-03-07 19:44 - 2016-11-11 02:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-07 19:44 - 2016-11-11 02:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-03-07 19:44 - 2016-11-11 02:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-03-07 19:44 - 2016-11-11 02:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-03-07 19:44 - 2016-11-11 02:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-07 19:44 - 2016-11-11 02:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-03-07 19:44 - 2016-11-11 02:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-07 19:44 - 2016-11-11 02:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-07 19:44 - 2016-11-11 02:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-07 19:44 - 2016-11-11 02:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-03-07 19:44 - 2016-11-11 02:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-03-07 19:44 - 2016-11-11 02:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-03-07 19:44 - 2016-11-11 02:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-03-07 19:44 - 2016-11-11 02:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-03-07 19:44 - 2016-11-11 02:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-03-07 19:44 - 2016-11-11 02:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-03-07 19:44 - 2016-11-11 02:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-07 19:43 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-07 19:43 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-07 19:43 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-03-07 19:43 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-03-07 19:43 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-03-07 19:43 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-03-07 19:43 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-07 19:43 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-03-07 19:43 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-03-07 19:43 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-03-07 19:43 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-03-07 19:43 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-03-07 19:43 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-07 19:43 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-03-07 19:43 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-03-07 19:43 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-07 19:43 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-03-07 19:43 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-03-07 19:43 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-03-07 19:43 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-03-07 19:43 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-03-07 19:43 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-03-07 19:43 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-03-07 19:43 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-03-07 19:43 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-07 19:43 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-07 19:43 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-03-07 19:43 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-03-07 19:43 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-03-07 19:43 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-07 19:43 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-03-07 19:43 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-03-07 19:43 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-03-07 19:43 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-07 19:43 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-03-07 19:43 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-03-07 19:43 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-03-07 19:43 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-03-07 19:43 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-03-07 19:43 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-03-07 19:43 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-03-07 19:43 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-03-07 19:43 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-03-07 19:43 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-03-07 19:43 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-03-07 19:43 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-03-07 19:43 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-07 19:43 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-03-07 19:43 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-03-07 19:43 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-03-07 19:43 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-03-07 19:43 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-03-07 19:43 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-03-07 19:43 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-03-07 19:43 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-03-07 19:43 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-03-07 19:43 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-07 19:43 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-03-07 19:43 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-03-07 19:43 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-03-07 19:43 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-03-07 19:43 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-03-07 19:43 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-03-07 19:43 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-07 19:43 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-03-07 19:43 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-03-07 19:43 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-07 19:43 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-03-07 19:43 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-03-07 19:43 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-03-07 19:43 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-07 19:43 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-03-07 19:43 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-03-07 19:43 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-07 19:43 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-03-07 19:43 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-03-07 19:43 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-03-07 19:43 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-03-07 19:43 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-03-07 19:43 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-03-07 19:43 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-03-07 19:43 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-07 19:43 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-03-07 19:43 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-03-07 19:43 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-03-07 19:43 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-03-07 19:43 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-07 19:43 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-03-07 19:43 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-03-07 19:43 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-03-07 19:43 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-03-07 19:43 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-07 19:43 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-03-07 19:43 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-03-07 19:43 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-03-07 19:43 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-03-07 19:43 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-07 19:43 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-03-07 19:43 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-07 19:43 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-07 19:43 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-07 19:43 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-07 19:43 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-03-07 19:43 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-07 19:43 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-03-07 19:43 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-03-07 19:43 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-07 19:43 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-07 19:43 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-03-07 19:43 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-03-07 19:43 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-03-07 19:43 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-03-07 19:43 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-03-07 19:43 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-03-07 19:43 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-03-07 19:43 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-03-07 19:43 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-03-07 19:43 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-03-07 19:43 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-03-07 19:43 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-03-07 19:43 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-07 19:43 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-03-07 19:43 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-03-07 19:43 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-03-07 19:43 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-03-07 19:43 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-07 19:43 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-03-07 19:43 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-03-07 19:43 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-07 19:43 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-07 19:43 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-07 19:43 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-03-07 19:43 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-03-07 19:43 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-03-07 19:43 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-03-07 19:43 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-03-07 19:43 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-03-07 19:43 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-03-07 19:43 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-03-07 19:43 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-07 19:43 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-03-07 19:43 - 2016-11-11 05:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-03-07 19:43 - 2016-11-11 05:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-07 19:43 - 2016-11-11 05:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-03-07 19:43 - 2016-11-11 05:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-03-07 19:43 - 2016-11-11 05:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-07 19:43 - 2016-11-11 05:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-07 19:43 - 2016-11-11 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-07 19:43 - 2016-11-11 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-07 19:43 - 2016-11-11 04:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-07 19:43 - 2016-11-11 04:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-07 19:43 - 2016-11-11 04:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2017-03-07 19:43 - 2016-11-11 04:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-07 19:43 - 2016-11-11 04:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-03-07 19:43 - 2016-11-11 04:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-03-07 19:43 - 2016-11-11 04:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2017-03-07 19:43 - 2016-11-11 04:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-03-07 19:43 - 2016-11-11 04:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2017-03-07 19:43 - 2016-11-11 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2017-03-07 19:43 - 2016-11-11 04:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-03-07 19:43 - 2016-11-11 04:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-03-07 19:43 - 2016-11-11 04:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-03-07 19:43 - 2016-11-11 04:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-03-07 19:43 - 2016-11-11 04:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-03-07 19:43 - 2016-11-11 04:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-03-07 19:43 - 2016-11-11 04:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-03-07 19:43 - 2016-11-11 04:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-03-07 19:43 - 2016-11-11 04:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-03-07 19:43 - 2016-11-11 04:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-07 19:43 - 2016-11-11 04:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-03-07 19:43 - 2016-11-11 04:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2017-03-07 19:43 - 2016-11-11 04:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2017-03-07 19:43 - 2016-11-11 04:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-07 19:43 - 2016-11-11 04:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-03-07 19:43 - 2016-11-11 04:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-07 19:43 - 2016-11-11 04:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-03-07 19:43 - 2016-11-11 04:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-03-07 19:43 - 2016-11-11 04:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-03-07 19:43 - 2016-11-11 04:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-03-07 19:43 - 2016-11-11 04:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-03-07 19:43 - 2016-11-11 04:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-03-07 19:43 - 2016-11-11 04:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-03-07 19:43 - 2016-11-11 04:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-07 19:43 - 2016-11-11 04:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-07 19:43 - 2016-11-11 04:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-03-07 19:43 - 2016-11-11 04:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-03-07 19:43 - 2016-11-11 04:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-03-07 19:43 - 2016-11-11 04:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2017-03-07 19:43 - 2016-11-11 04:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-03-07 19:43 - 2016-11-11 04:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-03-07 19:43 - 2016-11-11 04:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-03-07 19:43 - 2016-11-11 04:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2017-03-07 19:43 - 2016-11-11 04:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-03-07 19:43 - 2016-11-11 04:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-03-07 19:43 - 2016-11-11 04:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-03-07 19:43 - 2016-11-11 04:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-03-07 19:43 - 2016-11-11 04:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-03-07 19:43 - 2016-11-11 04:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-03-07 19:43 - 2016-11-11 04:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-03-07 19:43 - 2016-11-11 04:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-03-07 19:43 - 2016-11-11 04:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-03-07 19:43 - 2016-11-11 04:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-03-07 19:43 - 2016-11-11 04:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-03-07 19:43 - 2016-11-11 04:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-03-07 19:43 - 2016-11-11 04:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-03-07 19:43 - 2016-11-11 04:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-03-07 19:43 - 2016-11-11 04:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-03-07 19:43 - 2016-11-11 04:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-07 19:43 - 2016-11-11 04:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-03-07 19:43 - 2016-11-11 04:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-07 19:43 - 2016-11-11 04:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-03-07 19:43 - 2016-11-11 04:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-03-07 19:43 - 2016-11-11 04:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-07 19:43 - 2016-11-11 04:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-03-07 19:43 - 2016-11-11 04:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-03-07 19:43 - 2016-11-11 04:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-07 19:43 - 2016-11-11 04:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-07 19:43 - 2016-11-11 04:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-07 19:43 - 2016-11-11 04:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-03-07 19:43 - 2016-11-11 04:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-03-07 19:43 - 2016-11-11 04:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-03-07 19:43 - 2016-11-11 04:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-07 19:43 - 2016-11-11 04:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-03-07 19:43 - 2016-11-11 03:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-03-07 19:43 - 2016-11-11 02:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-03-07 19:43 - 2016-11-11 02:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2017-03-07 19:43 - 2016-11-11 02:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-03-07 19:43 - 2016-11-11 02:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-07 19:43 - 2016-11-11 02:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-07 19:43 - 2016-11-11 02:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-07 19:43 - 2016-11-11 02:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-07 19:43 - 2016-11-11 02:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-07 19:43 - 2016-11-11 02:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2017-03-07 19:43 - 2016-11-11 02:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2017-03-07 19:43 - 2016-11-11 02:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-07 19:43 - 2016-11-11 02:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2017-03-07 19:43 - 2016-11-11 02:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2017-03-07 19:43 - 2016-11-11 02:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2017-03-07 19:43 - 2016-11-11 02:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-03-07 19:43 - 2016-11-11 02:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-07 19:43 - 2016-11-11 02:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-03-07 19:43 - 2016-11-11 02:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-03-07 19:43 - 2016-11-11 02:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-03-07 19:43 - 2016-11-11 02:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-03-07 19:43 - 2016-11-11 02:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-03-07 19:43 - 2016-11-11 02:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-03-07 19:43 - 2016-11-11 02:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-03-07 19:43 - 2016-11-11 02:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-03-07 19:43 - 2016-11-11 02:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-07 19:43 - 2016-11-11 02:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-03-07 19:43 - 2016-11-11 02:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-03-07 19:43 - 2016-11-11 02:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-03-07 19:43 - 2016-11-11 02:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-03-07 19:43 - 2016-11-11 02:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2017-03-07 19:43 - 2016-11-11 02:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-03-07 19:43 - 2016-11-11 02:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2017-03-07 19:43 - 2016-11-11 02:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-03-07 19:43 - 2016-11-11 02:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-03-07 19:43 - 2016-11-11 02:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-07 19:43 - 2016-11-11 02:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-03-07 19:43 - 2016-11-11 02:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-07 19:43 - 2016-11-11 02:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-03-07 19:43 - 2016-11-11 02:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-07 19:43 - 2016-11-11 02:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-07 19:43 - 2016-11-11 02:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-03-07 19:43 - 2016-11-11 02:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-07 19:43 - 2016-11-11 02:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-07 19:43 - 2016-11-11 02:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-03-07 19:43 - 2016-11-11 02:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-07 19:43 - 2016-11-11 02:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-07 19:43 - 2016-11-11 02:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-07 19:39 - 2017-03-11 20:12 - 00107700 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-07 19:39 - 2017-03-11 20:12 - 00076593 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-07 19:39 - 2017-03-07 19:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-07 19:39 - 2017-03-07 19:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-07 19:39 - 2017-03-07 19:39 - 00000000 ____D C:\Users\Randy\AppData\Local\Zemana
2017-03-07 19:39 - 2017-03-07 19:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-07 19:38 - 2017-03-07 20:39 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-07 19:38 - 2017-03-07 19:38 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-07 19:36 - 2017-03-07 19:36 - 00006077 _____ C:\Users\Randy\Downloads\Purge_StartALL.bat
2017-03-07 19:31 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-03-07 19:31 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-03-03 01:08 - 2017-03-03 01:08 - 00000000 ____D C:\Users\Randy\Downloads\backups
2017-03-03 00:34 - 2017-03-03 00:34 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Stardock
2017-03-03 00:34 - 2017-03-03 00:34 - 00000000 ____D C:\Users\Randy\AppData\Local\Stardock
2017-03-02 15:11 - 2017-03-02 12:28 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-02 15:09 - 2017-03-02 15:09 - 00000000 ____D C:\Windows.old
2017-03-02 15:08 - 2017-03-02 15:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-03-02 15:07 - 2017-03-02 15:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-02 15:07 - 2017-03-02 15:07 - 00000000 ____D C:\Program Files\MSBuild
2017-03-02 15:07 - 2017-03-02 15:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-03-02 15:07 - 2017-03-02 15:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-02 15:07 - 2016-05-25 17:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-03-02 15:07 - 2016-05-25 17:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-03-02 15:07 - 2016-05-25 17:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-03-02 15:07 - 2016-05-25 14:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-03-02 15:07 - 2016-05-25 14:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-03-02 15:07 - 2016-05-25 14:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-03-02 12:34 - 2017-03-02 12:34 - 00000000 ____D C:\Users\Randy\AppData\Roaming\ClassicShell
2017-03-02 12:34 - 2017-03-02 12:34 - 00000000 ____D C:\Users\Randy\AppData\Local\ClassicShell
2017-03-02 12:34 - 2017-03-02 12:34 - 00000000 ____D C:\ProgramData\ClassicShell
2017-03-02 12:29 - 2017-03-02 12:39 - 00000000 ____D C:\Users\Randy\AppData\Local\ConnectedDevicesPlatform
2017-03-02 12:29 - 2017-03-02 12:29 - 00000020 ___SH C:\Users\Randy\ntuser.ini
2017-03-02 12:27 - 2017-03-02 12:27 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-03-02 12:27 - 2017-03-02 12:27 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-03-02 12:27 - 2017-03-02 12:27 - 00003522 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413348635-3526239420-3300952408-1001UA
2017-03-02 12:27 - 2017-03-02 12:27 - 00003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 12:27 - 2017-03-02 12:27 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-02 12:27 - 2017-03-02 12:27 - 00003288 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BD818A40-B9D8-4222-A0DC-9FED05019AEA}
2017-03-02 12:27 - 2017-03-02 12:27 - 00003254 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413348635-3526239420-3300952408-1001Core
2017-03-02 12:27 - 2017-03-02 12:27 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-02 12:27 - 2017-03-02 12:27 - 00002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 12:27 - 2017-03-02 12:27 - 00002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 12:27 - 2017-03-02 12:27 - 00002858 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 12:27 - 2017-03-02 12:27 - 00002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 12:27 - 2017-03-02 12:27 - 00002812 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Home-Randy
2017-03-02 12:27 - 2017-03-02 12:27 - 00002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 12:27 - 2017-03-02 12:27 - 00002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-02 12:27 - 2017-03-02 12:27 - 00002640 _____ C:\WINDOWS\System32\Tasks\vnovostyahnethewolsm
2017-03-02 12:27 - 2017-03-02 12:27 - 00002496 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2017-03-02 12:27 - 2017-03-02 12:27 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-02 12:27 - 2017-03-02 12:27 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-02 12:27 - 2017-03-02 12:27 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-02 12:27 - 2017-03-02 12:27 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-02 12:27 - 2017-03-02 12:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-02 12:27 - 2017-03-02 12:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-02 12:27 - 2017-03-02 12:27 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-02 12:16 - 2017-03-02 12:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-03-02 12:15 - 2017-03-11 20:08 - 00000000 ____D C:\Users\Randy
2017-03-02 12:15 - 2017-03-02 12:24 - 00000000 ____D C:\Users\Administrator
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Randy\My Documents
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Randy\Documents\My Videos
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Randy\Documents\My Pictures
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Randy\Documents\My Music
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-03-02 12:15 - 2017-03-02 12:15 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-03-02 12:14 - 2017-03-02 12:14 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-03-02 12:13 - 2017-03-02 12:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-02 12:13 - 2017-03-02 12:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-02 12:13 - 2017-03-02 12:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-02 12:13 - 2017-03-02 12:13 - 00000000 ____D C:\ProgramData\Brother
2017-03-02 12:13 - 2016-12-29 07:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-02 12:13 - 2016-12-29 07:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-02 12:13 - 2016-12-29 07:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-02 12:13 - 2016-12-29 07:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-02 12:13 - 2016-12-29 07:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-02 12:13 - 2016-12-29 07:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-02 12:13 - 2016-12-29 07:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-02 12:13 - 2016-12-19 02:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-02 12:12 - 2017-03-02 12:16 - 00000000 ____D C:\ProgramData\Razer
2017-03-02 12:12 - 2017-03-02 12:16 - 00000000 ____D C:\Program Files (x86)\Razer
2017-03-02 12:12 - 2017-03-02 12:12 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-03-02 12:12 - 2017-03-02 12:12 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-03-02 12:12 - 2017-03-02 12:12 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-03-02 12:12 - 2017-03-02 12:12 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-03-02 12:12 - 2017-03-02 12:12 - 00000000 ____D C:\Program Files\Synaptics
2017-03-02 12:12 - 2017-03-02 12:12 - 00000000 ____D C:\Program Files\Realtek
2017-03-02 11:54 - 2017-03-02 11:54 - 07220496 _____ (IvoSoft) C:\Users\Randy\Downloads\ClassicShellSetup_4_3_0.exe
2017-03-02 11:44 - 2017-03-02 11:44 - 35661624 _____ C:\Users\Randy\Downloads\Start10_1.53_setup_sd.exe
2017-03-02 11:13 - 2017-03-02 11:13 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Cheat Happens
2017-03-01 21:38 - 2017-03-01 21:38 - 00000000 ____D C:\Users\Randy\ansel
2017-03-01 21:03 - 2017-03-01 21:03 - 00000400 _____ C:\Users\Randy\Downloads\RCRU2.CT
2017-03-01 20:52 - 2017-03-01 20:52 - 00000407 _____ C:\Users\Randy\Downloads\RCRU.CT
2017-02-27 23:17 - 2017-02-27 23:17 - 00000000 ____D C:\Users\Randy\Documents\Conatus Creative
2017-02-26 14:36 - 2017-02-26 14:38 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2017-02-22 20:25 - 2017-02-22 20:25 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Infinity
2017-02-22 20:25 - 2017-02-22 20:25 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Daring Development
2017-02-22 20:25 - 2017-02-22 20:25 - 00000000 ____D C:\Users\Randy\AppData\Local\Infinity
2017-02-20 23:49 - 2017-02-20 23:49 - 00841291 _____ C:\Users\Randy\Documents\bookmarks_2_20_17.html
2017-02-20 15:24 - 2017-02-20 15:24 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-20 15:24 - 2017-02-09 17:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-20 15:24 - 2017-01-25 19:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-20 15:24 - 2017-01-25 19:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-20 15:24 - 2017-01-25 19:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-20 15:24 - 2017-01-25 19:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-20 14:46 - 2017-02-08 06:57 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-20 14:46 - 2017-02-08 06:57 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-20 14:46 - 2017-02-08 06:57 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-20 14:46 - 2017-02-08 06:57 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-20 14:46 - 2017-02-08 06:57 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-20 14:45 - 2017-02-08 06:57 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-20 14:45 - 2017-02-08 06:57 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-20 14:45 - 2017-02-08 06:57 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-20 14:45 - 2017-02-08 06:57 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-02-20 14:45 - 2017-02-08 05:54 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-19 06:50 - 2017-03-02 12:16 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-02-19 06:50 - 2017-03-02 12:16 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-02-16 23:17 - 2017-02-16 23:17 - 00000000 ____D C:\Users\Randy\AppData\Roaming\com.jackboxgames.jackboxpartypack3
2017-02-14 22:56 - 2017-02-09 18:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-14 22:45 - 2016-06-30 22:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2017-02-14 22:44 - 2016-06-30 22:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2017-02-12 12:25 - 2017-02-12 12:26 - 00000000 ____D C:\Program Files\EqualizerAPO
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-11 20:08 - 2016-11-20 13:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-11 20:08 - 2016-02-01 22:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-11 20:08 - 2015-09-13 15:22 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Dexpot
2017-03-11 20:08 - 2014-12-03 23:29 - 00000000 ____D C:\Users\Randy\Documents\AirDroid
2017-03-11 18:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-11 17:03 - 2016-11-20 13:51 - 01245970 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 16:58 - 2016-11-20 13:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 16:58 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-11 16:58 - 2016-05-08 12:03 - 00000000 ____D C:\ProgramData\VMware
2017-03-11 16:58 - 2015-08-17 23:12 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Everything
2017-03-11 16:56 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-11 16:34 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-11 16:28 - 2016-11-20 13:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-11 09:30 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-11 08:27 - 2016-11-20 13:40 - 05916128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-11 08:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-11 08:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-03-11 08:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-03-11 08:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-03-11 08:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2017-03-11 07:53 - 2016-01-13 18:19 - 00000000 ____D C:\Users\Randy\AppData\Roaming\discord
2017-03-11 07:53 - 2016-01-13 18:19 - 00000000 ____D C:\Users\Randy\AppData\Local\SquirrelTemp
2017-03-11 07:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-10 21:26 - 2015-10-07 17:45 - 00000000 ____D C:\Users\Randy\AppData\Local\UnrealEngine
2017-03-10 20:43 - 2016-12-05 19:14 - 00000000 ____D C:\Users\Randy\AppData\Roaming\AirDroid
2017-03-10 18:29 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-10 18:28 - 2015-09-11 18:05 - 00000000 ____D C:\ProgramData\Stardock
2017-03-10 18:28 - 2015-09-11 18:05 - 00000000 ____D C:\Program Files (x86)\Stardock
2017-03-10 18:23 - 2015-08-11 22:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-10 18:22 - 2016-06-23 12:27 - 00000000 ____D C:\Program Files (x86)\AirDroid
2017-03-10 18:20 - 2015-08-11 22:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-09 20:06 - 2011-10-13 19:10 - 00000000 ____D C:\Users\Randy\System
2017-03-09 20:05 - 2015-09-16 17:33 - 00000000 ____D C:\ProgramData\RR
2017-03-09 20:03 - 2015-09-01 19:42 - 00000000 ____D C:\Users\Randy\AppData\Roaming\vlc
2017-03-09 16:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\appcompat
2017-03-08 23:22 - 2016-02-02 17:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 23:22 - 2015-09-13 17:29 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-08 17:37 - 2014-02-06 22:23 - 00000000 ____D C:\AdwCleaner
2017-03-07 20:42 - 2015-09-13 17:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-07 19:28 - 2016-07-16 06:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-03-07 19:26 - 2016-02-02 02:27 - 00000000 ____D C:\Users\Randy\AppData\Local\AdiIRC
2017-03-03 00:34 - 2014-02-02 17:02 - 00000000 ____D C:\Users\Public\Documents\Stardock
2017-03-02 15:11 - 2016-07-16 06:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-03-02 15:07 - 2016-07-16 06:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-03-02 15:07 - 2016-07-16 06:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-03-02 15:07 - 2016-07-16 06:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-03-02 15:07 - 2016-07-16 06:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-03-02 15:07 - 2016-07-16 06:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-03-02 13:51 - 2015-09-11 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2017-03-02 13:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-03-02 13:11 - 2015-08-09 19:38 - 00000000 ____D C:\Users\Randy\AppData\Local\Packages
2017-03-02 12:46 - 2014-02-06 21:31 - 00000000 ____D C:\Users\Randy\Documents\ShareX
2017-03-02 12:36 - 2015-08-09 19:39 - 00000000 ___RD C:\Users\Randy\OneDrive
2017-03-02 12:28 - 2016-01-17 12:54 - 00000400 __RSH C:\ProgramData\ntuser.pol
2017-03-02 12:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-03-02 12:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Registration
2017-03-02 12:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-03-02 12:26 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-02 12:26 - 2016-02-01 22:30 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-03-02 12:23 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-02 12:23 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-02 12:23 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
2017-03-02 12:23 - 2015-08-16 15:24 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-02 12:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-02 12:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Cursors
2017-03-02 12:16 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-02 12:16 - 2015-10-30 04:07 - 00000000 ____D C:\WINDOWS\ShellNew
2017-03-02 12:16 - 2015-09-11 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
2017-03-02 12:16 - 2015-09-11 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2017-03-02 12:16 - 2015-08-09 23:23 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-02 12:15 - 2016-03-08 20:44 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System
2017-03-02 12:15 - 2015-09-30 01:11 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
2017-03-02 12:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Help
2017-03-02 11:59 - 2016-11-21 06:31 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-02 11:38 - 2015-09-13 17:34 - 00000000 ____D C:\Program Files\ShareX
2017-03-02 11:14 - 2016-04-26 11:46 - 05721600 ___SH C:\Users\Randy\Downloads\Thumbs.db
2017-02-26 14:28 - 2015-12-30 22:06 - 00000000 ____D C:\Users\Randy\AppData\Roaming\qBittorrent
2017-02-24 19:39 - 2016-03-29 16:07 - 00000000 ____D C:\Users\Randy\Downloads\Torrents
2017-02-24 19:13 - 2015-08-30 16:47 - 00000000 ____D C:\Users\Randy\AppData\Local\CrashDumps
2017-02-21 22:51 - 2015-08-30 16:32 - 00000000 ____D C:\Users\Randy\AppData\Local\NVIDIA Corporation
2017-02-20 23:55 - 2016-10-26 09:18 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Sun
2017-02-20 23:55 - 2015-08-09 23:47 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Macromedia
2017-02-20 23:55 - 2014-02-06 21:38 - 00000000 ____D C:\Users\Randy\AppData\LocalLow\Sun
2017-02-20 23:50 - 2016-05-29 20:02 - 00000000 ____D C:\Users\Randy\AppData\Local\atom
2017-02-20 14:46 - 2015-08-30 16:32 - 00000000 ____D C:\Users\Randy\AppData\Local\NVIDIA
2017-02-19 06:48 - 2016-02-02 11:39 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-14 22:39 - 2015-10-30 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-02-14 22:39 - 2015-10-30 02:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-02-14 22:28 - 2015-08-16 15:23 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2016-03-09 15:47 - 2017-01-05 11:46 - 0000100 _____ () C:\Users\Randy\AppData\Roaming\Camdata.ini
2016-03-09 15:47 - 2017-01-05 11:46 - 0000408 _____ () C:\Users\Randy\AppData\Roaming\CamLayout.ini
2016-03-09 15:47 - 2017-01-05 11:46 - 0000408 _____ () C:\Users\Randy\AppData\Roaming\CamShapes.ini
2016-03-09 15:47 - 2017-01-05 11:46 - 0004521 _____ () C:\Users\Randy\AppData\Roaming\CamStudio.cfg
2017-02-05 18:57 - 2017-02-05 18:57 - 0000218 _____ () C:\Users\Randy\AppData\Local\recently-used.xbel
2015-11-10 00:24 - 2015-11-10 00:24 - 0000017 _____ () C:\Users\Randy\AppData\Local\resmon.resmoncfg
2017-01-03 23:34 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\Randy\AppData\Local\TroubleshooterConfig.json
 
Some files in TEMP:
====================
2017-03-10 20:15 - 2017-03-10 20:15 - 0141824 _____ () C:\Users\Randy\AppData\Local\Temp\fbupdater.63905859.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-02 12:12
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 12 March 2017 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Swearware) C:\Users\Randy\Desktop\Tools\dds.com
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Run: [Wox] => C:\Users\Randy\Apps\Wox\Wox.exe [229376 2015-12-13] (Wox-launcher)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
FF Extension: (Australium) - C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default\Extensions\{6a2ffbbc-4f20-42f0-b98e-98e62085837f}.xpi [2016-05-31] [not signed]
FF Extension: (PMChrome) - C:\Users\Randy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a51hngqt.default\Extensions\{87a59598-d2b6-45ba-b98e-98e62085837f}.xpi [2016-04-13] [not signed]
CHR Extension: (BetterTTV) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 Origin Client Service; "F:\Origin\OriginClientService.exe" [X]
C:\Users\Randy\Apps\Wox
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know if the problem persists with this computer.

p.s.
Please post the Addition.txt file that was created by the Farbar tool.

#3 Aggort

Aggort
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 12 March 2017 - 10:42 AM

Doing as instructed, in the meantime here's the contents of the Addition.txt file.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by Randy (11-03-2017 20:12:31)
Running from C:\Users\Randy\Desktop\Tools
Windows 10 Pro Version 1607 (X64) (2017-03-02 17:28:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1413348635-3526239420-3300952408-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1413348635-3526239420-3300952408-503 - Limited - Disabled)
Guest (S-1-5-21-1413348635-3526239420-3300952408-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1413348635-3526239420-3300952408-1017 - Limited - Enabled)
Randy (S-1-5-21-1413348635-3526239420-3300952408-1001 - Administrator - Enabled) => C:\Users\Randy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
20XX (HKLM\...\Steam App 322110) (Version:  - Batterystaple Games)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
ABZÛ (HKLM\...\Steam App 384190) (Version:  - Giant Squid)
Action Henk (HKLM\...\Steam App 285820) (Version:  - RageSquid)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
AirDroid 3.3.5.3 (HKLM-x32\...\AirDroid) (Version: 3.3.5.3 - Sand Studio)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
ASTRONEER (HKLM\...\Steam App 361420) (Version:  - System Era Softworks)
Atom (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\atom) (Version: 1.14.3 - GitHub Inc.)
AutoHotkey 1.1.22.06 (HKLM\...\AutoHotkey) (Version: 1.1.22.06 - Lexikos)
AviSynth+ 2294 (HKLM-x32\...\{AC78780F-BACA-4805-8D4F-AE1B52B7E7D3}_is1) (Version: 2294.0 - The Public)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Burnout Paradise: The Ultimate Box (HKLM\...\Steam App 24740) (Version:  - Criterion Games)
calibre (HKLM-x32\...\{C5E7301A-D0AC-4687-A90F-DEB1F46E005B}) (Version: 2.38.0 - Kovid Goyal)
Can't Drive This (HKLM\...\Steam App 466980) (Version:  - Pixel Maniacs)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
ChargeShot (HKLM-x32\...\Steam App 401840) (Version:  - Cowboy Color)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Chipamp (HKLM-x32\...\Chipamp) (Version: 1.1 - OverClocked ReMix)
Chrome Remote Desktop Host (HKLM-x32\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
Contents64 (Version: 18.0.0.181 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X8 (HKLM-x32\...\_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.0.0.181 - Corel Corporation)
Crazy Pixel Streaker (HKLM\...\Steam App 393460) (Version:  - Lubiterum)
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 2.18.0.22 - GOG.com)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Death Road to Canada (HKLM\...\Steam App 252610) (Version:  - Rocketcat Games)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dexpot (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Dexpot) (Version: 1.6.14 - Dexpot GbR)
Diehard Dungeon (HKLM-x32\...\Steam App 277870) (Version:  - Tricktale)
Disc Jam (HKLM\...\Steam App 415880) (Version:  - High Horse Entertainment)
Downwell (HKLM-x32\...\Steam App 360740) (Version:  - Moppin)
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
EmulationStation (HKLM-x32\...\EmulationStation) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{CA4F7840-CC89-451D-8453-392F2EDAA605}) (Version: 1.1.70.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri)
f.lux (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Flux) (Version:  - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Gang Beasts Online Beta (HKLM\...\Steam App 459960) (Version:  - )
Genital Jousting (HKLM\...\Steam App 469820) (Version:  - Free Lives)
Geometry Dash (HKLM-x32\...\Steam App 322170) (Version:  - RobTop Games)
Git version 2.10.2 (HKLM\...\Git_is1) (Version: 2.10.2 - The Git Development Community)
GoldenEye: Source (HKLM-x32\...\gesource) (Version: 5.0 - The GoldenEye: Source Team)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Play Music Desktop Player (HKLM-x32\...\{bc7fc95c-1731-499c-ab44-43a7c8520cfc}) (Version: 2.0.2 - MarshallOfSound)
Google Play Music Desktop Player (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\GPMDP_3) (Version: 4.1.1 - Samuel Attard)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gtk# for .Net 2.12.30 (HKLM-x32\...\{CA8017BD-8271-4C93-A409-186375C5A5CA}) (Version: 2.12.30 - Xamarin, Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Heavy Bullets (HKLM-x32\...\Steam App 297120) (Version:  - Terri Vellmann)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version:  - Elias Viglione)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
ICA (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infinity (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Infinity) (Version: 2.3.3 - Daring Development Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
IPM_VS_Pro64 (Version: 18.0 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Iron Fisticle (HKLM-x32\...\Steam App 306700) (Version:  - Confused Pelican)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Just Get Through (HKLM-x32\...\Steam App 338190) (Version:  - Retrific)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lethal League (HKLM\...\Steam App 261180) (Version:  - Team Reptile)
LibreOffice 5.0.0.5 (HKLM\...\{A4D51ECF-D046-46F5-935F-2B3A6ADF89D9}) (Version: 5.0.0.5 - The Document Foundation)
Life of Pixel (HKLM-x32\...\Steam App 327260) (Version:  - Super Icon Ltd)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Miscreated (HKLM\...\Steam App 299740) (Version:  - Entrada Interactive LLC)
Mono for Windows (HKLM-x32\...\{2BEFF712-2235-4942-A82B-5EB95AB215DE}) (Version: 4.2.2 - Xamarin, Inc.)
Mother Russia Bleeds (HKLM\...\Steam App 361300) (Version:  - Le Cartel Studio)
Move or Die (HKLM\...\Steam App 323850) (Version:  - Those Awesome Guys)
MPC-HC 1.7.10.276 (e15495d0a) Nightly (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10.276 - MPC-HC Team)
Music Manager (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\MusicManager) (Version:  - Google, Inc.)
Neon Chrome version 1.0.0.11 (HKLM-x32\...\{342D4963-824E-4296-A53D-AD98B3AE52D1}_is1) (Version: 1.0.0.11 - 10tons Ltd)
Node.js (HKLM\...\{B5FEC613-8EBC-43C3-A232-693D96E07CCF}) (Version: 4.5.0 - Node.js Foundation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.100 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.100 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.100 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.11.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
Oh...Sir! The Insult Simulator (HKLM\...\Steam App 512250) (Version:  - Vile Monarch)
Okhlos (HKLM\...\Steam App 400180) (Version:  - Coffee Powered Machine)
Oniken (HKLM-x32\...\Steam App 252010) (Version:  - JoyMasher)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenIV (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team)
OpenRCT2 0.0.5-develop-329c8b1 (HKLM-x32\...\OpenRCT2) (Version: 0.0.5-develop-329c8b1 - OpenRCT2)
OpenRCT2 Launcher (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\50293b21343b05b6) (Version: 1.0.0.25 - OpenRCT2 Launcher)
OpenRCT2 Launcher version 0.0.6 (HKLM\...\{D71D87CE-20E7-4DB6-A0D8-E6DE57051B35}_is1) (Version: 0.0.6 - OpenRCT2)
OpenShot Video Editor version 2.2.0 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.2.0 - OpenShot Studios, LLC)
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Out There Somewhere (HKLM-x32\...\Steam App 263980) (Version:  - MiniBoss)
Over 9000 Zombies! (HKLM-x32\...\Steam App 273500) (Version:  - Loren Lemcke)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pale Moon 26.2.1 (x64 en-US) (HKLM\...\Pale Moon 26.2.1 (x64 en-US)) (Version: 26.2.1 - Moonchild Productions)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.1 - pdfforge GmbH)
Peace (HKLM\...\Peace) (Version: 1.4.0.1 - P.E. Verbeek)
Pinta 1.6 (HKLM-x32\...\{aaa32734-ca38-494d-836c-f41822d11ed5}) (Version: 1.6.0.0 - Pinta Community)
Pinta 1.6 (x32 Version: 1.6.0.0 - Pinta Community) Hidden
Pirate Pop Plus (HKLM\...\Steam App 487350) (Version:  - dadako)
Plane9 v2.4.1.4 (HKLM-x32\...\Plane9) (Version: v2.4.1.4 - Joakim Dahl / Planestate Software)
Planet Coaster (HKLM\...\Steam App 493340) (Version:  - Frontier Developments)
Planet of the Eyes (HKLM\...\Steam App 350970) (Version:  - Cococucumber)
Plug & Play (HKLM-x32\...\Steam App 353560) (Version:  - Mario von Rickenbach)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Project Highrise (HKLM\...\Steam App 423580) (Version:  - SomaSim)
PS4 Remote Play (HKLM-x32\...\{1F1AAC07-945B-451F-9CE6-1C7E7BB9CBF2}) (Version: 1.0.0.15181 - Sony Interactive Entertainment Inc.)
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Ragdoll Runners (HKLM\...\Steam App 404820) (Version:  - Samuel Manier)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2613 - )
Random Access Murder (HKLM\...\Steam App 438790) (Version:  - Team Murder)
Ratz Instagib 2.0 (HKLM-x32\...\Steam App 338170) (Version:  - Lino Slahuschek)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Read Only Memories (HKLM-x32\...\Steam App 330820) (Version:  - MidBoss, LLC.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
ReClock (HKLM-x32\...\ReClock) (Version:  - RedFox Project)
Resident Evil 7: Biohazard (HKLM-x32\...\Resident Evil 7: Biohazard_is1) (Version:  - )
Resource Hacker Version 4.5.30 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Retro Game Crunch (HKLM-x32\...\Steam App 290040) (Version:  - Rusty Moyher)
Riff Racer (HKLM\...\Steam App 351990) (Version:  - FOAM Entertainment)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
River City Ransom: Underground (HKLM\...\Steam App 422810) (Version:  - Conatus Creative Inc.)
Roboreader (HKLM-x32\...\Roboreader) (Version:  - )
Robot Roller-Derby Disco Dodgeball (HKLM-x32\...\Steam App 270450) (Version:  - Erik Asmussen)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Rot Gut (HKLM\...\Steam App 395500) (Version:  - Shotgun Surgeon)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.6.5.13 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Setup (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
Shadow Warrior 2, âåðñèÿ 2.0 (HKLM-x32\...\Shadow Warrior 2_is1) (Version: 2.0 - Devolver Digital)
Share64 (Version: 18.0.0.181 - Corel Corporation) Hidden
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.6.0 - ShareX Team)
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.100 - NVIDIA Corporation) Hidden
Skyhook (HKLM\...\Steam App 361350) (Version:  - Megastorm Games)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SNOW (HKLM\...\Steam App 244930) (Version:  - Poppermost Productions)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotiamb (HKLM-x32\...\Spotiamb) (Version:  - )
STAMP (HKLM-x32\...\STAMP) (Version:  - )
STANDBY Demo (HKLM\...\Steam App 522680) (Version:  - Noclip)
Star Citizen Launcher (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.53 - Stardock Software, Inc.)
Steep (HKLM-x32\...\Uplay Install 3279) (Version:  - Ubisoft)
Streamline (HKLM-x32\...\d229a310-2468-4f0c-b49b-4a6dcdd47809) (Version:  - PS363)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Super Indie Karts (HKLM\...\Steam App 323670) (Version:  - One Legged Seagull)
Super Win the Game (HKLM-x32\...\Steam App 310700) (Version:  - Minor Key Games)
SVP 4 Free (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\{0c3ef9f0-8e59-4085-8cbc-07b20551576a}) (Version: 4.0 - SVP Team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.0 - Synaptics Incorporated)
Taimumari (HKLM-x32\...\Steam App 375520) (Version:  - TERNOX)
TED Notepad (HKLM-x32\...\TED Notepad) (Version: 6.0.2 - Medvedik, Juraj Simlovic)
The Binding of Isaac Rebirth 1.0 (HKLM-x32\...\The Binding of Isaac Rebirth 1.0) (Version: 1.0 - Games on Cat-A-Cat.Net)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
The Culling Test (HKLM\...\Steam App 468220) (Version:  - )
The Jackbox Party Pack 2 (HKLM-x32\...\Steam App 397460) (Version:  - Jackbox Games, Inc.)
The Jackbox Party Pack 3 (HKLM\...\Steam App 434170) (Version:  - Jackbox Games, Inc.)
The Next Penelope (HKLM-x32\...\Steam App 332250) (Version:  - Aurelien Regard)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
THOTH (HKLM\...\Steam App 510620) (Version:  - Carlsen Games)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Town of Salem (HKLM\...\Steam App 334230) (Version:  - BlankMediaGames)
TOXIKK (HKLM-x32\...\Steam App 324810) (Version:  - Reakktor Studios)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
Typora version 0.9.23 (HKLM\...\{37771A20-7167-44C0-B322-FD3E54C56156}_is1) (Version: 0.9.23 - typora.io)
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.0.4.0 - Manuel Hoefs (Zottel))
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.2 - uvnc bvba)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
UxStyle (HKLM-x32\...\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}) (Version: 0.2.4.2 - The Within Network, LLC)
UxStyle (Version: 0.2.4.2 - The Within Network, LLC) Hidden
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM\...\{537B7F85-2B95-44ED-8D90-765F6F36D666}) (Version: 12.1.1 - VMware, Inc.)
VSClassic64 (Version: 18.0.0.181 - Corel Corporation) Hidden
VSDC Free Video Editor version 5.7.3.644 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.3.644 - Flash-Integro LLC)
VSUltimate64 (Version: 18.0.0.181 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\WinDirStat) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Worms Reloaded (HKLM\...\Steam App 22600) (Version:  - Team17 Digital Ltd)
Write! (HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\Write!_is1) (Version: 1.23.0-1612020 - HamsterCoders Ltd.)
Xeodrifter™ (HKLM-x32\...\Steam App 319140) (Version:  - Renegade Kid)
XSplit Broadcaster (HKLM-x32\...\{A78B7DC1-1118-4FA7-8FE1-3A75FCF0896B}) (Version: 2.7.1602.2231 - SplitmediaLabs)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Ziggurat (HKLM\...\Steam App 308420) (Version:  - Milkstone Studios)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{80933416-C33F-407E-BCC1-6246E3EE34DF}\InprocServer32 -> C:\Program Files (x86)\ExtractNow\extractmenu64.dll (Nathan Moinvaziri)
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> C:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> C:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000D3EFB-2EE4-45F9-B545-B22E88947D99} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-10] (Microsoft Corporation)
Task: {050FE881-97AD-46C7-9F23-4D937B26B280} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {06595BCD-DA4C-4090-9E38-6F8D4F7A7BF0} - System32\Tasks\AdobeAAMUpdater-1.0-Home-Randy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {124426B4-ACBE-4DBA-947D-3C5377260893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {201FA830-AE9A-4B87-8D5B-FEE3F05B6AC8} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {29934B58-DAD1-4E35-8BBA-35DA703BEDA3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
Task: {378D614C-BE41-40BD-A76A-85A067D33045} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413348635-3526239420-3300952408-1001UA => C:\Users\Randy\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {5075CB3A-3091-403B-80FF-F62B9D470E41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413348635-3526239420-3300952408-1001Core => C:\Users\Randy\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {587FAAD2-D9EF-4C5A-8D01-1049496D8B44} - System32\Tasks\vnovostyahnethewolsm => Chrome.exe vnovostyah.net/hewolsm <==== ATTENTION
Task: {8875BF09-23DD-46ED-8597-DE6DAD686247} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-08] (NVIDIA Corporation)
Task: {9C2E5B27-0E0B-460C-B1D5-55FCA62BAA75} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {9F98A894-8079-47E0-9F6C-F0B05003CDEA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-08] (NVIDIA Corporation)
Task: {A0CA66A7-0882-4DF7-9B42-82E8EB4086E8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
Task: {B455E12E-940F-4DEC-8A4F-FFCAF42BC4F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {C39D3A54-3B32-4F95-ABB5-335FB893B1A9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {E555E3F8-1E1C-450E-938A-313AA790EB8E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-09-27] ()
Task: {F9742602-A317-498D-9228-2662F7C88220} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {FBB6BFEB-38B5-4D64-AE0C-2F9BC0A1BA68} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-08] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_knipolnnllmklapflnccelgolnpehhpl\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Randy\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Randy\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Randy\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"
ShortcutWithArgument: C:\Users\Randy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-07 19:44 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-02 12:13 - 2016-12-29 07:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-20 14:45 - 2017-02-08 06:57 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-20 14:45 - 2017-02-08 06:57 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-19 19:10 - 2016-07-19 19:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-07 19:44 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-11-20 13:11 - 2016-11-20 13:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-07 19:43 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-07 19:43 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-07 19:43 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-07 19:43 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-07 19:43 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-07 19:43 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-07 19:43 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-02 13:12 - 2017-03-02 13:12 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-02 13:12 - 2017-03-02 13:12 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-02 13:12 - 2017-03-02 13:12 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-02 13:12 - 2017-03-02 13:12 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-07 19:43 - 2016-12-21 01:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2015-08-17 23:12 - 2014-08-05 20:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2015-09-27 14:55 - 2015-09-27 14:55 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-09-27 14:55 - 2015-09-27 14:55 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-09-27 14:55 - 2015-09-27 14:55 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-06-27 20:17 - 2015-04-21 20:55 - 03755008 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2017-03-07 19:39 - 2017-03-07 19:39 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-04-14 16:17 - 2016-04-14 16:17 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-08-30 16:32 - 2017-02-08 06:57 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-20 14:45 - 2017-02-08 06:57 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-20 14:45 - 2017-02-08 06:57 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-20 14:46 - 2017-02-08 06:56 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-20 14:45 - 2017-02-08 05:54 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-20 14:45 - 2017-02-08 05:54 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-20 14:45 - 2017-02-08 05:54 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-20 14:45 - 2017-02-08 05:54 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-20 14:45 - 2017-02-08 05:54 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-20 14:45 - 2017-02-08 05:54 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-20 14:45 - 2017-02-08 05:54 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-20 14:45 - 2017-02-08 05:54 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-07 21:03 - 2017-03-10 18:21 - 09046568 _____ () C:\Program Files (x86)\AirDroid\Android.dll
2016-06-01 21:22 - 2017-03-10 18:21 - 00642088 _____ () C:\Program Files (x86)\AirDroid\System.Data.SQLite.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-09-27 14:55 - 2015-09-27 14:55 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2017-03-11 20:11 - 2017-03-11 20:11 - 00011264 _____ () C:\Users\Randy\AppData\Local\Temp\nsd3A63.tmp\System.dll
2017-03-11 20:11 - 2017-03-11 20:11 - 00006656 _____ () C:\Users\Randy\AppData\Local\Temp\nsd3A63.tmp\nsExec.dll
2010-10-21 05:15 - 2010-10-21 05:15 - 00098816 _____ () C:\Users\Randy\AppData\Local\Temp\nsd3A63.tmp\SED.DAT
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\nvir3dgenco64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvstusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSB.sys:$CmdTcID [64]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-08-09 23:23 - 2015-08-09 23:22 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\Control Panel\Desktop\\Wallpaper -> c:\users\randy\pictures\wallpaper\wallhaven-295290.png
DNS Servers: 192.168.1.1 - 209.222.18.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\StartupFolder: => "EvernoteTray.lnk"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001\...\StartupApproved\Run: => "BlueStacks Agent"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5F7396FF-5B61-449B-8699-8EA547F65E00}] => (Allow) F:\Valve\steamapps\common\River City Ransom Underground\RCRU.exe
FirewallRules: [{EF5DD852-D1CA-40F7-BE6F-23A8D4C0050C}] => (Allow) F:\Valve\steamapps\common\River City Ransom Underground\RCRU.exe
FirewallRules: [{2E32EADF-C126-4EE3-B0C6-CD86C351AF7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{020CA965-E18B-41DE-B5BA-1080AD7A506D}] => (Allow) F:\Valve\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{93E6F6E1-3E5F-4C96-933E-591766C076C0}] => (Allow) F:\Valve\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{04618394-50DE-4620-B434-394BC4C4B614}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{C786E84D-BD17-42B9-9919-75EC3456E15F}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{DF4E07C4-F58C-4E1E-A743-00410834B270}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{431F9D0A-9075-4FF7-8E01-2A21027CE506}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{BEC2AF83-DD6F-47CB-BD01-F691E77F0C5E}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{DEE2FFD7-407F-4CEC-B862-826FAE6223E2}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{C96BC3B3-EA0A-4170-8F3D-5A4736456FA4}] => (Allow) F:\Valve\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [{F498524C-011E-406A-95C2-249AD9E17527}] => (Allow) F:\Valve\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [{CB0D1B22-BF2D-438E-A16B-5CE2C4011B98}] => (Allow) F:\Valve\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{99940E6B-806D-4532-81CD-A6604CEAB5E5}] => (Allow) F:\Valve\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{865B95B0-5735-4EAA-9395-33E00B57040E}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{FC06FF14-49BC-43DC-870B-95BE8161A42A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D70323A4-D5F3-4F2A-B19A-DE91CEBD90AB}] => (Allow) F:\Valve\steamapps\common\Mother Russia Bleeds\Mother Russia Bleeds.exe
FirewallRules: [{84B28BAB-3D7F-4E5F-93A8-D5B0518B19C1}] => (Allow) F:\Valve\steamapps\common\Mother Russia Bleeds\Mother Russia Bleeds.exe
FirewallRules: [{6D8BF955-6082-4C26-873D-6C581B8D1B75}] => (Allow) F:\Valve\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [{778958FC-6EC2-43C5-B3EF-23AFEE9E7436}] => (Allow) F:\Valve\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [{72F09354-7F90-4C76-87F6-2F7E3366D1B5}] => (Allow) F:\Valve\steamapps\common\Okhlos\Okhlos.exe
FirewallRules: [{570127FD-290B-4F53-BC52-0E2F395F271E}] => (Allow) F:\Valve\steamapps\common\Okhlos\Okhlos.exe
FirewallRules: [{79200E34-2BD9-47DE-9AEE-732050B6C7BA}] => (Allow) F:\Valve\steamapps\common\Project Highrise\Game.exe
FirewallRules: [{757DDE5D-6CB1-48AD-8C37-331460470B2D}] => (Allow) F:\Valve\steamapps\common\Project Highrise\Game.exe
FirewallRules: [{15066604-F8A0-4EBC-8A12-CDD94240A4F9}] => (Allow) F:\Valve\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{7EC5A927-6FBD-4FAC-8FAB-6FCA4DD3E738}] => (Allow) F:\Valve\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [UDP Query User{57BBD262-3B91-43BC-9FCE-B6B59C5842AD}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe
FirewallRules: [TCP Query User{6C1A06B3-A821-4D5D-AF49-CCEA206DF146}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe
FirewallRules: [{80086B1E-351C-4D23-BAF9-1CBE4981A923}] => (Allow) F:\Valve\steamapps\common\STANDBY Demo\Standby_Demo.exe
FirewallRules: [{C0180A25-7452-4EE5-968A-38238A214D60}] => (Allow) F:\Valve\steamapps\common\STANDBY Demo\Standby_Demo.exe
FirewallRules: [{6E1B6F5D-1AFA-411C-9ED6-ED8FBB1CBFB1}] => (Allow) LPort=5800
FirewallRules: [{437FF568-9238-4A7A-BEA8-788D01E6B550}] => (Allow) LPort=5900
FirewallRules: [UDP Query User{F84F6EDA-0438-4539-A8AF-A89C0695F8C2}C:\program files (x86)\filedrop\filedrop.exe] => (Allow) C:\program files (x86)\filedrop\filedrop.exe
FirewallRules: [TCP Query User{12002194-6FC8-4BD0-ADAD-3DA3C5388CBC}C:\program files (x86)\filedrop\filedrop.exe] => (Allow) C:\program files (x86)\filedrop\filedrop.exe
FirewallRules: [UDP Query User{A154A711-B6CE-4799-A667-AC335E16AE24}C:\users\randy\pokemongo-map\pf\pokefarmer.exe] => (Allow) C:\users\randy\pokemongo-map\pf\pokefarmer.exe
FirewallRules: [TCP Query User{2FA78339-C5ED-4FB0-80CB-0A5737731368}C:\users\randy\pokemongo-map\pf\pokefarmer.exe] => (Allow) C:\users\randy\pokemongo-map\pf\pokefarmer.exe
FirewallRules: [UDP Query User{0C7AE93E-818A-47B2-A722-CD84391EA6D5}C:\users\randy\downloads\pf\pokefarmer.exe] => (Allow) C:\users\randy\downloads\pf\pokefarmer.exe
FirewallRules: [TCP Query User{EFEA0DB0-9038-411B-B991-D7872E3A652E}C:\users\randy\downloads\pf\pokefarmer.exe] => (Allow) C:\users\randy\downloads\pf\pokefarmer.exe
FirewallRules: [{C7066107-7BDD-47EF-AC3B-C35A0F64A11C}] => (Allow) F:\Valve\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{BAB80B07-F6E8-40B0-A446-E038188C73CE}] => (Allow) F:\Valve\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{2C863821-0EA3-4FD1-84C2-7AA22B0EACF0}] => (Allow) F:\Valve\steamapps\common\Skyhook\skyhook.exe
FirewallRules: [{107051D6-6592-4AC4-BBF8-D5D5E10E9203}] => (Allow) F:\Valve\steamapps\common\Skyhook\skyhook.exe
FirewallRules: [{CC3ABE2F-B6B2-4AF5-B08A-E5DFB369A790}] => (Allow) F:\Valve\steamapps\common\Rot Gut\Main.exe
FirewallRules: [{010BC0C3-87BF-41E9-A159-693CCA86E753}] => (Allow) F:\Valve\steamapps\common\Rot Gut\Main.exe
FirewallRules: [{33EF55C1-F5B8-4BC9-8C0F-D0949C5459E1}] => (Allow) F:\Valve\steamapps\common\Oh...Sir! The Insult Simulator\ohsir.exe
FirewallRules: [{F348817E-C091-4FA5-8B14-A5F715B31FE8}] => (Allow) F:\Valve\steamapps\common\Oh...Sir! The Insult Simulator\ohsir.exe
FirewallRules: [{3163D862-EE65-4DB4-B7A6-2EA96E391BA6}] => (Allow) F:\Valve\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{BFC7D6D9-8F33-4B3E-8769-6E4D64386287}] => (Allow) F:\Valve\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{3ACBCB8E-CB94-450D-9500-9EE794AD118E}] => (Allow) F:\Valve\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{8F768D6B-E4E2-4463-B479-5DDA2BEE6C81}] => (Allow) F:\Valve\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{D085C9D0-0111-4AE2-AB03-30E54341ADE7}] => (Allow) F:\Valve\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{3A33FF04-BAF4-48FC-B150-2647E2B6EEFD}] => (Allow) F:\Valve\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9D3035A8-E194-4256-8970-CA166429DC5B}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{2FEB16DF-A9C5-4AC0-BB88-AEA12B41DE77}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{4A785C86-C98C-4B6C-8D3A-F7DA80491380}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{33968507-1F71-489B-A552-279781F40299}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [UDP Query User{9B054ED6-329E-4CC6-AC86-48E99A00203F}C:\users\randy\apps\media\foobar2000\foobar2000.exe] => (Allow) C:\users\randy\apps\media\foobar2000\foobar2000.exe
FirewallRules: [TCP Query User{D1A4E921-A173-44DF-BEC2-B09078519C5B}C:\users\randy\apps\media\foobar2000\foobar2000.exe] => (Allow) C:\users\randy\apps\media\foobar2000\foobar2000.exe
FirewallRules: [{73B0BB5B-AC02-4E7B-8734-D49850C32019}] => (Allow) F:\Valve\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{80CAD8FE-6E4A-4C35-AA86-D9ED34BF95F1}] => (Allow) F:\Valve\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0FC39039-85A3-4CDC-8EDE-86BF4D596CCD}] => (Allow) F:\Valve\steamapps\common\paranormal\WindowsNoEditor\Paranormal.exe
FirewallRules: [{9A8E1E03-0E73-4E5E-AF18-9CB0B301E4F1}] => (Allow) F:\Valve\steamapps\common\paranormal\WindowsNoEditor\Paranormal.exe
FirewallRules: [{45B13378-14CB-4558-B55C-561226CC8E27}] => (Allow) F:\Valve\steamapps\common\paranormal\Binaries\Win32\UDK.exe
FirewallRules: [{CFAEDDFC-ABCE-427C-8944-7DAD65D251D6}] => (Allow) F:\Valve\steamapps\common\paranormal\Binaries\Win32\UDK.exe
FirewallRules: [{C301F120-29E8-496A-9ACE-5FEDBE73508E}] => (Allow) F:\Other Installable\Steep\steep.exe
FirewallRules: [{716AF3C4-EC9F-4541-9258-F42DD049EC9D}] => (Allow) F:\Valve\steamapps\common\defcon\Defcon.exe
FirewallRules: [{193EF94F-A17A-4558-9F41-19EA797979DB}] => (Allow) F:\Valve\steamapps\common\defcon\Defcon.exe
FirewallRules: [{7E0A0AE2-E199-4609-8AB7-E205CAB68D16}] => (Allow) F:\Valve\steamapps\common\Pirate Pop Plus\PiratePopPlus.exe
FirewallRules: [{18BD2B74-66C4-4E90-B8BA-1CB7B7FFCB99}] => (Allow) F:\Valve\steamapps\common\Pirate Pop Plus\PiratePopPlus.exe
FirewallRules: [{2A082620-6188-460F-9DD8-2D214510E974}] => (Allow) F:\Valve\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{359C63FB-E047-4FF0-9356-E0401AE3CE8E}] => (Allow) F:\Valve\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{0B62EB04-C3B7-457D-83DC-8D33F296900C}] => (Allow) F:\Valve\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{5EE6E385-A06E-443E-9CCE-60B86E1C0FCA}] => (Allow) F:\Valve\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [UDP Query User{90E84A4F-5337-4A2E-8E7A-4A63B2524463}F:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) F:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{5FA802BA-AD6D-4499-80C9-E882C931A830}F:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) F:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{6B5C5CDA-84E7-4F44-BFDE-E49669311B51}] => (Allow) F:\Valve\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{4863B4AE-31EA-4A70-B12F-84ECB0CE7EB7}] => (Allow) F:\Valve\steamapps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{3C31D7CA-6D40-4C12-9931-9C566ED98862}] => (Allow) F:\Valve\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe
FirewallRules: [{1A8F8FF4-154B-4CF9-8E96-74804F1D314D}] => (Allow) F:\Valve\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe
FirewallRules: [{8016EDF3-3EC1-4278-87C5-CB21B4832339}] => (Allow) F:\Valve\steamapps\common\Action Henk\ActionHenk.exe
FirewallRules: [{BF20FE6C-9175-44FF-BD1E-EFF8AF6156F4}] => (Allow) F:\Valve\steamapps\common\Action Henk\ActionHenk.exe
FirewallRules: [{DA8D23B3-8BA1-4389-9A91-34ACE65EE866}] => (Allow) F:\Valve\steamapps\common\THOTH\THOTH.exe
FirewallRules: [{F6EE8123-C3D7-4191-AD6D-432583C02BF9}] => (Allow) F:\Valve\steamapps\common\THOTH\THOTH.exe
FirewallRules: [{BB9BA120-B422-458D-8EE6-AA09FD822795}] => (Allow) F:\Valve\steamapps\common\CantDriveThis\Cantdrivethis.exe
FirewallRules: [{79E13A92-E01E-405B-A589-5285A21AEFC8}] => (Allow) F:\Valve\steamapps\common\CantDriveThis\Cantdrivethis.exe
FirewallRules: [{880CF26B-B140-41E5-A9D7-8386F09111C1}] => (Block) C:\users\randy\appdata\local\popcorn time community\nw.exe
FirewallRules: [{78FD28D7-9801-40DA-8273-5EEE11B79E5D}] => (Block) C:\users\randy\appdata\local\popcorn time community\nw.exe
FirewallRules: [{61A6A4F1-DBDC-442E-8644-12C15E80E756}] => (Allow) F:\Valve\steamapps\common\Riff Racer\Game.exe
FirewallRules: [{23C0682F-BFC2-461D-A44D-8EF29D0F9117}] => (Allow) F:\Valve\steamapps\common\Riff Racer\Game.exe
FirewallRules: [{B017601A-48AB-43EF-8C98-7BDE249E0684}] => (Allow) F:\Valve\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{DA32448B-CAAA-4FB8-A869-6E5A3625CA77}] => (Allow) F:\Valve\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{006D62C6-EA35-463E-96B0-AD69A96AB3B2}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{529F3878-7DC2-49E8-A1A3-22C29AE2F720}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{84D5315E-C98B-4825-BE15-B5406B14FD6A}] => (Block) D:\his\gaming\emulation\sega _ 2. genesis - cd - 32x\fusion.exe
FirewallRules: [{BCB67DE6-382F-425C-AE80-5E534548426B}] => (Block) D:\his\gaming\emulation\sega _ 2. genesis - cd - 32x\fusion.exe
FirewallRules: [UDP Query User{A0085235-8980-4382-A30E-AFB206327D74}D:\his\gaming\emulation\sega _ 2. genesis - cd - 32x\fusion.exe] => (Allow) D:\his\gaming\emulation\sega _ 2. genesis - cd - 32x\fusion.exe
FirewallRules: [TCP Query User{64CFA01D-2CD8-493E-A143-FF7B5D07AF75}D:\his\gaming\emulation\sega _ 2. genesis - cd - 32x\fusion.exe] => (Allow) D:\his\gaming\emulation\sega _ 2. genesis - cd - 32x\fusion.exe
FirewallRules: [{D352411E-3ACD-418F-B5A1-DA94BCA8100F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C638C914-5FB8-46EB-925D-77B5874A564F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{D35C0550-72AB-4DF7-B87A-F9A21EAF808D}C:\users\randy\downloads\torrents\igg-human.fall.flat.v1.1.1\human.exe] => (Block) C:\users\randy\downloads\torrents\igg-human.fall.flat.v1.1.1\human.exe
FirewallRules: [TCP Query User{405156A0-5572-435C-97C0-3E7895E864EB}C:\users\randy\downloads\torrents\igg-human.fall.flat.v1.1.1\human.exe] => (Block) C:\users\randy\downloads\torrents\igg-human.fall.flat.v1.1.1\human.exe
FirewallRules: [{FF0336FA-2FA9-47A3-BAB4-4B145BD28789}] => (Allow) F:\Valve\steamapps\common\atomzombiesmasher\AtomZombieSmasher.exe
FirewallRules: [{E394A89B-7A64-4DCF-BD02-5856AD0A3838}] => (Allow) F:\Valve\steamapps\common\atomzombiesmasher\AtomZombieSmasher.exe
FirewallRules: [{D0BE4368-A3D9-4ED1-B08C-86F4D51528AD}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{A8DCC216-4170-4DD6-9749-0DC67F36A6BA}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{1505BB30-FE20-432B-8905-3089998EE8FB}] => (Allow) F:\Valve\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{78B3DFC5-398D-421D-AF14-90FB2FF4D0FB}] => (Allow) F:\Valve\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{F42C2445-3D76-45AD-A99D-6823135CED2A}] => (Allow) F:\Valve\steamapps\common\supercratebox\supercratebox.exe
FirewallRules: [{B55D94FA-A3A2-4D95-AC5C-8E8A4B97AAEE}] => (Allow) F:\Valve\steamapps\common\supercratebox\supercratebox.exe
FirewallRules: [UDP Query User{85CBAF46-8BE0-44FF-BDB2-C45820C57682}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{2A2ABDF6-A568-4368-8CD3-7D366F5EAE6F}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{9F688717-FF82-4255-A681-ED566EFD8DCF}] => (Allow) D:\His\Gaming\Emulation\Utilities\FrontEnds\Romulus\Romulus.exe
FirewallRules: [{53782B4C-FA07-400A-9CD1-74C2FBDAA2D4}] => (Allow) D:\His\Gaming\Emulation\Utilities\FrontEnds\Romulus\Romulus.exe
FirewallRules: [{59294700-93BE-453E-A29E-7147FD4E1706}] => (Allow) D:\His\Gaming\Emulation\Utilities\Front Ends\Romulus\Romulus.exe
FirewallRules: [{D772BBB2-378F-40B1-9D09-EA654713BD1D}] => (Allow) D:\His\Gaming\Emulation\Utilities\Front Ends\Romulus\Romulus.exe
FirewallRules: [{7374225C-DA14-4A81-AA76-B71AD488E0E9}] => (Allow) F:\Valve\steamapps\common\Planet of the Eyes\PlanetOfTheEyes.exe
FirewallRules: [{8CC88D00-6FC9-4497-92A7-6EE7BF3DC1F5}] => (Allow) F:\Valve\steamapps\common\Planet of the Eyes\PlanetOfTheEyes.exe
FirewallRules: [{E0E1FAC9-F3D8-4385-9F6C-52FA0DD61629}] => (Allow) F:\Valve\steamapps\common\RAM\RAM.exe
FirewallRules: [{128C975C-DC53-4FE4-8278-3253A1922A78}] => (Allow) F:\Valve\steamapps\common\RAM\RAM.exe
FirewallRules: [{CDD04ED7-F184-4D2F-AA98-7753A145E8FC}] => (Allow) F:\Valve\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{45CABA50-3454-432B-ACB2-767998D36EC8}] => (Allow) F:\Valve\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [UDP Query User{FCE08B45-AADD-4B14-8BB5-51D35105F328}F:\other installable\gtao\multifive.exe] => (Allow) F:\other installable\gtao\multifive.exe
FirewallRules: [TCP Query User{28F983ED-D425-45C8-8182-84F885B89F1C}F:\other installable\gtao\multifive.exe] => (Allow) F:\other installable\gtao\multifive.exe
FirewallRules: [{B4E1A933-76C4-4C79-98D7-67FCAEADF13B}] => (Allow) F:\Other Installable\GTAV\GTA5.exe
FirewallRules: [{52C07D38-8B3C-423B-B72E-913BE7D803BB}] => (Allow) F:\Other Installable\GTAV\GTA5.exe
FirewallRules: [{E27DB745-A3D5-4802-8CCC-747504BDCBCB}] => (Allow) F:\Valve\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [{E88EBDA5-AC2E-4B8C-BF29-BD7E60F9BD8F}] => (Allow) F:\Valve\steamapps\common\lethalleague\LethalLeague.exe
FirewallRules: [UDP Query User{142D78C0-18EE-4844-BE41-03A81A524C2D}F:\gtav\gta5.exe] => (Allow) F:\gtav\gta5.exe
FirewallRules: [TCP Query User{286312A5-D7DA-4C81-9CD2-2A6FF518C0C5}F:\gtav\gta5.exe] => (Allow) F:\gtav\gta5.exe
FirewallRules: [{1815B991-2C89-40DF-AC7E-80CE115ABC64}] => (Allow) F:\Valve\steamapps\common\Ragdoll Runner\RagdollRunners.exe
FirewallRules: [{CF61EE2F-7EED-4A74-9428-F580E44FA67F}] => (Allow) F:\Valve\steamapps\common\Ragdoll Runner\RagdollRunners.exe
FirewallRules: [{AF4C6D38-3E65-4E3F-A6FB-13A09D2BFFCD}] => (Block) F:\valve\steamapps\common\move or die\love\win\love.exe
FirewallRules: [{A56FDDC5-36D1-40D6-A4D2-02AC90A4AB11}] => (Block) F:\valve\steamapps\common\move or die\love\win\love.exe
FirewallRules: [UDP Query User{7A41196E-758C-442A-9CB6-32FFBA4E478E}F:\valve\steamapps\common\move or die\love\win\love.exe] => (Allow) F:\valve\steamapps\common\move or die\love\win\love.exe
FirewallRules: [TCP Query User{32D6BA4C-1875-4D25-9179-A0E2500BD905}F:\valve\steamapps\common\move or die\love\win\love.exe] => (Allow) F:\valve\steamapps\common\move or die\love\win\love.exe
FirewallRules: [{836ED614-AACE-438E-8DA5-D03AD8BD0F99}] => (Allow) F:\Valve\steamapps\common\Gang Beasts Online Beta\Gang Beasts Online Multiplayer Beta.exe
FirewallRules: [{46BD44B2-1F61-4D02-AB16-9B598AB6BEA9}] => (Allow) F:\Valve\steamapps\common\Gang Beasts Online Beta\Gang Beasts Online Multiplayer Beta.exe
FirewallRules: [{97E3C457-F51D-40E6-B82A-81ED0776C235}] => (Allow) F:\Valve\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{07796709-485A-4EB3-9D5B-7DD1171C405C}] => (Allow) F:\Valve\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{914808AB-3B98-486F-A8C6-2FEA2A06F27C}] => (Allow) F:\Valve\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{CCB84FFA-E86E-4E9F-B200-F61811998881}] => (Allow) F:\Valve\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BAAD8A10-613E-4E31-A833-35655A23964A}] => (Allow) F:\Valve\steamapps\common\Super Indie Karts\SuperIndieKarts.exe
FirewallRules: [{35F4F7E6-DDA0-4A49-B3E2-6FF4C9BFA389}] => (Allow) F:\Valve\steamapps\common\Super Indie Karts\SuperIndieKarts.exe
FirewallRules: [{B4DD1F0F-9223-4E7B-856C-272B36FDE473}] => (Allow) F:\Valve\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{CDDE31FD-452E-4397-9D4E-B25BA07599C4}] => (Allow) F:\Valve\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{64F56B98-79BF-49A7-A4DD-F414248444D3}] => (Allow) F:\Valve\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{ACA1912C-A67F-47FA-909D-51EB49320822}] => (Allow) F:\Valve\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{7B91BDBF-680B-4B2B-BF0D-8289AE7AB1FF}] => (Allow) F:\Valve\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{62129BF3-3784-4D8C-95C0-2C49CA87D4DE}] => (Allow) F:\Valve\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{F527034F-364E-4EA2-8B8C-7B8580D3A35C}] => (Allow) F:\Valve\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{03FF820E-D766-4C3A-BF79-E37B980DAB65}] => (Allow) F:\Valve\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{6127AB7D-51ED-462B-A3C8-534A7C133E37}] => (Allow) F:\Valve\steamapps\common\20XX\20XX.exe
FirewallRules: [{D2FAAF63-3E09-4DCB-BA26-508F79A5DAFE}] => (Allow) F:\Valve\steamapps\common\20XX\20XX.exe
FirewallRules: [{94B6EF86-081E-4343-9156-27781FDEFDC2}] => (Allow) F:\Valve\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{2D158467-D27F-4EA2-8573-BCC4B85BF971}] => (Allow) F:\Valve\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{A4ACA329-0BB0-4257-8A7B-0B1CC6999CF5}] => (Allow) F:\Valve\steamapps\common\ChargeShot\windows_content\ChargeShot.exe
FirewallRules: [{A6C28EC8-F091-407B-97DD-5AC644285C73}] => (Allow) F:\Valve\steamapps\common\ChargeShot\windows_content\ChargeShot.exe
FirewallRules: [UDP Query User{4A163A39-820E-4224-A45E-7F411E97BD51}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{7C6E3819-BE8B-46BA-A572-5E7AB9E12101}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{9FB89604-9B6C-43E1-A7F1-27EF6D0FCE8A}F:\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) F:\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{502976A2-1F70-465E-8E27-2A65AAA59228}F:\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) F:\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{9C370062-4524-448A-9431-AD991DD70DF0}] => (Allow) F:\Valve\steamapps\common\waves\Binaries\Win32\Waves.exe
FirewallRules: [{F918145A-2F92-44F2-9FF6-06324CEE361A}] => (Allow) F:\Valve\steamapps\common\waves\Binaries\Win32\Waves.exe
FirewallRules: [{7A2CE9FC-3C0D-4AF2-AF44-310753036A99}] => (Allow) F:\Valve\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{B1B742EB-7B11-406B-B206-BF6BCB6186A0}] => (Allow) F:\Valve\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{49D8CF07-E001-4458-946D-11570A1D337F}] => (Allow) F:\Valve\steamapps\common\Crazy Pixel Streaker\CrazyPixelStreaker.exe
FirewallRules: [{C59AA00E-4F05-48BC-AFD6-A045D3EB5708}] => (Allow) F:\Valve\steamapps\common\Crazy Pixel Streaker\CrazyPixelStreaker.exe
FirewallRules: [{AF5CC6BE-7664-42E8-9AF8-26C884C7DC4E}] => (Allow) F:\Valve\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{3D20A842-5977-4253-B4B8-ADB714A6A67E}] => (Allow) F:\Valve\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{DD20AAA2-0DD6-42CF-80DE-8E26B5096566}] => (Allow) F:\Valve\steamapps\common\windosill\Windosill.exe
FirewallRules: [{46C93B21-630B-4DB8-82DB-7E639881B382}] => (Allow) F:\Valve\steamapps\common\windosill\Windosill.exe
FirewallRules: [{0A8EB314-687F-411C-A67E-D2E2A1291889}] => (Allow) F:\Valve\steamapps\common\Golf With Friends\Golf With Your Friends.exe
FirewallRules: [{F2839FA3-5166-4B85-9FC0-CC08B37600BF}] => (Allow) F:\Valve\steamapps\common\Golf With Friends\Golf With Your Friends.exe
FirewallRules: [{EF0D55DE-1FFB-4208-B0BA-BE95170F8BFA}] => (Allow) F:\Valve\steamapps\common\Golf With Friends\Golf With Friends.exe
FirewallRules: [{A1B0F256-697C-4EE5-8DDC-8AADD2285808}] => (Allow) F:\Valve\steamapps\common\Golf With Friends\Golf With Friends.exe
FirewallRules: [UDP Query User{D904FD12-4959-4B77-8FF9-59F2B0A8E37E}F:\valve\steamapps\common\the culling test\victory\binaries\win64\victory.exe] => (Allow) F:\valve\steamapps\common\the culling test\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{6BFA208C-42A7-4AC9-9298-6F0AD1322C28}F:\valve\steamapps\common\the culling test\victory\binaries\win64\victory.exe] => (Allow) F:\valve\steamapps\common\the culling test\victory\binaries\win64\victory.exe
FirewallRules: [{31B3B4CE-7044-4505-B5A5-B0D7E01EFFAF}] => (Allow) F:\Valve\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [{2F8A6B15-7726-4B4D-B90D-C6E1639FF510}] => (Allow) F:\Valve\steamapps\common\The Culling Test\TheCulling_Launcher.exe
FirewallRules: [UDP Query User{58825A6A-99B3-4D99-A17B-9081678EBFD9}F:\halo\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) F:\halo\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [TCP Query User{5CD62950-D1A2-424D-B7D1-A589C033C0E6}F:\halo\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) F:\halo\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [UDP Query User{C3E3BB55-D2E0-457A-AE2A-17D378C6D2B4}E:\his\gaming\other installable\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) E:\his\gaming\other installable\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [TCP Query User{98880CFE-D06F-4880-A9F8-6D16ECDC7BE4}E:\his\gaming\other installable\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) E:\his\gaming\other installable\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [UDP Query User{73B435F2-64BF-4842-A22C-D413D2C7E546}F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{0B03FB4A-1E66-4686-B97F-823F1F5F1DFC}F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{501C2C16-98A2-48F6-91A5-8FE6AB271994}F:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) F:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{45AAE5C7-8E44-4666-B998-F369C0D90D95}F:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) F:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{EDD09E72-6CFA-482B-B7E5-F702E0258D45}] => (Allow) F:\Valve\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe
FirewallRules: [{14292460-7A0D-419F-98A4-9E78C7646B3D}] => (Allow) F:\Valve\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe
FirewallRules: [{988D5323-22F9-4442-8BC6-18D779FE95C0}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{2089AA20-D363-4468-A5E0-53D3289ECF5D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{30DDBC10-7A29-4637-8814-809D41E6B632}] => (Allow) F:\Valve\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{36AA2D00-ED35-41EC-AF6E-56E8BC47B936}] => (Allow) F:\Valve\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{ABAD6133-6379-46AF-B056-617A05001DF5}] => (Allow) F:\Valve\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{BC87471F-D201-4F70-99D2-7C560F43A474}] => (Allow) F:\Valve\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [UDP Query User{60A4DB61-53A1-4F19-A1D7-8B295A85AD82}E:\his\gaming\other installable\huniecam studio\huniecamstudio.exe] => (Block) E:\his\gaming\other installable\huniecam studio\huniecamstudio.exe
FirewallRules: [TCP Query User{DE1BCC65-640A-4A27-896F-DD0EB67DD722}E:\his\gaming\other installable\huniecam studio\huniecamstudio.exe] => (Block) E:\his\gaming\other installable\huniecam studio\huniecamstudio.exe
FirewallRules: [{65B3A6B0-AA5E-4127-A578-0E45B852CFBA}] => (Allow) F:\Valve\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{6E8E2FB7-0FD8-4ACB-B5CC-47AAF2EAE4C6}] => (Allow) F:\Valve\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{64C04B06-336C-4217-9549-738CCFBF1096}] => (Allow) F:\Valve\steamapps\common\toki tori\tokitori.exe
FirewallRules: [{1206E786-BE29-4E09-9DAE-400C2C765FB9}] => (Allow) F:\Valve\steamapps\common\toki tori\tokitori.exe
FirewallRules: [{5311D3A7-69E9-4C36-8EF1-ECA6E644B41B}] => (Allow) F:\Valve\steamapps\common\Dyad\Dyad.exe
FirewallRules: [{5722213C-6280-48A2-964E-0900AEC4D11B}] => (Allow) F:\Valve\steamapps\common\Dyad\Dyad.exe
FirewallRules: [{C35D2431-CB7D-49AF-B695-2E07A1CD3B18}] => (Allow) F:\Valve\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{623D382D-0359-4B95-BE40-DD5F74B278F1}] => (Allow) F:\Valve\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{4345537C-3F2F-41F8-9FAB-4275DE850BFC}] => (Allow) F:\Valve\steamapps\common\The Swapper\TheSwapper.exe
FirewallRules: [{11F7FFE5-94D2-4E1D-B339-04C5AA4868FA}] => (Allow) F:\Valve\steamapps\common\The Swapper\TheSwapper.exe
FirewallRules: [{4D5F2C62-D44B-4B36-96E2-90BB1008ABDD}] => (Allow) F:\Valve\steamapps\common\King of Fighters XIII\kofxiii.exe
FirewallRules: [{4177344A-9554-48F9-9389-02AB4BC77B24}] => (Allow) F:\Valve\steamapps\common\King of Fighters XIII\kofxiii.exe
FirewallRules: [{E8B4620D-CB05-4D22-A1D2-05264D21A49A}] => (Allow) F:\Valve\steamapps\common\delve deeper\DelveDeeper.exe
FirewallRules: [{4B070A7E-4FD6-4A05-ACDD-BA96E210BC2D}] => (Allow) F:\Valve\steamapps\common\delve deeper\DelveDeeper.exe
FirewallRules: [{8B3FDF7D-EE10-4F24-AAC7-72FA08356645}] => (Allow) F:\Valve\steamapps\common\Awesome\Awesome_DirectToRift.exe
FirewallRules: [{469F07E8-67C0-4675-B8EB-4FE7C629EA69}] => (Allow) F:\Valve\steamapps\common\Awesome\Awesome_DirectToRift.exe
FirewallRules: [{63222E9D-09DA-487B-AB0A-6FB8A9E5705A}] => (Allow) F:\Valve\steamapps\common\Awesome\Awesome.exe
FirewallRules: [{3542D319-4255-4487-9D2D-3D4C53BE0155}] => (Allow) F:\Valve\steamapps\common\Awesome\Awesome.exe
FirewallRules: [{8C17B005-6F25-487E-8B1A-492B44306DB6}] => (Allow) F:\Valve\steamapps\common\Super Puzzle Platformer Deluxe\SuperPuzzlePlatformerDeluxe.exe
FirewallRules: [{14AEFDBD-7D2C-492B-88F5-0A493B8E711D}] => (Allow) F:\Valve\steamapps\common\Super Puzzle Platformer Deluxe\SuperPuzzlePlatformerDeluxe.exe
FirewallRules: [{0BDEDAE4-46B8-42B8-B5E3-E94196CF5D65}] => (Allow) F:\Valve\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{62C9BD70-C774-483F-B758-982DB9BB424D}] => (Allow) F:\Valve\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{0EEABC7F-DF28-4BA5-8D05-B1B26D8D0801}] => (Allow) F:\Valve\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{8B33D6E5-BF0D-4977-8750-B8DC42493298}] => (Allow) F:\Valve\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{09E9C6D9-0C80-4C9F-960C-B05456B325A1}] => (Allow) F:\Valve\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{E98D40FA-25D1-4F6E-8620-6A80CB68EAB5}] => (Allow) F:\Valve\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{3B1585B1-7382-494C-B867-BB642B6B2D8C}] => (Allow) F:\Valve\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{0506DFD5-BFCD-4BEC-914E-B73CE0385E69}] => (Allow) F:\Valve\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{8FC5AAD8-4537-4041-BDE4-A46DFBAAB66F}] => (Allow) F:\Valve\steamapps\common\Star Ruler\StarRuler.exe
FirewallRules: [{E0AA6533-D709-4923-8F29-45620FC0F320}] => (Allow) F:\Valve\steamapps\common\Star Ruler\StarRuler.exe
FirewallRules: [{AFDEF3CD-B112-4C0C-8604-D26D187C67C9}] => (Allow) F:\Valve\steamapps\common\BlazBlue Calamity Trigger\BBCT.exe
FirewallRules: [{E1CBC6F6-0E4B-45D9-BED5-F9A31CBBFCF9}] => (Allow) F:\Valve\steamapps\common\BlazBlue Calamity Trigger\BBCT.exe
FirewallRules: [{01473F4A-727C-469B-8BFC-A250F4C17B5E}] => (Allow) F:\Valve\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{F4BF4C27-7B1E-47D6-B3C0-570672C1C835}] => (Allow) F:\Valve\steamapps\common\Poker Night 2\PokerNight2.exe
FirewallRules: [{64F0EDE5-F663-4641-A50D-87E9EB5A168B}] => (Allow) F:\Valve\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{AD96AB72-9F2F-425D-8C30-8D5D71B81921}] => (Allow) F:\Valve\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{656542DE-B10C-47B6-8564-EACF0F64CAFA}] => (Allow) F:\Valve\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{50E6C996-5C95-45BA-B9E0-3177FCEFEB74}] => (Allow) F:\Valve\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{B5240710-068F-47B1-A62E-12B522A95995}] => (Allow) F:\Valve\steamapps\common\StarForge\StarForge.exe
FirewallRules: [{9DBAACA7-861D-45F2-99EC-CB66210F1091}] => (Allow) F:\Valve\steamapps\common\StarForge\StarForge.exe
FirewallRules: [{4FB96E1E-50AD-4380-8B7C-88A6150DCCCA}] => (Allow) F:\Valve\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{225C40E1-6A18-4E9F-9B10-FDA012FFCBCF}] => (Allow) F:\Valve\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{E5B18900-B661-4340-A45C-A2AA691C594E}] => (Allow) F:\Valve\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{3F9666A8-26E6-4DA0-A492-52045222B23E}] => (Allow) F:\Valve\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{D16D549D-813F-4E78-A8F3-134A148EFC81}] => (Allow) F:\Valve\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{52CFB220-2BC1-4280-BAC6-FE1870944033}] => (Allow) F:\Valve\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{48FBD3DC-2B02-4A21-8813-8342480C355C}] => (Allow) F:\Valve\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{6EA74FEF-1E1D-42B6-A89E-469C5C62461E}] => (Allow) F:\Valve\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{AD31A487-A85F-49FE-B644-0A50A5B5086B}] => (Allow) F:\Valve\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{0AB14297-D2DF-4467-96B6-BC313A30661F}] => (Allow) F:\Valve\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{741A0286-99D7-449F-827C-47AB8FFDB203}] => (Allow) F:\Valve\steamapps\common\bittriprunner2\runner2.exe
FirewallRules: [{433802A5-AE6A-4436-A1DC-D6F1446AC781}] => (Allow) F:\Valve\steamapps\common\bittriprunner2\runner2.exe
FirewallRules: [{988293F5-82D2-4FAE-8F50-931F084EE8BB}] => (Allow) F:\Valve\steamapps\common\paranormal\WindowsNoEditor\Paranormal.exe
FirewallRules: [{3119008D-2EEC-4869-BF09-FEE33DA6446E}] => (Allow) F:\Valve\steamapps\common\paranormal\WindowsNoEditor\Paranormal.exe
FirewallRules: [{DA369ADE-7EB5-4153-86F0-2DE94CC321AD}] => (Allow) F:\Valve\steamapps\common\paranormal\Binaries\Win32\UDK.exe
FirewallRules: [{1439892D-F342-426B-A6DF-4E419D350A87}] => (Allow) F:\Valve\steamapps\common\paranormal\Binaries\Win32\UDK.exe
FirewallRules: [{5A1469C2-38F7-49A6-B3D4-2E613DC1332A}] => (Allow) F:\Valve\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{AE97B2D3-E136-4CAC-B280-71D3E48000AD}] => (Allow) F:\Valve\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{6EC385A5-C285-47F4-BE12-50053FAFA656}] => (Allow) F:\Valve\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{4AD6ED61-2B04-42FE-BB6C-0327500CC115}] => (Allow) F:\Valve\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{ABCDC4B4-9FF0-4035-A557-D97C563D9D03}] => (Allow) F:\Valve\steamapps\common\edge\edge.exe
FirewallRules: [{2AD3D258-E6AB-4621-8D1D-42FD0D86D096}] => (Allow) F:\Valve\steamapps\common\edge\edge.exe
FirewallRules: [{79445A6C-FF04-4298-B885-BDF5F61355E0}] => (Allow) F:\Valve\steamapps\common\Strike Suit Infinity\pc\main\Binary\SSZ.exe
FirewallRules: [{4DEA638D-F90C-4ED0-99A0-3B7C28F5AB8D}] => (Allow) F:\Valve\steamapps\common\Strike Suit Infinity\pc\main\Binary\SSZ.exe
FirewallRules: [{0997AF6F-382F-41C9-9A62-23CBE7DC3A41}] => (Allow) F:\Valve\steamapps\common\secret of the magic crystal\Secret of the Magic Crystal.exe
FirewallRules: [{918A7C3D-F835-45DC-B2BD-AE39F2093EFD}] => (Allow) F:\Valve\steamapps\common\secret of the magic crystal\Secret of the Magic Crystal.exe
FirewallRules: [{F51EA586-3728-4008-A7C3-A59C2B28F4BB}] => (Allow) F:\Valve\steamapps\common\The Pit\ThePit.exe
FirewallRules: [{FA891CFC-A216-499A-B0C4-828859B76CD8}] => (Allow) F:\Valve\steamapps\common\The Pit\ThePit.exe
FirewallRules: [{E36D5369-B300-4514-A33A-50822BE16FCB}] => (Allow) F:\Valve\steamapps\common\Dungeons & Dragons HD\ManaGame.exe
FirewallRules: [{33D370E6-2AA1-42E7-91CC-9E7C7302C8A0}] => (Allow) F:\Valve\steamapps\common\Dungeons & Dragons HD\ManaGame.exe
FirewallRules: [{A1112A53-0180-4785-9139-7F5E806D0977}] => (Allow) F:\Valve\steamapps\common\GUILTY GEAR ISUKA\config.exe
FirewallRules: [{5646D1F9-D666-453F-AE41-11CD491025C5}] => (Allow) F:\Valve\steamapps\common\GUILTY GEAR ISUKA\config.exe
FirewallRules: [{D6D0B4D2-B374-44E9-9AFB-B7BAE3D18B21}] => (Allow) F:\Valve\steamapps\common\GUILTY GEAR ISUKA\ggdx.exe
FirewallRules: [{85A7862C-6FE1-4A39-A640-529FEBA9F406}] => (Allow) F:\Valve\steamapps\common\GUILTY GEAR ISUKA\ggdx.exe
FirewallRules: [{6D67412B-AD53-42C5-8590-5E019E6A1837}] => (Allow) F:\Valve\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{9EBD70C2-B2A5-4052-AE34-4FAC97B376BE}] => (Allow) F:\Valve\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [UDP Query User{9CF1F9C7-FBCB-4586-9975-A9AFAD649258}E:\his\gaming\other installable\enter the gungeon\etg.exe] => (Allow) E:\his\gaming\other installable\enter the gungeon\etg.exe
FirewallRules: [TCP Query User{A5C187A9-D052-4EF5-A6E7-D37A287CF85F}E:\his\gaming\other installable\enter the gungeon\etg.exe] => (Allow) E:\his\gaming\other installable\enter the gungeon\etg.exe
FirewallRules: [{2F88B1FB-ECE9-48FC-9EE0-2A81CDB35CA0}] => (Allow) F:\PS4\RemotePlay.exe
FirewallRules: [{25AAEB99-9950-4DA3-9689-E755D46FCBD5}] => (Block) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{32D31F44-E0F6-4D49-AC39-5AA55A5038E6}] => (Block) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{B0C6F9BB-3C64-4D3A-B2DA-22F5C893B52B}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{C212A834-CA44-474F-A7E0-401942D058B6}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{DD786099-2484-4F96-AC23-1D47DA15D56B}F:\valve\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) F:\valve\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [TCP Query User{85C46760-A910-4AFE-AC6F-E141A2176C14}F:\valve\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) F:\valve\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{F70D637B-42ED-4DFB-BB51-B6E25821A0FB}] => (Allow) F:\Valve\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{C7E501F8-8BA5-4964-92E2-94935C0128CA}] => (Allow) F:\Valve\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{6720E8AE-48FD-4B28-BD08-3B510748D6CD}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{AB179024-1D46-487D-9F9E-9AFF0E380E1B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{23D30322-A1F9-4F3A-8522-1EC50F2F0C46}] => (Allow) F:\Valve\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{CA60F517-FA00-4C40-ACA3-4E955E386D25}] => (Allow) F:\Valve\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{44B51681-FD05-4CC8-916C-BD5618C3E281}] => (Allow) F:\Valve\steamapps\common\frozen synapse\FrozenSynapse.exe
FirewallRules: [{DFD338A9-DA9B-4D95-9148-880031E58386}] => (Allow) F:\Valve\steamapps\common\frozen synapse\FrozenSynapse.exe
FirewallRules: [{EA0593DC-BCA1-40E9-9477-38E1FFB1E4FE}] => (Allow) F:\Valve\steamapps\common\BridgeConstructor\BridgeConstructor.exe
FirewallRules: [{AFC1E387-BB39-46F5-8D9B-8B5E599701AD}] => (Allow) F:\Valve\steamapps\common\BridgeConstructor\BridgeConstructor.exe
FirewallRules: [{0379C8CA-B61C-4160-8E53-89084549B6AE}] => (Block) C:\program files\picotorrent\picotorrent.exe
FirewallRules: [{D11BB13A-F3A9-47A2-A693-7CC4DAB77133}] => (Block) C:\program files\picotorrent\picotorrent.exe
FirewallRules: [UDP Query User{2AF4A448-8108-42C4-A723-9371E0108021}C:\program files\picotorrent\picotorrent.exe] => (Allow) C:\program files\picotorrent\picotorrent.exe
FirewallRules: [TCP Query User{F12E5FDB-BCC6-4EBE-A517-BBC4218B1147}C:\program files\picotorrent\picotorrent.exe] => (Allow) C:\program files\picotorrent\picotorrent.exe
FirewallRules: [{400C948C-064A-4E53-BEE0-E122535EBB65}] => (Allow) F:\Valve\steamapps\common\Ratz Instagib\RatzEd\MapEditor-Admin.exe
FirewallRules: [{EB473A46-66CE-4C78-BACB-383E105A06EF}] => (Allow) F:\Valve\steamapps\common\Ratz Instagib\RatzEd\MapEditor-Admin.exe
FirewallRules: [{4E32A7CA-D567-42DF-A0E0-70042201BA8C}] => (Allow) F:\Valve\steamapps\common\Ratz Instagib\RatzEd\MapEditor.exe
FirewallRules: [{CEDC5D69-0740-4E2B-8696-F7BEA10C3F7B}] => (Allow) F:\Valve\steamapps\common\Ratz Instagib\RatzEd\MapEditor.exe
FirewallRules: [UDP Query User{C3386D93-0616-489D-9442-99154B0841C6}C:\users\randy\downloads\torrents\el\eldorado.exe] => (Allow) C:\users\randy\downloads\torrents\el\eldorado.exe
FirewallRules: [TCP Query User{9BF109F3-A66F-4BE2-B66F-E2B27973326F}C:\users\randy\downloads\torrents\el\eldorado.exe] => (Allow) C:\users\randy\downloads\torrents\el\eldorado.exe
FirewallRules: [{1705D7A9-9092-4057-AC78-ECDB77FC0888}] => (Allow) F:\Valve\steamapps\common\dogfighter\bin\x86_vc11\DogFighterSteam.exe
FirewallRules: [{F91832D6-A54D-4322-A1B3-3D4BCB0A5A7D}] => (Allow) F:\Valve\steamapps\common\dogfighter\bin\x86_vc11\DogFighterSteam.exe
FirewallRules: [{3827CB71-3833-46AB-826A-1642497C1691}] => (Allow) F:\Valve\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{980A252E-D8BA-4DF1-87D9-7563007B1884}] => (Allow) F:\Valve\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{2ACA4903-4413-4E0B-86BD-698D1135255D}] => (Block) C:\programdata\microsoft\windows\start menu\programs\internet\adirc\adiirc.exe
FirewallRules: [{D62F7D7D-9150-412A-A6DD-F775E5F53EF7}] => (Block) C:\programdata\microsoft\windows\start menu\programs\internet\adirc\adiirc.exe
FirewallRules: [UDP Query User{357C43B5-C598-44B6-85AD-C1D4D427E45E}C:\programdata\microsoft\windows\start menu\programs\internet\adirc\adiirc.exe] => (Allow) C:\programdata\microsoft\windows\start menu\programs\internet\adirc\adiirc.exe
FirewallRules: [TCP Query User{AFBD2B40-9914-461D-B6E1-D7B0469B9904}C:\programdata\microsoft\windows\start menu\programs\internet\adirc\adiirc.exe] => (Allow) C:\programdata\microsoft\windows\start menu\programs\internet\adirc\adiirc.exe
FirewallRules: [{A45126A3-C0FC-4B66-9563-27DDEE65E1E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9FBD5A3A-8EBD-4260-AEC9-BE5EEC8878CB}] => (Allow) F:\Valve\Steam.exe
FirewallRules: [{3BFFF28F-C3B5-4832-88C8-2C3DE3F211A4}] => (Allow) F:\Valve\Steam.exe
FirewallRules: [{16584958-CCD2-4F02-ABE6-7D3D6C03421B}] => (Allow) F:\Valve\bin\steamwebhelper.exe
FirewallRules: [{CBCD8342-38B9-4202-B5BC-34F97C6FA33F}] => (Allow) F:\Valve\bin\steamwebhelper.exe
FirewallRules: [{A04032DF-8180-4B41-ABFD-EA90E7C2504A}] => (Allow) F:\Valve\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A6B727A1-DD87-474D-BC88-3A76C43CC3AA}] => (Allow) F:\Valve\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{14989406-50EF-40FA-893A-2092B4679EC8}] => (Allow) F:\Valve\steamapps\common\terraria\Terraria.exe
FirewallRules: [{24BE489F-7E1E-4E7C-8AEB-7F07BDB98DAC}] => (Allow) F:\Valve\steamapps\common\terraria\Terraria.exe
FirewallRules: [{43AAE144-C549-4294-BE2C-8BCB16E7A686}] => (Allow) F:\Valve\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{0D0F9F0B-5F76-43F5-8ADD-14A970ECDCCE}] => (Allow) F:\Valve\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{DD3EACDB-F8BA-4813-98F3-1087C1A63B83}] => (Allow) F:\Valve\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4188B30A-EA19-4918-B67A-8D7EBD948EFE}] => (Allow) F:\Valve\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{DCDA4067-A420-4F9D-A996-9182182A669A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{2F510A86-AA4D-4CE7-9C27-E4AE0148C6FB}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{F745C875-BE8B-448B-A1D7-181DAE56F0D0}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{2FF9BFD3-A967-46B3-B4D4-5ED15F79BFC7}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\LogTransport2.exe
FirewallRules: [{C7446132-E082-4918-B270-DC5E299EBF53}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\node.exe
FirewallRules: [{367C5DDB-8807-40C7-894E-7112221D6EF8}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\sniffer.exe
FirewallRules: [{27747C32-6D13-437A-B012-6211FD947699}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{41BF1B0E-7E93-40EE-B172-0F5BD2057CC7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C17A9497-817A-489E-9A8B-E9A204336178}] => (Block) %ProgramFiles%\Corel\Corel VideoStudio Ultimate X8\vstudio.exe
FirewallRules: [{29C0389C-0EA0-4D48-B2A7-40CDF358C5E3}] => (Block) %ProgramFiles%\Corel\Corel VideoStudio Ultimate X8\APLoading.exe
FirewallRules: [{1E28A70E-53EF-4C26-8DBE-8E1251F5EDF3}] => (Block) %ProgramFiles%\Corel\Corel VideoStudio Ultimate X8\DIM.EXE
FirewallRules: [{22B8ABD8-3A22-4374-A1E4-BAB4EBA6DF10}] => (Block) %ProgramFiles%\Corel\Corel VideoStudio Ultimate X8\PUA.EXE
FirewallRules: [{633D45BD-C00D-4FDE-8A94-BBA482C7109E}] => (Block) %ProgramFiles%\Corel\Corel VideoStudio Ultimate X8\VSSCap.exe
FirewallRules: [{88505ABD-4087-4F22-99C4-74C7B6872134}] => (Allow) F:\Valve\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{29A4D79F-1BB4-4B06-B524-C2A0A3986282}] => (Allow) F:\Valve\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [TCP Query User{9DD67059-B758-40C6-A8EA-335EFC5616A9}C:\users\randy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\randy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A29F5461-BBD3-4891-BA86-0E45B55BAEAE}C:\users\randy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\randy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CDD6E33C-B1F9-4729-9320-E4C7BA27913D}] => (Allow) F:\Valve\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{46AF3290-FECC-4F26-8D91-B441E27C5577}] => (Allow) F:\Valve\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{DE16CAF2-FCE9-4FE6-8253-A4C8450CDBCF}] => (Allow) F:\Valve\steamapps\common\Reus\Reus.exe
FirewallRules: [{6CA73C6D-B824-48CF-9B26-73857F8EFC69}] => (Allow) F:\Valve\steamapps\common\Reus\Reus.exe
FirewallRules: [{349D3A46-5B23-4343-802A-D3BF9658AF20}] => (Allow) F:\Valve\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{A1BC37B9-9A53-4105-A508-9FC10BEC36AA}] => (Allow) F:\Valve\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{078C66F6-E882-4186-9266-1A127F6E02BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C0F9F665-6206-41CB-BF5D-3967B4BD3683}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A088896C-82CA-4D38-A68B-79D79C91ED82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94BDD087-67FF-4BD7-A42E-34C75D1B2D18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{B9820251-80FE-4429-889D-60FC36F6E30F}C:\users\randy\apps\adirc\adiirc.exe] => (Allow) C:\users\randy\apps\adirc\adiirc.exe
FirewallRules: [UDP Query User{26162D62-1D89-43C8-93FC-FD6C927EA18A}C:\users\randy\apps\adirc\adiirc.exe] => (Allow) C:\users\randy\apps\adirc\adiirc.exe
FirewallRules: [TCP Query User{76C05D9A-F542-441A-B313-CEC42A49D5FD}C:\users\randy\apps\foobar2000\foobar2000.exe] => (Allow) C:\users\randy\apps\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{7B55B8C1-83C8-4ED2-981C-B15A6B4D165B}C:\users\randy\apps\foobar2000\foobar2000.exe] => (Allow) C:\users\randy\apps\foobar2000\foobar2000.exe
FirewallRules: [{4DA1FA56-34B8-449E-B58E-1BBF98612231}] => (Allow) F:\Valve\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{3EFC918B-F1E3-4786-943F-A3C6CA36AB85}] => (Allow) F:\Valve\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{A356E552-2FFF-4A1D-9935-5C6D92B90216}C:\programdata\microsoft\windows\start menu\programs\internet\µtorrent\utorrent.exe] => (Allow) C:\programdata\microsoft\windows\start menu\programs\internet\µtorrent\utorrent.exe
FirewallRules: [UDP Query User{AE9EE623-FECD-4FDE-BC21-C8B2914E2E47}C:\programdata\microsoft\windows\start menu\programs\internet\µtorrent\utorrent.exe] => (Allow) C:\programdata\microsoft\windows\start menu\programs\internet\µtorrent\utorrent.exe
FirewallRules: [TCP Query User{9ADB4099-ACB7-4E9A-A7B4-0DC93AA82D49}E:\his\gaming\emulation\fightcade\fightcade\fightcade.exe] => (Allow) E:\his\gaming\emulation\fightcade\fightcade\fightcade.exe
FirewallRules: [UDP Query User{38D9218E-CBF3-4FE1-98AE-5585DF762B80}E:\his\gaming\emulation\fightcade\fightcade\fightcade.exe] => (Allow) E:\his\gaming\emulation\fightcade\fightcade\fightcade.exe
FirewallRules: [{7CAADE8B-04A8-4183-A802-EC828424BBAE}] => (Allow) F:\Valve\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{AFDA3C38-87FC-4B4B-8314-CF6A9EB33D02}] => (Allow) F:\Valve\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B340A7C1-3865-4682-AAD0-B96357178CEC}] => (Allow) F:\Valve\steamapps\common\ElectronicSuperJoy\ElectronicSuperJoy.exe
FirewallRules: [{19FC669A-6BFF-4B80-B88F-6C92BD7FEECA}] => (Allow) F:\Valve\steamapps\common\ElectronicSuperJoy\ElectronicSuperJoy.exe
FirewallRules: [{313C3938-1DA0-4F91-A2B6-E76579490469}] => (Allow) F:\Valve\steamapps\common\ChargeShot\windows_content\ChargeShot.exe
FirewallRules: [{E442CE24-0B84-44DE-BD9D-DB8DA183A35A}] => (Allow) F:\Valve\steamapps\common\ChargeShot\windows_content\ChargeShot.exe
FirewallRules: [{51874488-01FF-4F0C-9BC1-15B982828238}] => (Allow) F:\Valve\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{D0CA9C0D-ECC3-4AF5-BB1A-A45456E5F799}] => (Allow) F:\Valve\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{CD8AF691-1DDC-4244-A184-A6ABD4E1798F}] => (Allow) F:\Valve\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{CE513345-B229-4F7C-A9A3-025DFDE0AAE7}] => (Allow) F:\Valve\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{C84F3DC4-BA4B-4452-93B3-9368DBA28B71}] => (Allow) F:\Valve\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{3C480378-2EEC-4D90-8C97-995C91E2C091}] => (Allow) F:\Valve\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{E03F482F-D6C6-44BD-B498-902A355A26A9}] => (Allow) F:\Valve\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{B09805D7-B947-4A34-AC03-B4B571FBD423}] => (Allow) F:\Valve\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{96DE70A4-DFA1-4371-AB03-2B11255A5ED7}] => (Allow) F:\Valve\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{1DF9227A-1EEF-4F6D-9E39-DC0779B5D8C2}] => (Allow) F:\Valve\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{F1B6B394-7AA7-4A56-A506-F71219B660CA}] => (Allow) F:\Valve\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{952F66C6-B004-48BB-B95E-B8B9FE6DF5FB}] => (Allow) F:\Valve\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{642BF445-5162-493D-8004-C4FF2F1C075F}] => (Allow) F:\Valve\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{652DC600-EA7A-4C08-AD1F-B74405C13E9B}] => (Allow) F:\Valve\steamapps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{F5BE11DE-2DA6-4857-93F1-554E252EBF1D}] => (Allow) F:\Valve\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{E1AFCDDD-799F-44DB-98EF-F063B4BE8632}] => (Allow) F:\Valve\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{1AEB7503-FF3A-4E6F-A913-5BEDB10543CC}] => (Allow) F:\Valve\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{67CA14FB-3565-41D1-B94E-5EA2343902DD}] => (Allow) F:\Valve\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{368B7256-5CE1-4872-BEF3-9BE0ECDF4AFA}] => (Allow) F:\Valve\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
FirewallRules: [{F5ACD095-6FC0-4E5A-8ABD-811764BC847A}] => (Allow) F:\Valve\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe
FirewallRules: [{FDB941B7-9139-49F0-B063-2CF52D44C007}] => (Allow) F:\Valve\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{2610E3CF-F550-48B8-B161-1E99E376EDDA}] => (Allow) F:\Valve\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{4F5C7246-3C44-48A3-8716-5F112FCCA98B}] => (Allow) F:\Valve\steamapps\common\Symphony\Symphony.exe
FirewallRules: [{C9B19BF2-923E-4D5B-AF48-9E9287103910}] => (Allow) F:\Valve\steamapps\common\Symphony\Symphony.exe
FirewallRules: [{50C852DB-822F-4BED-BED6-92D5788C49B1}] => (Allow) F:\Valve\steamapps\common\Divekick\DivekickD3D11.exe
FirewallRules: [{A109AE3B-B0BC-4F8A-8F77-88963F1138FF}] => (Allow) F:\Valve\steamapps\common\Divekick\DivekickD3D11.exe
FirewallRules: [{7AAE25C7-3542-428C-A850-223365172DDA}] => (Allow) F:\Valve\steamapps\common\aceofspades\aos.exe
FirewallRules: [{C6F80235-CD28-4864-863B-7DDAA9C6C5BA}] => (Allow) F:\Valve\steamapps\common\aceofspades\aos.exe
FirewallRules: [{0659781C-428F-4EC5-B8C5-4272578DBA54}] => (Allow) F:\Valve\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{1F626A76-943D-4753-AC38-539B7333FE5F}] => (Allow) F:\Valve\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{71C8AAC2-7AF6-4CE5-8325-D199881549DC}] => (Allow) F:\Valve\steamapps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{6BF95153-7514-45ED-AE9C-A19ADE0AF06A}] => (Allow) F:\Valve\steamapps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{072431C8-16AB-463B-BAB3-50D21B7A0AE2}] => (Allow) F:\Valve\steamapps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{9D65684A-3EC4-4B5A-8667-810323FC11F3}] => (Allow) F:\Valve\steamapps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{2055B997-D495-49B9-A7BD-3D20D2AFEAA8}] => (Allow) F:\Valve\steamapps\common\The Ship\ship.exe
FirewallRules: [{EE64DD4D-0B73-4271-964A-55EAC6A84939}] => (Allow) F:\Valve\steamapps\common\The Ship\ship.exe
FirewallRules: [{FFA3763E-E2B6-4D12-A113-C874A9300B87}] => (Allow) F:\Valve\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{3FA97CD5-EB55-4079-B240-43068E158038}] => (Allow) F:\Valve\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{46BBB866-9390-4805-B15E-B5F462B43054}] => (Allow) F:\Valve\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{C003DA67-6F12-4AFB-9A36-729B8874B94C}] => (Allow) F:\Valve\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{B18FEAE9-029E-455F-B50B-AFDFE7C42E3A}] => (Allow) F:\Valve\steamapps\common\Oniken\Oniken.exe
FirewallRules: [{97B50014-4E48-4909-BC34-2DD50ECC0039}] => (Allow) F:\Valve\steamapps\common\Oniken\Oniken.exe
FirewallRules: [{9A9A290B-0A1D-462D-A0DD-3D97388812CD}] => (Allow) F:\Valve\steamapps\common\outtheresomewhere\ots.exe
FirewallRules: [{EC21278F-5DB7-4166-9986-83979717CE1D}] => (Allow) F:\Valve\steamapps\common\outtheresomewhere\ots.exe
FirewallRules: [{42E562E5-18B4-4DD2-A06C-08F06AF6D5AE}] => (Allow) F:\Valve\steamapps\common\Disco Dodgeball\Disco Dodgeball.exe
FirewallRules: [{69B62DB3-757E-4DCF-974B-FCCF1EB64B4A}] => (Allow) F:\Valve\steamapps\common\Disco Dodgeball\Disco Dodgeball.exe
FirewallRules: [{09DCAFD2-83BB-4370-BCAE-AC48EDA4C7A6}] => (Allow) F:\Valve\steamapps\common\Over 9000 Zombies!\Over9000Zombies.exe
FirewallRules: [{9F695143-546B-491A-95D7-79874EB93B87}] => (Allow) F:\Valve\steamapps\common\Over 9000 Zombies!\Over9000Zombies.exe
FirewallRules: [{D57AD0EF-5AF5-493C-8337-4298C39C7E45}] => (Allow) F:\Valve\steamapps\common\DiehardDungeon\DiehardDungeon.exe
FirewallRules: [{3083F1C8-D290-4140-B0BE-64527E17FBB8}] => (Allow) F:\Valve\steamapps\common\DiehardDungeon\DiehardDungeon.exe
FirewallRules: [{8F4EF1AA-B0AA-4AEE-B6AF-1083272B4218}] => (Allow) F:\Valve\steamapps\common\Retro Game Crunch\Retro Game Crunch.exe
FirewallRules: [{0F996BFC-4D4E-40CB-9E76-04990C98B3F8}] => (Allow) F:\Valve\steamapps\common\Retro Game Crunch\Retro Game Crunch.exe
FirewallRules: [{D03FCD4D-236B-4971-B96A-48BCCEB78DAF}] => (Allow) F:\Valve\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{9A7B3D11-C165-41C4-9DFD-06225DD1F7AA}] => (Allow) F:\Valve\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{6B857246-6CE6-470C-9242-B241A5097420}] => (Allow) F:\Valve\steamapps\common\Super Win the Game\SuperGame.exe
FirewallRules: [{F0436CEA-0A75-48C5-94CC-CD5AB1F7F45B}] => (Allow) F:\Valve\steamapps\common\Super Win the Game\SuperGame.exe
FirewallRules: [{6F72153E-D438-4737-BC17-446C11DD4527}] => (Allow) F:\Valve\steamapps\common\Xeodrifter\XeodrifterSteam.exe
FirewallRules: [{4B05F1B3-DD7C-436E-B7E3-D598EB41464A}] => (Allow) F:\Valve\steamapps\common\Xeodrifter\XeodrifterSteam.exe
FirewallRules: [{0C787A1F-C453-40EF-B8F4-478AD1591FE7}] => (Allow) F:\Valve\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{EDFE983B-0681-4285-B119-E1A0DF1985C0}] => (Allow) F:\Valve\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{52BF2684-F33A-41C9-9533-A5BA44307B07}] => (Allow) F:\Valve\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{111EB15D-EDD5-47A2-8C91-61D907AAFB33}] => (Allow) F:\Valve\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{42A59FA3-5C98-4EB1-A46C-A504A63BB840}] => (Allow) F:\Valve\steamapps\common\Life of Pixel\LifeOfPixel.exe
FirewallRules: [{BE11EBE1-20EE-4F86-B8BB-6992DC9190EE}] => (Allow) F:\Valve\steamapps\common\Life of Pixel\LifeOfPixel.exe
FirewallRules: [{67C1DC0B-7E4E-4CD6-8F6B-28A64B94CC39}] => (Allow) F:\Valve\steamapps\common\Read Only Memories\ROM.exe
FirewallRules: [{D6C20471-31D6-4A7E-9748-E9EE74E1D178}] => (Allow) F:\Valve\steamapps\common\Read Only Memories\ROM.exe
FirewallRules: [{0CA08232-7D94-48D8-B336-1CDDCB6AF3E8}] => (Allow) F:\Valve\steamapps\common\The Next Penelope\nw.exe
FirewallRules: [{11BC8647-6BF7-4AC9-AE41-4EDF54E3629E}] => (Allow) F:\Valve\steamapps\common\The Next Penelope\nw.exe
FirewallRules: [{8926A6C6-2AA7-45DE-A693-14EBBAB0A8D8}] => (Allow) F:\Valve\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{A0106C0E-5305-4759-9E34-87987A91E22F}] => (Allow) F:\Valve\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{8F87E7F9-3353-46AD-837C-79C94DD08ED5}] => (Allow) F:\Valve\steamapps\common\Just Get Through\JustGetThrough.exe
FirewallRules: [{2EDB5AC1-AD70-48F8-A5BA-FC3E3041C026}] => (Allow) F:\Valve\steamapps\common\Just Get Through\JustGetThrough.exe
FirewallRules: [{5231B64A-7C59-4344-97BF-6AA8E29CF648}] => (Allow) F:\Valve\steamapps\common\Plug & Play\pnp.exe
FirewallRules: [{E5D7243A-C306-41CD-AD10-AFE853968BFB}] => (Allow) F:\Valve\steamapps\common\Plug & Play\pnp.exe
FirewallRules: [{FCE2A39D-E785-4BB0-AE90-1736CF54A0F8}] => (Allow) F:\Valve\steamapps\common\Downwell\Downwell.exe
FirewallRules: [{45396BE8-BC4D-4FA3-A263-C4B1B975BF21}] => (Allow) F:\Valve\steamapps\common\Downwell\Downwell.exe
FirewallRules: [{9FA83258-D65E-4123-8114-A0BF37894CB2}] => (Allow) F:\Valve\steamapps\common\Taimumari\game.exe
FirewallRules: [{85B3DE74-F9D4-42BF-93A5-477D730A4857}] => (Allow) F:\Valve\steamapps\common\Taimumari\game.exe
FirewallRules: [{76AE20A0-00C4-42C8-8BD0-8D5E50CD8CFF}] => (Allow) F:\Valve\steamapps\common\The Jackbox Party Pack 2\The Jackbox Party Pack 2.exe
FirewallRules: [{A2A4B5A5-CAA5-4795-8E5C-4308038F6EF0}] => (Allow) F:\Valve\steamapps\common\The Jackbox Party Pack 2\The Jackbox Party Pack 2.exe
FirewallRules: [{33B8B01A-A523-4FC4-8D32-C9001147BB04}] => (Allow) E:\His\Gaming\Emulation\Front Ends\Romulus\Romulus.exe
FirewallRules: [{DF6B2D00-B887-4E37-A20F-C3E7F91D38B5}] => (Allow) E:\His\Gaming\Emulation\Front Ends\Romulus\Romulus.exe
FirewallRules: [{44763BFF-7A2F-4A6A-A006-0278B3180467}] => (Allow) F:\Valve\steamapps\common\lone survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{BF16F5F9-B694-4F6F-9E15-01B8A3EDAAC8}] => (Allow) F:\Valve\steamapps\common\lone survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [TCP Query User{8C5C9501-2C27-4370-A54E-AEEC9E41B3C1}C:\users\randy\downloads\1\data\bin\node.exe] => (Allow) C:\users\randy\downloads\1\data\bin\node.exe
FirewallRules: [UDP Query User{D592ED28-6A3E-459B-826D-9439FC3F8316}C:\users\randy\downloads\1\data\bin\node.exe] => (Allow) C:\users\randy\downloads\1\data\bin\node.exe
FirewallRules: [TCP Query User{9F3EADC5-5328-4F7A-9133-45185F992AE2}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [UDP Query User{9CB52692-A822-4142-A5ED-ED4A1463D7BF}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [{0C5814D5-422A-49CE-B918-345E0A1F85FE}] => (Block) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [{D7515B74-BA32-468D-ABF2-867CB09F59EE}] => (Block) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [{D280531B-71ED-4810-969A-D6E4D983AF55}] => (Allow) F:\Valve\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{BF483617-4DD9-4E8F-ABD1-3119832BA3F1}] => (Allow) F:\Valve\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{C1A7A9EE-02A0-47B7-B844-C9762306C889}] => (Allow) F:\Valve\steamapps\common\Retro City Rampage\retrocityrampage.exe
FirewallRules: [{0EF32921-2BF0-455C-998E-6B70D2653A00}] => (Allow) F:\Valve\steamapps\common\Retro City Rampage\retrocityrampage.exe
FirewallRules: [{C6156372-CDA2-4EE8-B307-AE12F13EF598}] => (Allow) F:\Valve\steamapps\common\Heavy Bullets\HEAVY_BULLETS.exe
FirewallRules: [{9CAE4085-3C00-4260-A9D8-3CF5B3DB4EDE}] => (Allow) F:\Valve\steamapps\common\Heavy Bullets\HEAVY_BULLETS.exe
FirewallRules: [{6D6B465A-E1AC-4579-8AAB-56C046EFD49D}] => (Allow) F:\Valve\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{0A8C4523-F125-4AD0-94F4-0DD61B7CB9BD}] => (Allow) F:\Valve\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{E928D746-59E6-489A-82E8-B981D38F699D}] => (Allow) F:\Valve\steamapps\common\The Path\PathViewer.exe
FirewallRules: [{46A22F1E-EC46-41F3-9DBC-0F599E56022E}] => (Allow) F:\Valve\steamapps\common\The Path\PathViewer.exe
FirewallRules: [{70998228-A04C-40F8-B774-28108517B930}] => (Allow) F:\Valve\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{72C7B63D-6400-4984-ABC0-147E08E11BD7}] => (Allow) F:\Valve\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{EE151974-0B3D-4D7C-BEA1-337CD301AEE0}] => (Allow) F:\Valve\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{6FCC80A8-151D-43D7-B21D-BC36C4733273}] => (Allow) F:\Valve\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{74EF0FF5-D4C7-4B5B-BB51-85BACF4987BF}] => (Allow) F:\Valve\steamapps\common\Disc Jam\Icon.exe
FirewallRules: [{083F067E-706B-4824-805E-AF447329106A}] => (Allow) F:\Valve\steamapps\common\Disc Jam\Icon.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: SAMSUNG HD103SJ
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: SAMSUNG HD103SJ
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2017 08:23:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds (1).com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1618
 
Start Time: 01d29a68b73e5e6d
 
Termination Time: 4294967295
 
Application Path: C:\Users\Randy\Downloads\dds (1).com
 
Report Id: ecb48a73-065d-11e7-aa9c-1c6f65ce4d55
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/11/2017 07:54:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dds (1).com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1c70
 
Start Time: 01d29a667be479ec
 
Termination Time: 4294967295
 
Application Path: C:\Users\Randy\Downloads\dds (1).com
 
Report Id: de80a76e-0659-11e7-aa9c-1c6f65ce4d55
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/11/2017 07:54:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (03/11/2017 12:46:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
Error: (03/10/2017 07:05:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (03/10/2017 07:04:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
Error: (03/10/2017 06:49:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ScreenToGif 2.3.2.exe version 2.3.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3834
 
Start Time: 01d299f7ca0bfcfd
 
Termination Time: 53
 
Application Path: C:\Users\Randy\Apps\Media\Screen to GIF\ScreenToGif 2.3.2.exe
 
Report Id: 32fef17c-05ec-11e7-aa9c-1c6f65ce4d55
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/10/2017 06:31:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (03/10/2017 06:30:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
Error: (03/10/2017 06:28:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
 
System errors:
=============
Error: (03/11/2017 08:10:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Everything service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/11/2017 08:10:11 PM) (Source: DCOM) (EventID: 10016) (User: HOME)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID 
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user Home\Randy SID (S-1-5-21-1413348635-3526239420-3300952408-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/11/2017 08:08:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/11/2017 04:58:13 PM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: The server {CEFF45EE-C862-41DE-AEE2-A022C81EDA92} did not register with DCOM within the required timeout.
 
Error: (03/11/2017 04:58:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/11/2017 04:28:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/11/2017 07:54:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Everything service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/11/2017 07:52:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/10/2017 10:49:04 PM) (Source: DCOM) (EventID: 10016) (User: HOME)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID 
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user Home\Randy SID (S-1-5-21-1413348635-3526239420-3300952408-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/10/2017 06:21:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-08 20:14:01.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:14:01.300
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:14:01.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:14:01.297
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:14:01.295
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:14:01.293
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:13:05.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:13:05.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:13:05.272
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-08 20:13:05.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 31%
Total physical RAM: 8175.11 MB
Available physical RAM: 5620.3 MB
Total Virtual: 8687.11 MB
Available Virtual: 6234.35 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:110.2 GB) (Free:18.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4A9989EB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=811 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#4 Aggort

Aggort
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 12 March 2017 - 10:52 AM

I ran the fixlist, now all I can do is wait. As I said, the popups were random. So I am going to leave my PC running for a while and see what happens I suppose.



#5 Aggort

Aggort
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 12 March 2017 - 11:07 AM

I regret to report that the issue still persists. Just received a popup about a minute ago.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 13 March 2017 - 07:34 AM


ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
Task: {050FE881-97AD-46C7-9F23-4D937B26B280} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {201FA830-AE9A-4B87-8D5B-FEE3F05B6AC8} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {587FAAD2-D9EF-4C5A-8D01-1049496D8B44} - System32\Tasks\vnovostyahnethewolsm => Chrome.exe vnovostyah.net/hewolsm <==== ATTENTION
Task: {E555E3F8-1E1C-450E-938A-313AA790EB8E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-09-27] ()
C:\Program Files\pia_manager
C:\Users\Randy\AppData\Local\Temp\nsd3A63.tmp
C:\Users\Randy\AppData\Local\Temp\nsd3A63.tmp
C:\Users\Randy\AppData\Local\Temp\nsd3A63.tmp
AlternateDataStreams: C:\WINDOWS\system32\nvir3dgenco64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvstusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSB.sys:$CmdTcID [64]
FirewallRules: [{367C5DDB-8807-40C7-894E-7112221D6EF8}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\sniffer.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Please post the Fixldog.txt and let me know what problem persists.

#7 Aggort

Aggort
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 13 March 2017 - 03:04 PM

Nasdaq, thanks for your assistance. I had a post over at reddit.com/r/techsupport A user there caught the same file in system32 that you did (System32\Tasks\vnovostyahnethewolsm) he gave me a fixlist as well and said he believed that was my issue. He was correct. Ever since that file was removed I haven't encountered any popups. If you'd like I can provide the fixlog from hist list as his is slightly different from yours.


Edited by Aggort, 13 March 2017 - 03:10 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 14 March 2017 - 07:23 AM

Yes please do. I might learn something.

#9 Aggort

Aggort
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 14 March 2017 - 03:28 PM

Again, thank you Nasdaq. If you hadn't first guided me in the right direction, I wouldn't have gotten the help from Reddit. Here's the log. His fixlist was very similar to yours.
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Randy (12-03-2017 23:57:13) Run:2
Running from C:\Users\Randy\Desktop\Tools
Loaded Profiles: Randy (Available Profiles: Randy & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{80933416-C33F-407E-BCC1-6246E3EE34DF}\InprocServer32 -> C:\Program Files (x86)\ExtractNow\extractmenu64.dll (Nathan Moinvaziri)
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Randy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
Task: {050FE881-97AD-46C7-9F23-4D937B26B280} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {201FA830-AE9A-4B87-8D5B-FEE3F05B6AC8} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {587FAAD2-D9EF-4C5A-8D01-1049496D8B44} - System32\Tasks\vnovostyahnethewolsm => Chrome.exe vnovostyah.net/hewolsm <==== ATTENTION
ShortcutWithArgument: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_knipolnnllmklapflnccelgolnpehhpl\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Randy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
Emptytemp:
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{80933416-C33F-407E-BCC1-6246E3EE34DF} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-1413348635-3526239420-3300952408-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{050FE881-97AD-46C7-9F23-4D937B26B280} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{050FE881-97AD-46C7-9F23-4D937B26B280} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{201FA830-AE9A-4B87-8D5B-FEE3F05B6AC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{201FA830-AE9A-4B87-8D5B-FEE3F05B6AC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{587FAAD2-D9EF-4C5A-8D01-1049496D8B44} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{587FAAD2-D9EF-4C5A-8D01-1049496D8B44} => key removed successfully
C:\WINDOWS\System32\Tasks\vnovostyahnethewolsm => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vnovostyahnethewolsm => key removed successfully
C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_knipolnnllmklapflnccelgolnpehhpl\Google Hangouts.lnk => Shortcut argument removed successfully.
C:\Users\Randy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk => Shortcut argument removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7498315 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 111494 B
Edge => 0 B
Chrome => 378506876 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3372 B
Randy => 17103193 B
Administrator => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 384.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:57:22 ====


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 PM

Posted 15 March 2017 - 07:40 AM

Just one comment.

As I have suggested take care of this.

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

#11 Aggort

Aggort
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 15 March 2017 - 04:24 PM

Ah yes, I forgot to address, that was disabled once I knew I had an issue with my PC it has since been re-enabled.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users