Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Failed to Start up and system repair can't fix it.


  • This topic is locked This topic is locked
24 replies to this topic

#1 Zack3086

Zack3086

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 30 March 2017 - 01:36 AM

Hi there my computer just started having this problem I looked here already and have gone through some of the steps listed in a post similar to my problem I have downloaded Farbar x64 and have run the scan here is the log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-NKNM29U (30-03-2017 01:20:08)
Running from H:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-28] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [ConduitHelper] => C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe [274216 2011-08-31] (Conduit Ltd.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 DAUpdaterSvc; F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 Origin Client Service; "F:\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "F:\Origin\OriginWebHelperService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 CORK95; C:\Windows\System32\drivers\CORK95.sys [25600 2012-10-31] ( )
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2015-10-27] (SteelSeries ApS)
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [54200 2012-09-26] (Thesycon GmbH, Germany)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-02-25] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [195584 2011-02-25] (VIA Technologies, Inc.)
S0 aswVmm; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-30 01:10 - 2017-03-30 01:20 - 00000000 ____D C:\FRST
2017-03-28 20:03 - 2017-03-28 20:32 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-03-20 17:26 - 2017-03-20 17:26 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 17:26 - 2017-03-16 14:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-20 17:26 - 2017-01-25 16:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-20 17:26 - 2017-01-25 16:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-20 17:26 - 2017-01-25 16:09 - 00322560 _____ C:\Windows\System32\vulkan-1.dll
2017-03-20 17:26 - 2017-01-25 16:09 - 00118272 _____ C:\Windows\System32\vulkaninfo.exe
2017-03-20 17:23 - 2017-03-16 16:59 - 40190400 _____ C:\Windows\System32\nvcompiler.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 17282648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 16400616 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2017-03-20 17:23 - 2017-03-16 16:59 - 13378096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6437892.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6437892.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-20 17:23 - 2017-03-16 16:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-19 23:26 - 2017-03-20 07:42 - 00012922 _____ C:\Users\Administrator\Documents\Ironworks.xlsx
2017-03-19 23:26 - 2017-03-19 23:26 - 00002116 _____ C:\Users\Administrator\Documents\Tools.csv
2017-03-19 23:25 - 2017-03-19 23:25 - 00002116 _____ C:\Users\Administrator\Downloads\Your Crafting List  (2).csv
2017-03-19 20:49 - 2017-03-19 23:26 - 00003219 _____ C:\Users\Administrator\Downloads\Your Crafting List  (1).csv
2017-03-19 20:35 - 2017-03-19 20:35 - 00002151 _____ C:\Users\Administrator\Downloads\Your Crafting List .csv
2017-03-16 15:34 - 2017-03-16 15:16 - 00549944 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2017-03-16 15:34 - 2017-03-16 15:16 - 00081856 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2017-03-16 15:32 - 2017-03-16 16:59 - 00492560 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2017-03-16 15:32 - 2017-02-23 14:56 - 00217528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2017-03-16 15:32 - 2017-02-23 14:56 - 00047664 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2017-03-16 15:32 - 2017-02-23 02:34 - 01985080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6437878.dll
2017-03-16 15:32 - 2017-02-23 02:34 - 01589696 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6437878.dll
2017-03-16 15:32 - 2017-02-23 02:34 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-16 15:32 - 2017-02-23 02:34 - 00000669 _____ C:\Windows\System32\nv-vk64.json
2017-03-16 15:24 - 2017-03-16 15:24 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-16 15:22 - 2017-03-16 15:22 - 00000000 ____D C:\Users\Administrator\Documents\Add-in Express
2017-03-16 15:05 - 2017-03-16 15:31 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-16 15:05 - 2017-03-16 15:05 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 15:05 - 2017-03-16 15:05 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 15:05 - 2017-03-16 15:05 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 15:05 - 2017-03-16 15:05 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 15:05 - 2017-03-16 15:05 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 15:05 - 2017-03-16 15:05 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 15:05 - 2017-03-16 15:05 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 15:05 - 2017-03-16 15:05 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-16 15:05 - 2017-02-23 10:32 - 01880512 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2017-03-16 15:05 - 2017-02-23 10:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2017-03-16 15:05 - 2017-02-23 10:32 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-16 15:05 - 2017-02-23 10:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-16 15:05 - 2017-02-23 10:32 - 00120256 _____ C:\Windows\System32\NvRtmpStreamer64.dll
2017-03-16 15:05 - 2017-02-23 06:30 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-03-16 14:57 - 2017-02-23 10:32 - 00156608 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2017-03-16 14:57 - 2017-02-23 10:32 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-16 14:57 - 2017-02-23 10:32 - 00057792 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2017-03-16 14:57 - 2017-02-23 10:32 - 00046016 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2017-03-14 09:56 - 2017-03-04 09:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-03-14 09:56 - 2017-03-04 08:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 09:56 - 2017-03-04 00:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2017-03-14 09:56 - 2017-03-04 00:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2017-03-14 09:56 - 2017-03-04 00:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-03-14 09:56 - 2017-03-04 00:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2017-03-14 09:56 - 2017-03-03 23:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-03-14 09:56 - 2017-03-03 23:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-03-14 09:56 - 2017-03-03 23:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2017-03-14 09:56 - 2017-03-03 23:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-03-14 09:56 - 2017-03-03 23:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-03-14 09:56 - 2017-03-03 23:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2017-03-14 09:56 - 2017-03-03 23:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-03-14 09:56 - 2017-03-03 23:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2017-03-14 09:56 - 2017-03-03 23:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-03-14 09:56 - 2017-03-03 23:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-03-14 09:56 - 2017-03-03 23:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2017-03-14 09:56 - 2017-03-03 23:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-03-14 09:56 - 2017-03-03 23:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-03-14 09:56 - 2017-03-03 23:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2017-03-14 09:56 - 2017-03-03 22:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-03-14 09:56 - 2017-03-03 22:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-03-14 09:56 - 2017-03-03 22:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-03-14 09:56 - 2017-03-03 22:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-03-14 09:56 - 2017-03-03 22:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2017-03-14 09:56 - 2017-03-03 22:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-03-14 09:56 - 2017-03-03 22:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-03-14 09:56 - 2017-03-03 22:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-03-14 09:56 - 2017-03-03 20:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 09:56 - 2017-03-02 10:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-14 09:56 - 2017-03-02 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 09:56 - 2017-03-02 10:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-14 09:56 - 2017-03-02 10:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-14 09:56 - 2017-03-02 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 09:56 - 2017-03-02 09:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 09:56 - 2017-03-02 09:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-14 09:56 - 2017-03-02 09:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-14 09:56 - 2017-03-02 09:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-14 09:56 - 2017-03-02 09:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-14 09:56 - 2017-03-02 09:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 09:56 - 2017-03-02 09:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-14 09:56 - 2017-03-02 09:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-14 09:56 - 2017-03-02 09:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 09:56 - 2017-03-02 09:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-14 09:56 - 2017-03-02 09:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-14 09:56 - 2017-03-02 09:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 09:56 - 2017-03-02 09:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 09:56 - 2017-03-02 09:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-14 09:56 - 2017-03-02 09:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 09:56 - 2017-03-02 09:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 09:56 - 2017-03-02 09:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 09:56 - 2017-03-02 09:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 09:56 - 2017-03-02 09:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-14 09:56 - 2017-03-02 09:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 09:56 - 2017-03-02 08:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 09:56 - 2017-03-02 08:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 09:56 - 2017-03-02 08:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 09:55 - 2017-03-04 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-03-14 09:55 - 2017-03-04 00:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-03-14 09:55 - 2017-03-04 00:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2017-03-14 09:55 - 2017-03-03 23:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-03-14 09:55 - 2017-03-03 23:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-03-14 09:55 - 2017-03-03 23:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-03-14 09:55 - 2017-03-03 23:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2017-03-14 09:55 - 2017-03-03 22:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-03-14 09:55 - 2017-03-02 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-14 09:55 - 2017-02-22 15:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2017-03-14 09:55 - 2017-02-22 15:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-03-14 09:55 - 2017-02-18 06:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-03-14 09:55 - 2017-02-18 06:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-03-14 09:55 - 2017-02-11 07:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-03-14 09:55 - 2017-02-11 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-03-14 09:55 - 2017-02-11 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-03-14 09:55 - 2017-02-10 08:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2017-03-14 09:55 - 2017-02-10 08:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2017-03-14 09:55 - 2017-02-10 08:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 09:55 - 2017-02-10 08:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 09:55 - 2017-02-10 06:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 09:55 - 2017-02-09 08:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-03-14 09:55 - 2017-02-09 08:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-03-14 09:55 - 2017-02-09 08:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-03-14 09:55 - 2017-02-09 08:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-03-14 09:55 - 2017-02-09 08:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-03-14 09:55 - 2017-02-09 08:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\WcsPlugInService.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2017-03-14 09:55 - 2017-02-09 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\System32\mscms.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\System32\icm32.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-14 09:55 - 2017-02-09 08:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-14 09:55 - 2017-02-09 08:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2017-03-14 09:55 - 2017-02-09 08:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2017-03-14 09:55 - 2017-02-09 08:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2017-03-14 09:55 - 2017-02-09 08:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-03-14 09:55 - 2017-02-09 08:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-03-14 09:55 - 2017-02-09 07:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2017-03-14 09:55 - 2017-02-09 07:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-03-14 09:55 - 2017-02-09 07:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-03-14 09:55 - 2017-02-09 07:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-03-14 09:55 - 2017-02-09 07:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-03-14 09:55 - 2017-02-09 07:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-03-14 09:55 - 2017-02-09 07:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-03-14 09:55 - 2017-02-09 07:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-14 09:55 - 2017-02-09 07:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 09:55 - 2017-02-09 07:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-14 09:55 - 2017-02-09 07:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-14 09:55 - 2017-02-09 07:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-14 09:55 - 2017-02-09 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-14 09:55 - 2017-02-09 07:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-14 09:55 - 2017-02-09 07:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 07:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 07:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 07:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 09:55 - 2017-02-09 06:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2017-03-14 09:55 - 2017-02-09 06:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2017-03-14 09:55 - 2017-02-06 08:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 09:55 - 2017-01-13 10:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2017-03-14 09:55 - 2017-01-13 10:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2017-03-14 09:55 - 2017-01-13 09:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 09:55 - 2017-01-13 09:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 09:55 - 2017-01-11 10:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2017-03-14 09:55 - 2017-01-11 10:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2017-03-14 09:55 - 2017-01-11 09:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 09:55 - 2017-01-11 09:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 09:55 - 2017-01-06 10:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-03-14 09:55 - 2017-01-06 09:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 09:55 - 2016-12-31 07:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-03-14 09:55 - 2016-12-31 07:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-03-14 09:55 - 2016-12-31 07:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-03-14 09:55 - 2016-12-31 07:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-03-14 09:55 - 2016-12-31 07:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-03-11 20:12 - 2017-03-11 20:29 - 00011051 _____ C:\Users\Administrator\Documents\Glyphs, Signets and Aux.xlsx
2017-03-11 12:59 - 2017-03-11 12:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\UnrealEngine
2017-03-11 12:59 - 2017-03-11 12:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\AtlanticIslandPark
2017-03-11 12:49 - 2017-03-11 12:49 - 00000202 _____ C:\Users\Administrator\Desktop\The Park.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-29 17:20 - 2017-02-16 01:20 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job
2017-03-29 17:20 - 2017-02-16 01:20 - 00000725 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job
2017-03-29 17:17 - 2017-02-16 01:17 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {37E79491-7708-4D3C-8211-DFF475CED810}.job
2017-03-29 17:13 - 2015-12-03 14:08 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d12e1732fe28df.job
2017-03-29 17:13 - 2015-08-25 18:29 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d0dfa717420978.job
2017-03-29 17:08 - 2014-06-16 18:52 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1cf89d728b8072d.job
2017-03-29 14:08 - 2014-05-08 13:52 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1cf6b07df1de097.job
2017-03-29 13:55 - 2011-08-12 03:08 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-29 13:54 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-29 13:54 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-29 13:46 - 2014-01-28 13:30 - 00000000 __RSD C:\Users\Administrator\Documents\McAfee Vaults
2017-03-29 13:44 - 2013-06-02 18:10 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-29 13:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-28 19:57 - 2009-07-13 21:13 - 00849608 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-28 19:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-28 19:43 - 2012-04-05 16:38 - 01321738 _____ C:\Windows\ntbtlog.txt
2017-03-28 18:46 - 2015-02-03 17:03 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0401653544997.job
2017-03-28 14:25 - 2013-10-05 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\Battle.net
2017-03-26 13:13 - 2015-07-15 18:41 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0bf70e4712b78.job
2017-03-26 12:06 - 2011-09-01 05:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-26 01:39 - 2011-08-18 19:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-20 17:27 - 2011-08-12 03:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 17:15 - 2016-01-29 17:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-20 17:14 - 2011-08-18 00:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-18 15:12 - 2017-02-10 09:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Curse Client
2017-03-17 09:15 - 2014-03-21 12:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-03-16 22:26 - 2012-01-18 04:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Origin
2017-03-16 16:59 - 2015-01-29 16:17 - 03583744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-03-16 16:59 - 2011-08-12 03:08 - 19883600 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2017-03-16 16:59 - 2011-08-12 03:08 - 04064088 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2017-03-16 16:59 - 2011-08-12 03:08 - 00042686 _____ C:\Windows\System32\nvinfo.pb
2017-03-16 16:11 - 2015-10-20 12:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Corsair
2017-03-16 16:11 - 2015-10-20 12:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Corsair
2017-03-16 16:09 - 2012-01-18 04:13 - 00000000 ____D C:\ProgramData\Origin
2017-03-16 16:00 - 2011-11-17 13:12 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-03-16 15:35 - 2011-08-12 03:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-16 15:34 - 2011-08-12 03:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-16 15:22 - 2011-09-05 09:34 - 00000000 ____D C:\ProgramData\WinZip
2017-03-16 15:16 - 2014-10-22 22:06 - 01762752 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2017-03-16 15:16 - 2011-08-12 03:08 - 06401984 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2017-03-16 15:16 - 2011-08-12 03:08 - 02477504 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2017-03-16 15:16 - 2011-08-12 03:08 - 00392128 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2017-03-16 15:16 - 2011-08-12 03:08 - 00069568 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2017-03-16 15:06 - 2014-03-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-03-16 14:55 - 2012-03-05 11:22 - 00000000 ____D C:\Users\Administrator\Documents\BioWare
2017-03-16 14:22 - 2014-09-08 20:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-16 01:39 - 2012-02-23 05:38 - 07813427 _____ C:\Windows\System32\nvcoproc.bin
2017-03-15 14:39 - 2016-04-07 13:44 - 00004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-15 14:39 - 2012-05-22 15:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 14:39 - 2012-05-22 15:23 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 14:39 - 2011-12-22 03:22 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-15 14:39 - 2011-08-18 19:43 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 11:58 - 2013-07-11 12:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 11:58 - 2013-07-11 12:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 11:58 - 2009-07-13 20:45 - 00323336 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-14 11:57 - 2015-04-15 08:51 - 00000000 ____D C:\Windows\System32\appraiser
2017-03-14 11:57 - 2014-05-06 11:04 - 00000000 ___SD C:\Windows\System32\CompatTel
2017-03-14 11:57 - 2013-07-27 13:17 - 00000000 ____D C:\Windows\System32\MRT
2017-03-14 11:57 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 11:54 - 2011-09-02 02:42 - 138634176 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-03-03 12:03 - 2009-07-13 21:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
Some files in TEMP:
====================
2013-03-09 20:01 - 2013-06-26 14:06 - 0358600 _____ (Ask.com) C:\Users\Administrator\AppData\Local\Temp\APNStub.exe
2012-12-11 22:43 - 2012-12-11 22:43 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
2012-12-02 04:27 - 2010-08-04 12:21 - 0433976 _____ (Yahoo! Inc.) C:\Users\Administrator\AppData\Local\Temp\bpuninstall.exe
2017-02-15 16:55 - 2017-02-15 16:55 - 0363208 _____ (BitRaider, LLC) C:\Users\Administrator\AppData\Local\Temp\BRSVC_23289264_hlp.exe
2011-09-02 09:50 - 2015-02-11 16:31 - 0036864 _____ () C:\Users\Administrator\AppData\Local\Temp\CmdLineExt02.dll
2012-10-20 12:45 - 2013-11-19 15:22 - 1542696 _____ (McAfee, Inc.) C:\Users\Administrator\AppData\Local\Temp\contentDATs.exe
2013-08-09 16:54 - 2013-08-15 10:52 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Administrator\AppData\Local\Temp\drm_dyndata_7370014.dll
2007-01-01 13:22 - 2007-01-01 13:22 - 0069632 _____ () C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll
2012-01-10 13:35 - 2012-01-10 13:35 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\GUR4884.exe
2011-12-09 17:40 - 2011-12-09 17:40 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\GURA784.exe
2012-06-15 13:42 - 2012-08-29 15:50 - 21935168 _____ (ArenaNet) C:\Users\Administrator\AppData\Local\Temp\Gw2.exe
2013-01-12 13:09 - 2013-01-12 13:09 - 0896424 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
2013-01-30 15:58 - 2013-01-30 15:58 - 0897448 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-01 12:00 - 2013-03-01 12:00 - 0897448 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-04-05 06:44 - 2013-04-05 06:44 - 0904104 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
2013-06-21 17:58 - 2013-06-21 17:58 - 0903080 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 12:50 - 2014-04-15 12:50 - 0921512 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-27 21:15 - 2014-07-27 21:15 - 0918440 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2012-08-29 03:38 - 2012-08-29 03:38 - 0894952 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
2012-09-27 13:56 - 2012-09-27 13:56 - 0895464 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2016-07-25 15:06 - 2016-07-25 15:06 - 0741440 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-24 11:19 - 2016-10-24 11:19 - 0737856 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-04-20 08:38 - 2015-04-20 08:38 - 0562088 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-07-26 12:11 - 2015-07-26 12:11 - 0563808 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-08-26 15:40 - 2015-08-26 15:40 - 0585824 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-10-21 08:25 - 2015-10-21 08:25 - 0585824 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-25 09:30 - 2015-11-25 09:30 - 0585824 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-23 08:29 - 2016-01-23 08:29 - 0644704 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-10 15:09 - 2016-02-10 15:09 - 0736352 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-25 16:47 - 2016-03-25 16:47 - 0736320 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u77-windows-au.exe
2012-12-11 22:43 - 2012-12-11 22:43 - 0163936 _____ () C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
2012-10-20 12:14 - 2012-10-20 12:14 - 0888320 _____ (McAfee, Inc.) C:\Users\Administrator\AppData\Local\Temp\mssinstaller.exe
2016-05-27 11:18 - 2016-05-27 11:19 - 6359496 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
2013-02-03 16:31 - 2013-02-03 16:32 - 3962603 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus%20Mod%20Manager-0.41.0.exe
2013-02-11 19:21 - 2013-02-11 19:22 - 3967189 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus%20Mod%20Manager-0.42.1.exe
2013-08-06 14:30 - 2013-08-06 14:31 - 4120736 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.5.exe
2012-05-14 23:21 - 2014-09-13 12:13 - 1219240 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
2012-05-14 23:21 - 2012-05-14 23:21 - 0354624 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStereoApiI.dll
2011-08-03 02:31 - 2012-02-29 10:26 - 0187200 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStereoApiI64.dll
2012-02-23 05:37 - 2017-02-23 00:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2012-12-11 22:43 - 2012-12-11 22:43 - 2985568 _____ () C:\Users\Administrator\AppData\Local\Temp\oi_{E3787763-82EA-47C4-A3CE-5F4EE8026E51}.exe
2011-12-25 07:41 - 2014-01-28 13:17 - 8330352 _____ (McAfee, Inc.) C:\Users\Administrator\AppData\Local\Temp\SecurityScan_Release.exe
2015-02-11 16:31 - 2015-02-11 16:31 - 0012067 _____ () C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
2015-02-11 16:31 - 2015-02-11 16:31 - 0019924 _____ () C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
2015-02-11 16:31 - 2015-02-11 16:31 - 0024516 _____ () C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
2012-05-16 20:39 - 2012-06-07 13:30 - 25504432 _____ (Skype Technologies S.A.) C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
2015-04-04 08:25 - 2015-04-04 08:25 - 0006656 _____ () C:\Users\Administrator\AppData\Local\Temp\tb9vfksy.dll
2013-06-10 18:06 - 2013-06-10 18:06 - 4479832 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\tmp4740.exe
2013-06-10 18:06 - 2013-06-10 18:06 - 4961800 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\tmp4DF5.exe
2013-06-10 18:06 - 2013-06-10 18:06 - 0288088 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\tmp51EC.exe
2013-06-10 18:06 - 2013-06-10 18:06 - 2653944 _____ (Xiph.Org) C:\Users\Administrator\AppData\Local\Temp\tmp6C8E.exe
2016-03-04 20:11 - 2016-01-25 19:06 - 2108488 _____ (AVG Technologies) C:\Users\Administrator\AppData\Local\Temp\UNINSTALL.EXE
2003-10-14 07:08 - 2003-10-14 07:08 - 0294912 ____N (Blizzard Entertainment) C:\Users\Administrator\AppData\Local\Temp\war3_Install.exe
2013-01-14 11:12 - 2013-01-14 11:12 - 3626208 _____ (WinZip International LLC                                    ) C:\Users\Administrator\AppData\Local\Temp\winziprosetup.exe
2014-10-02 12:48 - 2014-10-02 12:48 - 0040960 _____ () C:\Users\Administrator\AppData\Local\Temp\x2blapi.dll
2015-08-26 17:23 - 2016-01-23 08:32 - 0847576 _____ (Yahoo! Inc.) C:\Users\Administrator\AppData\Local\Temp\ytb.exe
2016-11-29 21:47 - 2016-11-29 21:47 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\z26dj6qz.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 10:19] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA
 
C:\Windows\SysWOW64\explorer.exe
[2016-10-11 10:19] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-12-13 10:48] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542
 
C:\Windows\SysWOW64\User32.dll
[2016-12-13 10:48] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 6135.11 MB
Available physical RAM: 5307.99 MB
Total Virtual: 6133.31 MB
Available Virtual: 5296.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:0.56 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:402.51 GB) NTFS
Drive h: (RECOVERY) (Removable) (Total:14.6 GB) (Free:14.26 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 118B102D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 531468F0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
LastRegBack: 2017-03-28 07:47
 
==================== End of FRST.txt ============================
 
 
 
Help Please I beg you! 
 
PS: Sorry for the Multi Posts.

Edited by Zack3086, 30 March 2017 - 01:56 AM.


BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 30 March 2017 - 10:44 PM

Hello Zack3089,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS
 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 Zack3086

Zack3086
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 30 March 2017 - 10:58 PM

Sure thing thanks for helping me RayS.



#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 01 April 2017 - 07:17 PM

Hi Zack3086,

 

I am still analyzing your log and will have a more substantive reply shortly. Meanwhile, please answer a few questions for clarity:

  • How far into the normal boot-up process do you get?
  • What are the symptoms and/or (verbatim) error messages?
  • Did you try booting into Safe Mode?
  • Do you have backups for all your important files?

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 Zack3086

Zack3086
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 01 April 2017 - 08:14 PM

Hey Ray

 

I get up to the Windows loading screen (where the screen is all black and the four colors of the window's logo zoom in to form the logo). the colors never show up and the screen stays black until the whole comp shuts down.

One of my network locations USBSTORAGE(//EPSON2BB0DB) which is the [Z:] drive would not connect.

No error messages appear even after i restart.

I was able to get it to boot in safe mode after I did the Farbar x64 scan. Until that I was unable to get to an enter safe mode option. I am betting I just missed the correct button press to get to safe mode in my panic.

Yes I have backed up my files.

 

Thanks,

 

Zack



#6 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 02 April 2017 - 02:29 PM

Hi Zack,

Thank you for the quick reply.

If I understand you correctly, the PC can be booted into Safe Mode when you press the F8 key at the correct moment (after seeing the initial logo screen) during boot-up. If that is so, please enter Safe Mode with Networking and rerun FRST64.exe. Leave all the default options checkmarked including Addition.txt and then click Scan. I have identified several issues that need to be cleaned, but a set of FRST logs in Safe Mode will give me a more comprehensive view of your PC than is available from the log you obtained while in Recovery Environment.

Summary:

  • Copy and paste the entire contents of Frst.txt and Addition.txt into the body of your message.
  • Describe any unexpected symptoms in the behavior of your PC.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#7 Zack3086

Zack3086
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 April 2017 - 05:03 PM

Ok here you go.

 

No unexpected symptoms occurred. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Administrator (administrator) on ZACHARY-PC (02-04-2017 16:45:31)
Running from H:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes) F:\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => F:\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [Guildwork] => C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guildwork\Guildwork.lnk
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [SaferBrowserIsDefault] => "C:\Program Files (x86)\Safer Technologies\Safer Browser\Application\SaferBrowserProtector.exe" --force-protect
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKLE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKLE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7E481F2D-FF95-4315-B564-33CF2B9D3BB4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8311AF7B-CC4E-4462-BDF8-A706EBC4F1E3}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1086365725-1468650204-1436194041-500 -> DefaultScope {F2F71F58-22B0-4893-9D40-BF7A3E2766EC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US685D20140128&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086365725-1468650204-1436194041-500 -> {F2F71F58-22B0-4893-9D40-BF7A3E2766EC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US685D20140128&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-03-15]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-03-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1086365725-1468650204-1436194041-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1086365725-1468650204-1436194041-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-04-02]
CHR Extension: (Warlords of Draenor) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbdhkkfelmdhbmegjaokmkkeglhhjek [2015-05-25]
CHR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-20]
CHR Extension: (Yahoo! Messenger) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbmghiihlelkhbccpinfjdfmeclcmfc [2011-10-29]
CHR Extension: (FastestFox for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\ADMINI~1\AppData\Local\Temp\crxE8D3.tmp [2011-09-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMService; F:\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; F:\Origin\OriginClientService.exe [2124296 2017-03-16] (Electronic Arts)
S2 Origin Web Helper Service; F:\Origin\OriginWebHelperService.exe [2185232 2017-03-16] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 DAUpdaterSvc; F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [146944 2014-05-29] (SteelSeries Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 CORK95; C:\Windows\System32\drivers\CORK95.sys [25600 2012-10-31] ( ) [File not signed]
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-02] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-02] (Malwarebytes)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation) [File not signed]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2015-10-27] (SteelSeries ApS)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [54200 2012-09-26] (Thesycon GmbH, Germany)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-02-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [195584 2011-02-25] (VIA Technologies, Inc.)
U0 aswVmm; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-30 04:10 - 2017-04-02 16:45 - 00000000 ____D C:\FRST
2017-03-30 03:00 - 2017-04-02 16:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-30 03:00 - 2017-04-02 16:44 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-30 03:00 - 2017-04-02 12:06 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-30 03:00 - 2017-03-30 03:00 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-30 03:00 - 2017-03-30 03:00 - 00000608 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-30 03:00 - 2017-03-30 03:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-30 02:59 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-30 02:55 - 2017-03-30 02:55 - 59272008 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-03-30 02:50 - 2017-03-30 02:50 - 00012800 ___SH C:\Users\Administrator\Desktop\Thumbs.db
2017-03-28 23:03 - 2017-03-28 23:32 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-03-20 20:26 - 2017-03-20 20:26 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 20:26 - 2017-03-16 17:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-20 20:26 - 2017-01-25 19:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-20 20:26 - 2017-01-25 19:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-20 20:26 - 2017-01-25 19:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-20 20:26 - 2017-01-25 19:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-20 20:23 - 2017-03-16 19:59 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 17282648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 16400616 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-20 20:23 - 2017-03-16 19:59 - 13378096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-20 02:26 - 2017-03-20 10:42 - 00012922 _____ C:\Users\Administrator\Documents\Ironworks.xlsx
2017-03-20 02:26 - 2017-03-20 02:26 - 00002116 _____ C:\Users\Administrator\Documents\Tools.csv
2017-03-20 02:25 - 2017-03-20 02:25 - 00002116 _____ C:\Users\Administrator\Downloads\Your Crafting List  (2).csv
2017-03-19 23:49 - 2017-03-20 02:26 - 00003219 _____ C:\Users\Administrator\Downloads\Your Crafting List  (1).csv
2017-03-19 23:35 - 2017-03-19 23:35 - 00002151 _____ C:\Users\Administrator\Downloads\Your Crafting List .csv
2017-03-16 18:34 - 2017-03-16 18:16 - 00549944 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-16 18:34 - 2017-03-16 18:16 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-16 18:32 - 2017-03-16 19:59 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-16 18:32 - 2017-02-23 17:56 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-03-16 18:32 - 2017-02-23 17:56 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-16 18:32 - 2017-02-23 05:34 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437878.dll
2017-03-16 18:32 - 2017-02-23 05:34 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437878.dll
2017-03-16 18:32 - 2017-02-23 05:34 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-16 18:32 - 2017-02-23 05:34 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-16 18:24 - 2017-03-16 18:24 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-16 18:22 - 2017-03-16 18:22 - 00000000 ____D C:\Users\Administrator\Documents\Add-in Express
2017-03-16 18:05 - 2017-03-16 18:31 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-16 18:05 - 2017-03-16 18:05 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-16 18:05 - 2017-02-23 13:32 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-16 18:05 - 2017-02-23 09:30 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-03-16 17:57 - 2017-02-23 13:32 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-16 17:57 - 2017-02-23 13:32 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-16 17:57 - 2017-02-23 13:32 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-16 17:57 - 2017-02-23 13:32 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-14 12:56 - 2017-03-04 12:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-14 12:56 - 2017-03-04 11:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 12:56 - 2017-03-04 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-14 12:56 - 2017-03-04 03:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-14 12:56 - 2017-03-04 03:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-14 12:56 - 2017-03-04 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-14 12:56 - 2017-03-04 02:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-14 12:56 - 2017-03-04 02:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-14 12:56 - 2017-03-04 02:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-14 12:56 - 2017-03-04 02:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-14 12:56 - 2017-03-04 02:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-14 12:56 - 2017-03-04 02:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-14 12:56 - 2017-03-04 02:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-14 12:56 - 2017-03-04 02:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-14 12:56 - 2017-03-04 02:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-14 12:56 - 2017-03-04 02:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 12:56 - 2017-03-04 02:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-14 12:56 - 2017-03-04 02:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-14 12:56 - 2017-03-04 02:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-14 12:56 - 2017-03-04 02:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-14 12:56 - 2017-03-04 01:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-14 12:56 - 2017-03-04 01:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-14 12:56 - 2017-03-04 01:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-14 12:56 - 2017-03-04 01:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-14 12:56 - 2017-03-04 01:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-14 12:56 - 2017-03-04 01:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-14 12:56 - 2017-03-04 01:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-14 12:56 - 2017-03-04 01:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-14 12:56 - 2017-03-03 23:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 12:56 - 2017-03-02 13:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-14 12:56 - 2017-03-02 13:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 12:56 - 2017-03-02 13:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-14 12:56 - 2017-03-02 13:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-14 12:56 - 2017-03-02 13:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 12:56 - 2017-03-02 12:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 12:56 - 2017-03-02 12:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-14 12:56 - 2017-03-02 12:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-14 12:56 - 2017-03-02 12:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-14 12:56 - 2017-03-02 12:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-14 12:56 - 2017-03-02 12:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 12:56 - 2017-03-02 12:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-14 12:56 - 2017-03-02 12:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-14 12:56 - 2017-03-02 12:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 12:56 - 2017-03-02 12:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-14 12:56 - 2017-03-02 12:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-14 12:56 - 2017-03-02 12:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 12:56 - 2017-03-02 12:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 12:56 - 2017-03-02 12:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-14 12:56 - 2017-03-02 12:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 12:56 - 2017-03-02 12:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 12:56 - 2017-03-02 12:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 12:56 - 2017-03-02 12:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 12:56 - 2017-03-02 12:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-14 12:56 - 2017-03-02 12:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 12:56 - 2017-03-02 11:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 12:56 - 2017-03-02 11:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 12:56 - 2017-03-02 11:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 12:55 - 2017-03-04 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-14 12:55 - 2017-03-04 03:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-14 12:55 - 2017-03-04 03:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-14 12:55 - 2017-03-04 02:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-14 12:55 - 2017-03-04 02:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-14 12:55 - 2017-03-04 02:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-14 12:55 - 2017-03-04 02:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-14 12:55 - 2017-03-04 01:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-14 12:55 - 2017-03-02 13:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-14 12:55 - 2017-02-22 18:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 12:55 - 2017-02-22 18:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 12:55 - 2017-02-18 09:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 12:55 - 2017-02-18 09:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 12:55 - 2017-02-11 10:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 12:55 - 2017-02-11 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 12:55 - 2017-02-11 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-14 12:55 - 2017-02-10 11:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 12:55 - 2017-02-10 11:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-14 12:55 - 2017-02-10 11:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 12:55 - 2017-02-10 11:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 12:55 - 2017-02-10 09:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 12:55 - 2017-02-09 11:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 12:55 - 2017-02-09 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-14 12:55 - 2017-02-09 11:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 12:55 - 2017-02-09 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-14 12:55 - 2017-02-09 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-14 12:55 - 2017-02-09 11:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-14 12:55 - 2017-02-09 11:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-14 12:55 - 2017-02-09 11:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-14 12:55 - 2017-02-09 11:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-14 12:55 - 2017-02-09 11:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-14 12:55 - 2017-02-09 11:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-14 12:55 - 2017-02-09 11:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-14 12:55 - 2017-02-09 10:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-14 12:55 - 2017-02-09 10:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-14 12:55 - 2017-02-09 10:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-14 12:55 - 2017-02-09 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 12:55 - 2017-02-09 10:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 12:55 - 2017-02-09 10:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-14 12:55 - 2017-02-09 10:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-14 12:55 - 2017-02-09 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-14 12:55 - 2017-02-09 10:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 12:55 - 2017-02-09 10:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-14 12:55 - 2017-02-09 10:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-14 12:55 - 2017-02-09 10:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-14 12:55 - 2017-02-09 10:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-14 12:55 - 2017-02-09 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 09:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 12:55 - 2017-02-09 09:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 12:55 - 2017-02-06 11:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 12:55 - 2017-01-13 13:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 12:55 - 2017-01-13 13:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 12:55 - 2017-01-13 12:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 12:55 - 2017-01-13 12:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 12:55 - 2017-01-11 13:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 12:55 - 2017-01-11 13:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 12:55 - 2017-01-11 12:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 12:55 - 2017-01-11 12:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 12:55 - 2017-01-06 13:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-14 12:55 - 2017-01-06 12:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-11 23:12 - 2017-03-11 23:29 - 00011051 _____ C:\Users\Administrator\Documents\Glyphs, Signets and Aux.xlsx
2017-03-11 15:59 - 2017-03-11 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\UnrealEngine
2017-03-11 15:59 - 2017-03-11 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\AtlanticIslandPark
2017-03-11 15:49 - 2017-03-11 15:49 - 00000202 _____ C:\Users\Administrator\Desktop\The Park.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-02 16:45 - 2014-01-28 16:30 - 00000000 __RSD C:\Users\Administrator\Documents\McAfee Vaults
2017-04-02 16:45 - 2012-04-05 19:38 - 01657022 _____ C:\Windows\ntbtlog.txt
2017-04-02 16:44 - 2014-05-17 12:22 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-02 14:38 - 2013-10-05 21:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\Battle.net
2017-04-02 14:20 - 2017-02-16 04:20 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job
2017-04-02 14:20 - 2017-02-16 04:20 - 00000725 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job
2017-04-02 14:17 - 2017-02-16 04:17 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {37E79491-7708-4D3C-8211-DFF475CED810}.job
2017-04-02 14:13 - 2015-08-25 21:29 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d0dfa717420978.job
2017-04-02 14:08 - 2014-06-16 21:52 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1cf89d728b8072d.job
2017-04-02 12:25 - 2011-08-12 06:08 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-02 11:53 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-02 11:53 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-02 11:50 - 2014-01-28 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-04-02 11:49 - 2017-02-10 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Curse Client
2017-04-02 11:46 - 2013-06-02 21:10 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-04-02 11:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 21:46 - 2015-02-03 20:03 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0401653544997.job
2017-04-01 20:13 - 2015-12-03 17:08 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d12e1732fe28df.job
2017-04-01 18:37 - 2011-08-18 22:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-01 17:08 - 2014-05-08 16:52 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1cf6b07df1de097.job
2017-04-01 16:13 - 2015-07-15 21:41 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0bf70e4712b78.job
2017-04-01 14:23 - 2011-08-18 03:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-30 03:37 - 2012-03-05 14:22 - 00000000 ____D C:\Users\Administrator\Documents\BioWare
2017-03-30 03:16 - 2011-11-17 16:12 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-03-30 02:59 - 2014-02-12 16:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-28 22:57 - 2009-07-14 00:13 - 00849608 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-28 22:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-03-26 15:06 - 2011-09-01 08:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-20 20:27 - 2012-06-24 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 20:27 - 2011-08-12 06:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 20:15 - 2016-01-29 20:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-17 12:15 - 2014-03-21 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-03-17 01:26 - 2012-01-18 07:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Origin
2017-03-16 19:59 - 2015-01-29 19:17 - 03583744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-03-16 19:59 - 2011-08-12 06:08 - 19883600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-03-16 19:59 - 2011-08-12 06:08 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-03-16 19:59 - 2011-08-12 06:08 - 00042686 _____ C:\Windows\system32\nvinfo.pb
2017-03-16 19:11 - 2015-10-20 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Corsair
2017-03-16 19:11 - 2015-10-20 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Corsair
2017-03-16 19:09 - 2012-01-18 07:13 - 00000000 ____D C:\ProgramData\Origin
2017-03-16 18:35 - 2011-08-12 06:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-16 18:34 - 2011-08-12 06:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-16 18:22 - 2011-09-05 12:34 - 00000000 ____D C:\ProgramData\WinZip
2017-03-16 18:16 - 2014-10-23 01:06 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-16 18:06 - 2014-03-21 15:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-03-16 17:22 - 2014-09-08 23:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-16 04:39 - 2012-02-23 08:38 - 07813427 _____ C:\Windows\system32\nvcoproc.bin
2017-03-15 17:39 - 2016-04-07 16:44 - 00004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-15 17:39 - 2012-05-22 18:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 17:39 - 2012-05-22 18:23 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 17:39 - 2011-12-22 06:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 17:39 - 2011-08-18 22:43 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 14:58 - 2013-07-11 15:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 14:58 - 2013-07-11 15:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 14:58 - 2009-07-13 23:45 - 00323336 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-14 14:57 - 2015-04-15 11:51 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-14 14:57 - 2014-05-06 14:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-14 14:57 - 2013-07-27 16:17 - 00000000 ____D C:\Windows\system32\MRT
2017-03-14 14:57 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 14:54 - 2011-09-02 05:42 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 14:53 - 2013-07-11 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-03 15:03 - 2009-07-14 00:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2013-08-17 10:22 - 2013-08-18 16:48 - 0003284 _____ () C:\Users\Administrator\AppData\Roaming\ANIWZCS{0178C7EE-F750-4985-9AD0-F8A9A84748DF}
2014-01-10 16:49 - 2014-01-10 16:49 - 0000000 _____ () C:\ProgramData\3541085065
2013-07-25 14:19 - 2013-07-25 14:19 - 0000040 _____ () C:\ProgramData\ra3.ini
2014-01-10 16:48 - 2014-01-10 16:48 - 0004137 _____ () C:\ProgramData\zrmjlmea.zpl
2014-01-10 16:49 - 2014-01-10 16:49 - 0004137 _____ () C:\ProgramData\{rmjlmea.zpl
 
Some files in TEMP:
====================
2012-12-12 01:43 - 2012-12-12 01:43 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\AppData\Local\Temp\avguidx.dll
2012-12-02 07:27 - 2010-08-04 15:21 - 0433976 _____ (Yahoo! Inc.) C:\Users\Administrator\AppData\Local\Temp\bpuninstall.exe
2017-02-15 19:55 - 2017-02-15 19:55 - 0363208 _____ (BitRaider, LLC) C:\Users\Administrator\AppData\Local\Temp\BRSVC_23289264_hlp.exe
2011-09-02 12:50 - 2015-02-11 19:31 - 0036864 _____ () C:\Users\Administrator\AppData\Local\Temp\CmdLineExt02.dll
2012-10-20 15:45 - 2013-11-19 18:22 - 1542696 _____ (McAfee, Inc.) C:\Users\Administrator\AppData\Local\Temp\contentDATs.exe
2013-08-09 19:54 - 2013-08-15 13:52 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Administrator\AppData\Local\Temp\drm_dyndata_7370014.dll
2007-01-01 16:22 - 2007-01-01 16:22 - 0069632 _____ () C:\Users\Administrator\AppData\Local\Temp\gtalkwmp1.dll
2012-01-10 16:35 - 2012-01-10 16:35 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\GUR4884.exe
2011-12-09 20:40 - 2011-12-09 20:40 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\GURA784.exe
2012-06-15 16:42 - 2012-08-29 18:50 - 21935168 _____ (ArenaNet) C:\Users\Administrator\AppData\Local\Temp\Gw2.exe
2013-01-12 16:09 - 2013-01-12 16:09 - 0896424 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
2013-01-30 18:58 - 2013-01-30 18:58 - 0897448 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-02-16 00:00 - 2013-02-16 00:00 - 0897448 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-01 15:00 - 2013-03-01 15:00 - 0897448 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-04-05 09:44 - 2013-04-05 09:44 - 0904104 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
2013-06-21 20:58 - 2013-06-21 20:58 - 0903080 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 12:06 - 2013-12-19 12:06 - 0921512 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 15:50 - 2014-04-15 15:50 - 0921512 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-28 00:15 - 2014-07-28 00:15 - 0918440 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2012-08-29 06:38 - 2012-08-29 06:38 - 0894952 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
2012-09-27 16:56 - 2012-09-27 16:56 - 0895464 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2016-07-25 18:06 - 2016-07-25 18:06 - 0741440 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-24 14:19 - 2016-10-24 14:19 - 0737856 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-04-20 11:38 - 2015-04-20 11:38 - 0562088 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-07-26 15:11 - 2015-07-26 15:11 - 0563808 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-08-26 18:40 - 2015-08-26 18:40 - 0585824 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-10-21 11:25 - 2015-10-21 11:25 - 0585824 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-25 12:30 - 2015-11-25 12:30 - 0585824 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-23 11:29 - 2016-01-23 11:29 - 0644704 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-10 18:09 - 2016-02-10 18:09 - 0736352 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-25 19:47 - 2016-03-25 19:47 - 0736320 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u77-windows-au.exe
2012-12-12 01:43 - 2012-12-12 01:43 - 0163936 _____ () C:\Users\Administrator\AppData\Local\Temp\MachineIdCreator.exe
2012-10-20 15:14 - 2012-10-20 15:14 - 0888320 _____ (McAfee, Inc.) C:\Users\Administrator\AppData\Local\Temp\mssinstaller.exe
2016-05-27 14:18 - 2016-05-27 14:19 - 6359496 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
2013-02-03 19:31 - 2013-02-03 19:32 - 3962603 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus%20Mod%20Manager-0.41.0.exe
2013-02-11 22:21 - 2013-02-11 22:22 - 3967189 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus%20Mod%20Manager-0.42.1.exe
2013-08-06 17:30 - 2013-08-06 17:31 - 4120736 _____ (Black Tree Gaming                                           ) C:\Users\Administrator\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.5.exe
2012-05-15 02:21 - 2014-09-13 15:13 - 1219240 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
2012-05-15 02:21 - 2012-05-15 02:21 - 0354624 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStereoApiI.dll
2011-08-03 05:31 - 2012-02-29 13:26 - 0187200 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStereoApiI64.dll
2012-02-23 08:37 - 2017-02-23 03:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2012-12-12 01:43 - 2012-12-12 01:43 - 2985568 _____ () C:\Users\Administrator\AppData\Local\Temp\oi_{E3787763-82EA-47C4-A3CE-5F4EE8026E51}.exe
2011-12-25 10:41 - 2014-01-28 16:17 - 8330352 _____ (McAfee, Inc.) C:\Users\Administrator\AppData\Local\Temp\SecurityScan_Release.exe
2015-02-11 19:31 - 2015-02-11 19:31 - 0012067 _____ () C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
2015-02-11 19:31 - 2015-02-11 19:31 - 0019924 _____ () C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
2015-02-11 19:31 - 2015-02-11 19:31 - 0024516 _____ () C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
2012-05-16 23:39 - 2012-06-07 16:30 - 25504432 _____ (Skype Technologies S.A.) C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
2015-04-04 11:25 - 2015-04-04 11:25 - 0006656 _____ () C:\Users\Administrator\AppData\Local\Temp\tb9vfksy.dll
2013-06-10 21:06 - 2013-06-10 21:06 - 4479832 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\tmp4740.exe
2013-06-10 21:06 - 2013-06-10 21:06 - 4961800 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\tmp4DF5.exe
2013-06-10 21:06 - 2013-06-10 21:06 - 0288088 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\tmp51EC.exe
2013-06-10 21:06 - 2013-06-10 21:06 - 2653944 _____ (Xiph.Org) C:\Users\Administrator\AppData\Local\Temp\tmp6C8E.exe
2016-03-04 23:11 - 2016-01-25 22:06 - 2108488 _____ (AVG Technologies) C:\Users\Administrator\AppData\Local\Temp\UNINSTALL.EXE
2003-10-14 10:08 - 2003-10-14 10:08 - 0294912 ____N (Blizzard Entertainment) C:\Users\Administrator\AppData\Local\Temp\war3_Install.exe
2013-01-14 14:12 - 2013-01-14 14:12 - 3626208 _____ (WinZip International LLC                                    ) C:\Users\Administrator\AppData\Local\Temp\winziprosetup.exe
2014-10-02 15:48 - 2014-10-02 15:48 - 0040960 _____ () C:\Users\Administrator\AppData\Local\Temp\x2blapi.dll
2015-08-26 20:23 - 2016-01-23 11:32 - 0847576 _____ (Yahoo! Inc.) C:\Users\Administrator\AppData\Local\Temp\ytb.exe
2016-11-30 00:47 - 2016-11-30 00:47 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\z26dj6qz.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-28 10:47
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Administrator (02-04-2017 16:45:50)
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-12 11:02:23)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1086365725-1468650204-1436194041-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1086365725-1468650204-1436194041-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1086365725-1468650204-1436194041-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Document Capture Pro (HKLM-x32\...\{8930DCE5-510D-4476-A879-835188F7B6F4}) (Version: 1.06.0011 - Seiko Epson Corporation)
Document Capture Pro OneNote Connector (HKLM-x32\...\{65FC2F65-FCD4-495C-B250-1F7C049E4A39}) (Version: 1.00.0000 - Seiko Epson Corporation)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E4631929-CBD3-49A1-9BB7-F36E701F7C34}) (Version: 3.10.0040 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON WF-4630 Series Printer Uninstall (HKLM\...\EPSON WF-4630 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-4630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-4630 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1034 - Marvell)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.6.29454 - Electronic Arts, Inc.)
Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden
Pokémon Uranium (HKLM-x32\...\{19097BE1-FE13-4CAA-9B51-0F019D2BB85E}) (Version: 1.0.4 - TTGJailbreak)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Safer Updater (HKLM-x32\...\Safer Updater) (Version: 1.1.0.6 - Safer Technologies, Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Park (HKLM\...\Steam App 402020) (Version:  - Funcom)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices  (04/21/2009 2.40.0.0) (HKLM\...\30853F7174C6EB267FDAABE50A369169D18DA611) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development USBIOControlledDevices  (04/21/2009 2.40.0.0) (HKLM\...\8555DF8099612EF2F8333DC0EC454113D4537E7B) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{05abbd0e-d7fc-446e-afd3-a9ebf759a321}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{0a70a9e3-4119-42be-936a-453e8f1ec703}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{0ea501d1-629c-479f-9a58-2099857de936}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{14dc5dc5-5c9b-4cb6-80f7-ff500d8e280d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{193efc54-6e5d-41c0-81ba-535ec59a24ca}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{1d3f87d8-849f-439b-8454-d62b30f9b606}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{29dc645f-675b-48d6-bc0e-61e2e99205e6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{2ae5f180-8996-4e3d-80e4-67d2d80566ec}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{2c84726f-0806-40f9-8cb0-b0279d851d45}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{3acd8749-b59f-49d5-8446-2a0eba27aad8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{407c30a8-ba6f-4c20-9788-64ece021ba05}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{443871ee-3e71-4826-87b0-8d223d1bbfd1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{45dbf5f8-6b1f-4971-a931-3e44e0d364fe}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{4738f7f8-741f-4ea9-8afb-9788a8208599}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{4bdff7ca-057c-422b-9397-c03b460ba6e1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{51e9e809-3e8a-4011-919a-3eb067a4d226}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{52739cf0-6152-4006-8da8-6b627da40d6f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{5e1e9c1d-ab74-4d2b-889c-9e205b46e706}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{5f67e5c6-9ae5-4d0d-913d-51c63068a62b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{671de068-f89e-4597-8084-2d8cfb52773c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{76e2bae6-b2f5-4aeb-aa91-eb4d47acea88}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{7b80d40e-e92e-45d0-bd1e-e7e0b47af6bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{83d892d4-2276-47df-bd88-d7b50955a39b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{89f2abe6-4f23-447c-8529-b1a46c93c98e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{a1141f40-ce49-4915-a520-cb71342ada06}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{a190f108-4932-4cfa-bf50-c6199ad491b0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ae753ddc-5a1e-4fcc-a6b1-052cc06d6d85}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{c9c05ffb-f41c-4c84-943a-c7ed3a2a7ba1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ce1e6e09-2f1a-4f70-afb9-bd07f21ae7d9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{cfbe6a68-5e23-493f-b3eb-4234e5f038f8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{dd0d879e-7955-41cc-8e02-46ce2a8282cd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ed39eeb7-b410-479c-b78f-74f53fab9b62}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ee52ab5a-7d89-4b7c-9949-af0471c0b097}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ef9365b9-973f-496e-99a8-2356f36b9833}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ff432833-9269-4c75-9ada-502399904d54}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0093ABA4-5D00-475B-864A-9DA5C0E1049C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {09EE9E2E-8FFD-474E-A4FC-8E3DE51CCC5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1cf6b07df1de097 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {0AB49055-CD65-4357-AD3C-9DB83E425FFA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {1CCB58DA-0E33-41D6-B722-5642A6E3BE86} - System32\Tasks\{12D09D97-106B-4E1C-8554-8997BC521CB0} => pcalua.exe -a F:\Steam\steam.exe -c steam://uninstall/107310
Task: {245FB154-C569-48A3-B740-14BD63BE6FA0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {34683CAF-B4F0-47DD-A02E-AA18E9F8034C} - System32\Tasks\EPSON WF-4630 Series Update {43520EA8-34A3-4F8E-B178-3C45A157FC46} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {36B0F327-7599-4F09-BE97-E6F9C7EFE50E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{33604734-9495-4494-B9E4-12FCAA8F1230}.exe  <==== ATTENTION
Task: {3AD5A836-47E8-45E3-9B17-290B1696684F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {40027A8E-7CDA-4AD0-870E-09F238B3EEE4} - System32\Tasks\SaferUpdateTaskSCUD => C:\Program Files (x86)\Safer Technologies\Safer Updater\SaferUpdater.exe [2015-05-18] (Safer Technologies, Inc.)
Task: {4D987D17-957D-4073-BB0F-3863ED0D493F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {51EFB7B2-6512-4C2A-A608-F1CDF92338E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d0dfa717420978 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {543D3B9F-03CD-47A3-AC8B-190423807144} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {5704485D-5039-4CD9-945E-518AB9CE990B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1086365725-1468650204-1436194041-500
Task: {624CBC98-24F1-4B1F-8F38-9F1FC961E5C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1cf89d728b8072d => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {6AD026C1-108D-44E6-8E72-2D862168652D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {73282B5D-B697-4481-A89A-B1B42296283E} - System32\Tasks\EPSON WF-4630 Series Invitation {43520EA8-34A3-4F8E-B178-3C45A157FC46} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {7C45122F-A7B9-4DDD-B21C-C0D53BCEDD6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0401653544997 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {7D6DA199-C3B6-435E-B307-4496AAEA9574} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d08f635c711ab0 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {8DC6D612-4FEB-45C5-8CFD-F233C3732438} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {92FC79F9-8C86-45A6-9FF4-FAFA1E2630B5} - System32\Tasks\EPSON WF-4630 Series Invitation {37E79491-7708-4D3C-8211-DFF475CED810} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {954A6D82-2189-434F-8368-CE111762C0B5} - System32\Tasks\{0CB75BFE-A60D-4348-815F-D864CDDB229A} => pcalua.exe -a "C:\Users\Administrator\Downloads\setup (2).exe" -d C:\Users\Administrator\Downloads
Task: {97412DA1-7BCA-49CF-AE2C-98E7DC1D7903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0bf70e4712b78 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {9F03FA46-85B3-4101-9272-06CCBF563D42} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d12e173317568e => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {B1A55F20-EEF2-4985-B5DE-4585CFF7F257} - System32\Tasks\{31948789-09C1-4480-A05C-FA74D529EF30} => pcalua.exe -a C:\Users\Administrator\Downloads\EVGA_Precision_Setup_211.exe -d C:\Users\Administrator\Downloads
Task: {B72BC760-853F-4E18-A062-8F8181BF90EC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {BC44E9F0-52F7-48C5-B84C-9A365857FD3A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {D3B58626-2711-4943-BC17-EB4A0F428403} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d1ab21b0b84bc6 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {D6ECD2A8-EB89-4C7F-B622-D6BEF3FD6773} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d12e1732fe28df => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {DAE532AB-EEE3-4A54-95F2-E680C72E0E10} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {DEEC3507-C69B-435F-8171-2E19BA3C1C28} - System32\Tasks\{ED8C3B2B-5286-4E67-84B7-2A42A0874732} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C3F383C1-D050-4A40-843F-8171A6A02C3A}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {E6FC2818-83ED-4A05-A814-77DB4F7C54FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {EE2FAB9C-ED57-45BF-BB9E-A209ABB31386} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {F4609B5B-9B7D-488B-8CB4-D6D8D1304F3F} - System32\Tasks\EPSON WF-4630 Series Update {37E79491-7708-4D3C-8211-DFF475CED810} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FEAA5648-0C6D-4EBD-9E94-424D3FF3A838} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe 
Task: {FF8DDBF5-5E14-46B6-B115-215966FEB1BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0012850ffa341 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{33604734-9495-4494-B9E4-12FCAA8F1230}.exe <==== ATTENTION
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {37E79491-7708-4D3C-8211-DFF475CED810}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {37E79491-7708-4D3C-8211-DFF475CED810}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE :/EXE:{37E79491-7708-4D3C-8211-DFF475CED810} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE :/EXE:{43520EA8-34A3-4F8E-B178-3C45A157FC46} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1cf6b07df1de097.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0012850ffa341.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0401653544997.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0bf70e4712b78.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d12e1732fe28df.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1cf89d728b8072d.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d08f635c711ab0.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d0dfa717420978.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-30 02:59 - 2017-03-24 04:09 - 02271520 _____ () F:\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-03-14 12:30 - 2017-04-01 14:23 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-12-08 16:17 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3B81E633-4DCE-4321-8478-1FC4F83C5AB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{5706F4ED-449C-410C-A963-807254154244}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{81AD6133-FB0E-4E71-8CEE-971B9AAFF821}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{464BA7EC-B868-4798-8A76-1670DF6B562B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{F381FE38-509A-4B9B-98DB-F36F487614C7}] => (Allow) C:\Program Files (x86)\StarCraft II\Support\BlizzardDownloader.exe
FirewallRules: [{B2E85114-E9DD-4494-8158-1F5AB8F52CA4}] => (Allow) C:\Program Files (x86)\StarCraft II\Support\BlizzardDownloader.exe
FirewallRules: [{4C99B97A-68F3-420F-A857-98008180632F}] => (Allow) LPort=3724
FirewallRules: [{70D2B904-C76D-4FAF-AF40-0572601054F6}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{00909B82-2333-4635-8F4C-ADD7BCA645B7}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{B82815D7-836A-4C14-A339-C52DF1944FA6}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{AF947C27-35DE-4A70-A114-941D96276B89}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{7F2096BE-D087-4B79-B6A1-00330C2C482D}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{FB8E7F47-0C2F-4B83-9ACD-7397AF1C977D}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{1F1E9046-8D5C-4A6A-BD09-217ED0EBA0F0}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{24695903-DD85-4B21-9B78-13C940FD01E2}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{65F2C371-7BB4-47BB-8B5F-1998490D690E}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{633C6746-2542-4A0F-AA8A-9C64E688F750}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{A8DCDEF4-9D5D-49FD-9756-0C033DE80F4A}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main.exe
FirewallRules: [{4ECC9243-A919-4468-8861-10C2EE37C0B8}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main.exe
FirewallRules: [{275BC1B8-4880-408B-A78A-03DBE3AD9405}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe
FirewallRules: [{9B91E4D6-6431-4834-B552-735A94878CBC}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe
FirewallRules: [{BCFF7688-F25F-498F-B86A-9925C8BF3D6D}] => (Allow) F:\Atari\Neverwinter Nights 2\nwupdate.exe
FirewallRules: [{EAD4F36E-1DAD-4F1D-8D90-A9EC55330D51}] => (Allow) F:\Atari\Neverwinter Nights 2\nwupdate.exe
FirewallRules: [{3D33E506-E8B1-412C-8C4D-3180C8094B93}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2server.exe
FirewallRules: [{F05845DE-78C8-4610-A349-95645DD49391}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2server.exe
FirewallRules: [{7AC91A8D-3120-45BB-B439-7E37BB49F9FB}] => (Allow) F:\World of Warcraft Public Test\Launcher.exe
FirewallRules: [{5F932BD7-0024-43B8-A112-47C24E7E0A5B}] => (Allow) F:\World of Warcraft Public Test\Launcher.exe
FirewallRules: [{5E992D34-F8C4-4A58-8140-A64B364EE2E3}] => (Allow) F:\World of Warcraft Public Test\Launcher.patch.exe
FirewallRules: [{2FE53ED6-99AC-4BD9-A246-35F3C33467AE}] => (Allow) F:\World of Warcraft Public Test\Launcher.patch.exe
FirewallRules: [{2101D601-6D12-4DA1-9A6A-167BA336CF71}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{6552EC99-A022-4ADA-9DD4-DCBFADA2AE73}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{98FFC970-A2F2-41FC-9F1E-7A393629186B}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{8B830DD0-F9E2-40A7-9AA8-618343603C03}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{B487261E-010E-4415-9091-BCB92DE6221C}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{7CA11D8E-E147-4317-AB82-9B4CB6D3D4AB}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{9FDD8720-815F-4E1A-A2B6-32DD96FBE85B}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{887BA6D7-0814-40FB-A228-74C8E86F11E1}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{76101CC2-AC1F-4629-B9FF-51FBBBFD9B6E}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{F256CB90-84D2-4E7D-B4E9-5A15A12A30E6}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{90341A96-4E62-4CA2-998D-58A497AA5036}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{C8420866-4C24-4CF3-9EF9-6230F6749498}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{CC55E8B6-D4B7-422E-80F4-3C8FF743BE00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{1B643B36-A378-4F28-9424-0FEB870DE8AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{3594B879-F2F4-4E5E-A129-C2730B578812}] => (Allow) F:\Diablo III\Diablo III.exe
FirewallRules: [{002BDFA3-75B5-49C9-BF38-33D5A5B5862E}] => (Allow) F:\Diablo III\Diablo III.exe
FirewallRules: [{F37AA2F5-001B-44A3-A0D2-CD9103CABA61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{57D2DE06-801C-484B-8053-F1CD81453907}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{7CAC5314-DA69-40ED-BBB9-205A5DDEA669}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{CF1ABA7A-8D59-4ABD-9C63-84498097452D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{FEDCDA12-2108-4666-820D-6DF65821E799}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{4CB325A9-C91C-4B86-A6B7-C32863150D71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{68E216B7-30A8-4CD5-86DB-5506B9995412}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{62D6BA98-94D1-4D84-AEA5-EC07D4B797D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{3F230CA5-52F0-408A-9ABC-311E4ACB7CFF}] => (Allow) F:\StarCraft II\StarCraft II.exe
FirewallRules: [{E45D7F29-02D5-4766-8561-52C47C29BD13}] => (Allow) F:\StarCraft II\StarCraft II.exe
FirewallRules: [{5D1BE0EC-F333-4DE1-B82F-7AE2252452A1}] => (Allow) F:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{8D51EF01-0BD9-419D-ABA9-B8BE85158220}] => (Allow) F:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DF643608-E508-4A45-AA25-98A6F5EC7FE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{33D75722-6960-4022-B9AE-47DB86EE93E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{ECC4E88F-D1EA-44DB-AAA2-64B1139A47E2}] => (Allow) F:\World of Warcraft\Launcher.exe
FirewallRules: [{D99A1267-AB47-4EF1-A79B-9C11992FE314}] => (Allow) F:\World of Warcraft\Launcher.exe
FirewallRules: [{4BB90960-ED03-4A03-89CF-DBFA772B1D17}] => (Allow) F:\World of Warcraft\Launcher.patch.exe
FirewallRules: [{4EA64779-8266-4975-8027-103F10BB2964}] => (Allow) F:\World of Warcraft\Launcher.patch.exe
FirewallRules: [{CA57AADA-EE92-4385-9227-22D295BBD54F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{050AFB50-A301-4181-B5ED-15CB58E55536}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{3A8181C4-DC8B-4E8C-BD68-5B9CCD93B659}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{140C873A-9E7F-4A77-8981-48D45854A793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{24FED292-600C-4E82-A559-C90841E6D296}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{EFE41CCA-516C-476D-A4F8-108A035D3D84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{240707AF-6D10-4BF7-861A-5365D8836DE5}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D57050C6-AE27-43B8-8735-FB68C8CFE363}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{908B10B8-0205-4460-8C29-052647DF3CBF}] => (Allow) F:\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{CD98C53C-8A08-4503-91F1-7C6EC044D6C2}] => (Allow) F:\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{5AB07B24-008B-4FBD-96B5-1186BB192E0C}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{BB388C4B-E8D5-447D-BCDF-CE497C129925}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{BF9C5DC4-E5F1-40E4-B3E5-CDFD1BC313B8}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\Versions\Base24247\SC2.exe
FirewallRules: [{17987C43-3553-450D-870B-641BDF124F96}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\Versions\Base24247\SC2.exe
FirewallRules: [{E6D665F6-6F84-442B-B023-C483881760CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{A1ECCDED-4DBF-401D-A4CB-D0AF5888CE18}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{BF515BE6-32F1-4A85-A64C-69D2F97448FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{CCCA2DEB-C57C-4414-B779-A0310B34643A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [TCP Query User{D7F419E6-AB91-4A94-8202-1FB5D7329118}F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe] => (Allow) F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe
FirewallRules: [UDP Query User{A6D4313E-D798-4E19-B3B8-1D46E01DA709}F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe] => (Allow) F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe
FirewallRules: [{242FFA38-13E0-4FA5-8F0F-FE02183DFE3E}] => (Allow) F:\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{A42D775B-F41B-4C09-9273-D567C1E9BFC9}] => (Allow) F:\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{C647DA89-88FC-456E-A20C-BB8E251DDA44}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{D89215EE-F9CD-4853-B423-D1D6950E135F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{4D109C26-690F-4EF6-B962-1D0F3B3237E0}] => (Allow) F:\Steam\steamapps\common\FFXINA\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{4411421A-4664-457C-9519-8A3F36F43ED2}] => (Allow) F:\Steam\steamapps\common\FFXINA\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{6CDACB61-35BB-4E91-9311-44F1C1917B45}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{FFB194D6-7A2F-49D4-BCA7-67508A6FC610}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{6758389A-8820-4A1B-9B7C-26AC1569CF33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{E8CF55A3-296A-4FD4-9DF6-AC6C3CAF1048}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{DEA5551B-EC4F-4C68-BD91-FAB1C16CC00D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{07CD9B34-589A-4D16-A840-7C8DF1AB85D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{D7549876-4645-4CF2-99B7-B9F423FFC8B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{3EDFF851-BE48-4D1D-BEE0-F2866A7EB5A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{13FB66EF-6B79-4BA0-9E2C-8036371FA6D3}] => (Allow) F:\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{A467D3CB-E62D-4EEF-8E44-D54C86D4F1AA}] => (Allow) F:\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{520102A6-336C-4F0C-9DDD-F2FBE4F6D403}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2163\Agent.exe
FirewallRules: [{C54B4518-8E9D-4A3E-A4B5-A28C387D4BC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2163\Agent.exe
FirewallRules: [{6FD8BBEB-0646-4D7E-9CAC-FE6C2D126655}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0AF02F67-0EB5-4E5D-BB5F-805A21299F32}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2697960F-7DC0-4841-A9C8-003C5E7713AF}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A4D761AE-BC23-486E-8A11-C88D5648061C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{255E0F33-E2DB-4D2B-A94A-334A5B135E2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{DA4681D4-A7F4-4863-9395-7A8C8218A587}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{C11A3031-49CB-4818-BF8A-5E86FF49FC2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{F87BDEBC-7D4D-489C-8ED0-17D9586AE136}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{40808914-ECF0-4070-8C1B-3EF64BA46551}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{5CF4C6B6-0C79-4453-9A02-C70DF9FFD540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{61F77D58-C8C6-4AE4-958D-67529C988464}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E9C66D73-CDEF-4FF5-B0C6-D321E3BCA992}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1379E1E1-C507-4C56-99AD-1D217BF619CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{7307A23D-9E16-42E8-B9FA-00818BDFF98C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{2EDD9B31-1926-44E2-BF87-B8469B252364}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{BBA8EF65-0A06-46C0-878F-4FCB486E6EDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{1BF2459A-FD90-4B4A-BE8C-19F1808D123A}] => (Allow) F:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{EBCB0172-C6C9-4859-B82E-5C0A4C75456A}] => (Allow) F:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{96D5DCAE-0C84-4EB9-B6B4-A99FFD37FC14}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{0A442168-B0C4-420E-8C1B-5FFDA8B4E15B}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{BB0C46CB-26EC-4C24-9299-C5E10D57C340}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{9342AD20-C80A-4AE8-A9DB-B5F4090535FE}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{A962F4EE-127A-40F6-B7CF-B84CA6DD29EA}] => (Allow) F:\Games\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{25D68699-85D5-45C5-99B0-C85D5B9F7B77}] => (Allow) F:\Games\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{227D48EA-BA02-49D2-AAAA-C26C71F822D5}] => (Allow) F:\Games\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{9BA08D3A-1F2D-49AB-A5A8-B2CE4770C3AB}] => (Allow) F:\Games\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{EF47085C-AF82-43AA-97A3-092ACA50A6F4}] => (Allow) F:\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{2BFD73AF-813F-4A36-A0BA-FA410E6BEC3C}] => (Allow) F:\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{22E7D5C1-69DE-4F5F-8767-50A13B7086AB}] => (Allow) F:\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{C5B9D03C-A797-4AB3-9A79-CC9B4ED81A5F}] => (Allow) F:\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{9C70A58D-902F-4187-816D-B3E3AFDCC55E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{098708B6-B253-45C2-AB3D-5676A129C75B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{E9CECD5B-CCD3-4B1B-BA6D-38E13EB03AC9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C4EA6161-5058-456D-850F-653E939D526F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C537DCE2-74A2-4A13-8F4E-460E3EEB0E69}] => (Allow) F:\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{53835365-3E45-415A-9E53-99F60E73AE75}] => (Allow) F:\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{AAED9357-4E52-4519-838F-DB0F30D0BEED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{C40C99D5-4C7F-41AD-BCC3-298232670CC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{BD786C56-46C3-43D9-9DCF-0686086D6931}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45F90777-FE03-4B54-91E2-189D15BC7660}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3D6AEF4-4FB1-4B01-AF5D-76D58AD33B03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{56D86D35-6DE3-46EB-A985-949198CDB66E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{83E6CF1A-6B40-40BB-B7AD-8CA8D8372F81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{756B945E-7D6D-48C6-946A-1C3F6E96986A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{D614811F-112A-4F02-92CA-ACA712DE9B48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{4831F723-2168-4D5E-81A3-8BDFE8A5F257}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{19E7FE93-55D7-4281-A4B8-7B5206198BF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{24D52799-CE6D-4EF8-AA16-B442D8EC6032}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{AE313D8B-D8DE-484D-9950-8AC075668853}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{287C0F26-AD07-42BF-AF0A-965C49669606}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0245C85B-7EAC-4D16-9BB3-FB4CEC1A2136}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{14E0F33C-D7F0-416C-8087-41A0C951EA60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{45996EF7-8EB8-4354-A506-ACC3FE89B256}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{945BCA16-4D7E-42B4-996D-5F6CA1EE5065}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{5E356214-F644-492F-BFE2-136D8E386DEB}] => (Allow) F:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{37FDC4AF-E03E-4515-9A87-E56C7624E843}] => (Allow) F:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{27D06992-9C36-457E-B236-5664433B61F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{CD3187EE-947E-4070-8902-134DCD7F17DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{1AF83D4D-DBB1-471C-8B97-47B995B30558}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{4E7A2D72-E163-4A25-A65A-CB49C4D8B84B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{0B3D1F07-71A0-48BC-970B-0BC31DD62706}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{749EA919-BF86-43DB-BE70-8AE230078429}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5D033D58-1E09-4089-9769-E106F591EBB2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{1C4B6906-4C6B-4E64-AE64-75DF67BAC840}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{CE7BCCFE-7C14-4FE9-8F9B-0C7512F67035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{59465417-1D6B-4AE2-80B2-DCEBF96EDD4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C42A6E7E-A5D6-4AB5-88D9-56D088D0AF86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{CCF9BE08-E432-49E6-A480-3EB6350F95EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5AF31204-6A3E-42F7-A428-9A88594C66E4}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{8FF5FDE4-2DFC-4F50-B605-9782985781C8}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F842897A-1A5C-47D4-9034-4F916D5E5920}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{FA78AB21-D0F5-4762-B76F-0FC5921DEC5C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F3C007C4-3EFC-41BD-ABB8-4084B601B362}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{BA7C73C2-F0F7-425F-B16D-148232BF0DDC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{4902A92F-73B5-48CA-B7A3-7B487C4EC483}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{4523C682-D1B5-442E-806D-AB572FAF8919}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{8A5DF6A9-F30D-4EF3-85E5-DBC932AB592A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{7C5D432A-CCD0-4EC3-BADF-DDD4AE8AA418}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{EAC1F061-700B-44A1-8694-26CDE5A52924}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{A0D39117-45FF-4217-A557-E9C8349C0324}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{1BBBF0D2-379D-4BA8-9C6D-D33B79BC201A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{3FFE4326-66B7-4631-8796-E42E46342A75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{AA7DB089-AB80-47D9-BA35-41719B2A0CA3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{529C96D5-4B66-45D5-95FF-D0321809C01E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{D40DE8D3-CB8F-4D5A-8121-96CF7B93C5CE}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{7C112E5C-8B56-4C01-84AA-689B660CDF08}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{3E904989-D44E-4B2D-9EB4-C632A9B3D494}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\DragonAgeToolset.exe
FirewallRules: [{880DF84C-77F5-4CA4-9AFC-86A319BA74EF}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\DragonAgeToolset.exe
FirewallRules: [{838EEC69-5389-4C9E-AFBF-DD4EEB461A30}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\RPU.exe
FirewallRules: [{9E8D0F6E-6F99-49E2-B934-B78F60C5D053}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\RPU.exe
FirewallRules: [{315AFE11-674A-433F-AF77-E45BB85602FD}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\lightmapper\eclipseRay.exe
FirewallRules: [{65D8BC0F-0EAA-4077-9FA4-DC5429D92DF8}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\lightmapper\eclipseRay.exe
FirewallRules: [{9BFBE185-072E-4598-8625-6004A2004A51}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\GffEditor.exe
FirewallRules: [{CAC05E04-A5B4-4766-8E9E-739815D95945}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\GffEditor.exe
FirewallRules: [{DB82BD5A-B688-413B-93C0-25073441BA05}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\ErfEditor.exe
FirewallRules: [{D51578DD-1C82-4FA4-8D99-8A53CA9E8BC8}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\ErfEditor.exe
FirewallRules: [{8EF3F24D-7056-4053-8582-829C59294F90}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{8A6F48B5-454C-45A9-BA4F-742FD74B4C6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D777F2D7-9913-4909-BDD1-C8C3F8E830B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{6E12717F-0F47-428E-9502-36351FFA5909}] => (Allow) F:\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{C61D323D-F6B6-4E5B-8ABF-4EACE674A99A}] => (Allow) F:\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{22BE5DFE-3F97-41A6-ADD5-3E2E83591F13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{13C564F1-9E86-4926-8196-06C075DBC52B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{09014014-989A-4757-9E67-F75EEB56FFFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{8EEBF3C8-9F7B-4F6C-9E44-10F4B6D1FAD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1465C685-7285-4D3C-AC05-D74450286D5B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8E7A1D5A-462C-41E7-9A83-BBAB6FA004AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{BAF23861-B1B1-465E-874B-8C7E884C8198}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{78CD4E96-2C28-4E4C-8D62-D713C9A00756}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{DAC7BC64-7496-4EF5-8BA1-C7EDD64EC30A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{FAD86B82-3449-4786-B675-86C243B0079E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{3AB358EC-826E-4322-A546-3A0E7B9D6C6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{E121F882-5B6B-4871-B062-2FF530768B95}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{F02517EE-7564-48AD-9018-7DEAC1B6DE4A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{BC75DB94-FAE9-40CE-8C21-E21513946354}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{0E1A66EF-537F-4779-A803-58F221E9D88B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{09DCA3D2-38A5-4782-A99C-4D0943D698C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9EB4E33B-B1C0-48C1-8C15-2E236AAACD12}] => (Allow) C:\Users\Administrator\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{EA9F5ADA-FC12-4079-98BA-68DDD5CFA2DC}] => (Allow) C:\Users\Administrator\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{2072D392-B627-4CE1-888E-820A33C2AA18}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{196BB377-09BE-46CF-BADC-23966E1BECE9}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{9611AAC7-91AC-49D8-AC30-36990403AE9F}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{1F728F7C-235C-403A-8539-A7FE962ED676}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{22562D74-1675-4861-8957-E75613D8B92C}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{059BB105-9E03-447B-813C-26A10EBD6061}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14C82351-9D76-453A-AB12-7DDD7C865D56}] => (Allow) F:\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{A25D9186-7058-410B-8B00-ED26CB7D34AD}] => (Allow) F:\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{1DE70633-48FC-483C-8B92-361714B8A5B3}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{CBBB3114-79DA-4D0B-B6B9-0C9E73A67DA9}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{9A20D713-BF3E-42CA-89C6-911D771EF918}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{19408E6A-166F-4C86-871B-F85B042ED3BC}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{78C6C2E7-A2D4-4E9D-BBDA-0F593D97A609}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E464A919-5715-4AD2-A201-B09FFE98F978}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{D36894C3-BC3F-4338-A9F3-E907FE5AEF6C}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{DCCB339E-1EEC-4D7B-BD33-1B0AED5464B8}] => (Allow) F:\The Secret World\ClientPatcher.exe
FirewallRules: [{6A5332FD-7593-4756-8777-F0CB7C200B1C}] => (Allow) F:\The Secret World\ClientPatcher.exe
FirewallRules: [{5A8F2CB7-66E5-409B-B01A-A490EEABB78D}] => (Allow) F:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{FD536516-BEE7-45B2-9B3D-B4629840A370}] => (Allow) F:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{F50FEAF1-0509-4321-A78A-67C37A2FBC06}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E6406671-B0F4-44BF-83AB-839A5FD19B62}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{24CAE813-794A-46EA-8E71-060B4E10273A}] => (Allow) F:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{02159DA8-9C41-4928-B873-78F93F1AB9D7}] => (Allow) F:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{AD9F8248-0987-4770-9617-BAB45DD595DF}] => (Allow) F:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{FF251ECA-A64C-4BBC-A0FD-6E480961AC98}] => (Allow) F:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{EC787455-F453-4AE1-8027-402C7AA45B82}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{F93A69D8-BC52-4B63-86E8-73A89BD62F44}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{0A6C679F-D426-4141-AFD3-961A5968CCF7}] => (Allow) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CF02B548-2B84-43F3-BBB6-A81146F92A45}] => (Allow) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C241D973-74AB-4030-8D34-223F4E49C8F2}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{EE6F7530-2AEA-4282-B539-54EF40F42BBA}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AD3B7247-C104-44FD-9B6D-92204BE70619}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{34736B24-27B1-449A-B797-8B7EE7A7BCCD}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{F9D3136E-464C-4918-BC82-4DD6DA9630EF}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{E295D696-F31D-4884-96A0-6B27DEF9A12A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{0A6888E0-E8DE-4064-B4A7-903B4EB77DE8}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{3A3B50BD-6151-4C10-9C8E-C52E9FD3C5E5}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{F59528FB-9E25-4FD0-9283-C725AA45D449}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AC46468B-D3FB-4CE4-8509-74C2A6CB7483}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D8884038-C608-4765-8143-41F21B68267D}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{66211D24-F33C-489A-A911-FC92954E1F16}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{D2DB77F0-5A48-48A2-87BF-22ADA7F3B629}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{B753EA66-0776-4374-89A5-AEB50CF7DC8D}] => (Allow) F:\Steam\steamapps\common\The Park\AtlanticIslandPark\Binaries\Win64\ThePark.exe
FirewallRules: [{D772E711-ABDB-4FB3-B6BD-C84DBFD0F57A}] => (Allow) F:\Steam\steamapps\common\The Park\AtlanticIslandPark\Binaries\Win64\ThePark.exe
FirewallRules: [{16523FF6-D345-46C6-BC44-FE6A890965C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D3064D55-12D6-4A6D-B298-38DC90359FC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8013F3C8-3C74-4F0E-88C0-55878BA343A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6AAF9EC8-914C-4FAE-89A3-04EB18D9DA76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DFAE932C-6965-45D0-970B-4FE745A380DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/02/2017 11:51:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (04/02/2017 11:45:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/02/2017 11:43:48 AM) (Source: MSSQL$BWDATOOLSET) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
 
Error: (04/02/2017 11:43:48 AM) (Source: MSSQL$BWDATOOLSET) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
 
Error: (04/01/2017 08:20:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 7.2.0.23857 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e7c
 
Start Time: 01d2ab4ef54bafa9
 
Termination Time: 1
 
Application Path: F:\World of Warcraft\Wow-64.exe
 
Report Id: 9af73626-1742-11e7-9c92-f46d0457d6d8
 
Error: (04/01/2017 01:35:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (04/01/2017 01:30:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/01/2017 01:28:32 PM) (Source: MSSQL$BWDATOOLSET) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
 
Error: (04/01/2017 01:28:32 PM) (Source: MSSQL$BWDATOOLSET) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
 
Error: (03/31/2017 04:26:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
 
System errors:
=============
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 04:45:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 19%
Total physical RAM: 6135.11 MB
Available physical RAM: 4964.92 MB
Total Virtual: 12268.41 MB
Available Virtual: 11130.58 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:0.66 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:397.45 GB) NTFS
Drive h: (RECOVERY) (Removable) (Total:14.6 GB) (Free:14.26 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 118B102D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 531468F0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Thanks again Ray
 
Zack

Edited by Zack3086, 02 April 2017 - 05:10 PM.


#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 04 April 2017 - 04:13 PM

Hi Zack,

The logs you have presented show no significant malware. In my next post, I can supply a script for removing a few minor issues, but the main problem is that you have insufficient free space on your C drive which holds your operating system. A total of 0.56 gigabytes of free space on the C drive is just not enough to allow normal boot. As a temporary measure, you can run a product like CCleaner which can delete unused files and settings which take up hard drive space. You may also free up space on your C drive by moving large files like videos, graphics, and audios to your D drive which contains over 400 gigabytes free. You can also set the default download location in your browsers to a folder on your D drive. You can also cull any obsolete or unneeded software or reinstall it on your D drive. Most programs permit you to specify their installation location, although a minority of them require installation on the C drive.

As a long term solution, you should consider replacing your C drive with a larger disk. The cost for Solid State Drives (SSD) has come down in recent years. If you launch your operating system from SSD, you will see a measurable improvement in performance. A free program like Macrium Reflect can be used to store an image of your operating system (on your D drive for example) which can later be downloaded onto a new disk which takes the place of your current C drive.


Run CCleaner by Piriform

  • Enter Safe Mode with Networking.
  • Download the free version of CCleaner from here. The current version of the file is called ccsetup528.exe.
  • Close all your browsers.
  • Double-click on ccsetup528.exe and click Yes if prompted by User Account Control.
  • Remove the checkmark from Install Google Chrome as my default browser.
  • Click Install.
  • When CCleaner setup is complete, click Run CCleaner.
  • Click the Cleaner tab in the left pane if it is not already selected.
  • Don't change any of the checkmarks that are set in the middle pane.
  • Click Analyze and wait for the scan to complete.
  • Carefully examine the Details of files to be deleted.
  • If you see any items you need to retain, remove the checkmark from the corresponding item(s) in the middle pane and click Analyze again.
  • When all analysis is complete, click Run Cleaner and click OK.
  • If you see, "Do you want CCleaner to close Windows Explorer?", click Yes.
  • Wait until you see Cleaning Complete. On the next line, take note of the amount of megabytes removed.
  • Close CCleaner and reboot into normal boot mode.

Registry Cleaners - Don't Use Them
Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers like the one in CCleaner for several reasons. See Why you should not use Registry Cleaners and Optimization Tools by quietman7.

Excerpt:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

 
 
Summary:

  • Please tell me how many megabytes were removed by CCleaner?
  • Were you able to restart in Normal Boot mode? If not, describe all symptoms.

If you are able to start normally, I'll provide a script to fix some minor items in my next post.

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 Zack3086

Zack3086
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 04 April 2017 - 04:33 PM

Hey Ray

 

I just finished with the CCleaner and a total of 10,131 Megabytes were removed and I was able to boot into normal boot mode just fine. So What is next?

 

Thanks,

 

Zack


Edited by Zack3086, 04 April 2017 - 04:38 PM.


#10 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 04 April 2017 - 06:46 PM

Hi Zack,
 

I was able to boot into normal boot mode just fine.

That's great news.
 
Please create and run the following script. It will clean a few minor issues. Depending on what the new logs turn up, I may need to post another script in my next message.

 
Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer.

Press the Windows key + R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

Start

EmptyTemp:
CloseProcesses:
HKLM-x32\...\Run: [ConduitHelper] => C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe [274216 2011-08-31] (Conduit Ltd.)
C:\Users\Public\Conduit\
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
C:\Program Files (x86)\Ask.com\
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
U0 aswVmm; no ImagePath

End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.
 

 

Rerun FRST64.exe

Please rerun FRST64.exe in Scan mode to obtain fresh logs.

 

 
Long-term?
In the normal course of daily usage, your C drive will naturally continue to accumulate files and you will eventually be unable to boot normally. Refer to my previous post and tell me how you plan to resolve the free space issue on your C drive.
 
 
 
Summary:

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of the latest Frst.txt and Addition.txt into the body of your message.
  • What (if anything) have you decided for a long-term solution to the space problem?

 

Thank you,
 
Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 Zack3086

Zack3086
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 04 April 2017 - 07:13 PM

Here is the FixLog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Administrator (04-04-2017 19:08:41) Run:3
Running from H:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
EmptyTemp:
CloseProcesses:
HKLM-x32\...\Run: [ConduitHelper] => C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe [274216 2011-08-31] (Conduit Ltd.)
C:\Users\Public\Conduit\
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
C:\Program Files (x86)\Ask.com\
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
U0 aswVmm; no ImagePath
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ConduitHelper => value not found.
C:\Users\Public\Conduit => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value not found.
"C:\Program Files (x86)\Ask.com" => not found.
HKLM\System\CurrentControlSet\Services\GPU-Z => key removed successfully
GPU-Z => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14277630 B
Java, Flash, Steam htmlcache => 426728705 B
Windows/system/drivers => 174756 B
Edge => 0 B
Chrome => 120017695 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42426639 B
systemprofile32 => 420920 B
LocalService => 66228 B
NetworkService => 66228 B
UpdatusUser => 0 B
UpdatusUser => 0 B
Administrator => 18701795 B
 
RecycleBin => 0 B
EmptyTemp: => 594.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:08:54 ====


#12 Zack3086

Zack3086
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 04 April 2017 - 07:15 PM

And here is the Frst log and the Addition.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Administrator (administrator) on ZACHARY-PC (04-04-2017 19:13:41)
Running from H:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) F:\Anti-Malware\mbamtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKLE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) F:\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Malwarebytes) F:\Anti-Malware\MBAMWsc.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => F:\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [Google Update] => C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [Guildwork] => C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guildwork\Guildwork.lnk
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [SaferBrowserIsDefault] => "C:\Program Files (x86)\Safer Technologies\Safer Browser\Application\SaferBrowserProtector.exe" --force-protect
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKLE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKLE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7E481F2D-FF95-4315-B564-33CF2B9D3BB4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8311AF7B-CC4E-4462-BDF8-A706EBC4F1E3}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1086365725-1468650204-1436194041-500 -> DefaultScope {F2F71F58-22B0-4893-9D40-BF7A3E2766EC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US685D20140128&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086365725-1468650204-1436194041-500 -> {F2F71F58-22B0-4893-9D40-BF7A3E2766EC} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US685D20140128&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-03-15]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-03-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1086365725-1468650204-1436194041-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1086365725-1468650204-1436194041-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-04-04]
CHR Extension: (Warlords of Draenor) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbbdhkkfelmdhbmegjaokmkkeglhhjek [2015-05-25]
CHR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-20]
CHR Extension: (Yahoo! Messenger) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlbmghiihlelkhbccpinfjdfmeclcmfc [2011-10-29]
CHR Extension: (FastestFox for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\ADMINI~1\AppData\Local\Temp\crxE8D3.tmp <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMService; F:\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; F:\Origin\OriginClientService.exe [2124296 2017-03-16] (Electronic Arts)
S2 Origin Web Helper Service; F:\Origin\OriginWebHelperService.exe [2185232 2017-03-16] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 DAUpdaterSvc; F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [146944 2014-05-29] (SteelSeries Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 CORK95; C:\Windows\System32\drivers\CORK95.sys [25600 2012-10-31] ( ) [File not signed]
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-09-01] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-09-01] (Corsair)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-04] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-04] (Malwarebytes)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation) [File not signed]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2015-10-27] (SteelSeries ApS)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [54200 2012-09-26] (Thesycon GmbH, Germany)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-02-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [195584 2011-02-25] (VIA Technologies, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-04 16:22 - 2017-04-04 16:22 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-04 16:22 - 2017-04-04 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-04 16:22 - 2017-04-04 16:22 - 00000000 ____D C:\Program Files\CCleaner
2017-04-02 17:09 - 2017-04-04 16:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-03-30 04:10 - 2017-04-04 19:13 - 00000000 ____D C:\FRST
2017-03-30 03:00 - 2017-04-04 19:12 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-30 03:00 - 2017-04-04 19:12 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-30 03:00 - 2017-04-04 19:12 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-30 03:00 - 2017-03-30 03:00 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-30 03:00 - 2017-03-30 03:00 - 00000608 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-30 03:00 - 2017-03-30 03:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-30 02:59 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-30 02:55 - 2017-03-30 02:55 - 59272008 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-03-30 02:50 - 2017-04-04 19:10 - 00057344 ___SH C:\Users\Administrator\Desktop\Thumbs.db
2017-03-28 23:03 - 2017-03-28 23:32 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-03-20 20:26 - 2017-03-20 20:26 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 20:26 - 2017-03-16 17:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-20 20:26 - 2017-01-25 19:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-20 20:26 - 2017-01-25 19:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-20 20:26 - 2017-01-25 19:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-20 20:26 - 2017-01-25 19:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-20 20:23 - 2017-03-16 19:59 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 17282648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 16400616 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-20 20:23 - 2017-03-16 19:59 - 13378096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-20 20:23 - 2017-03-16 19:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-20 02:26 - 2017-03-20 10:42 - 00012922 _____ C:\Users\Administrator\Documents\Ironworks.xlsx
2017-03-20 02:26 - 2017-03-20 02:26 - 00002116 _____ C:\Users\Administrator\Documents\Tools.csv
2017-03-20 02:25 - 2017-03-20 02:25 - 00002116 _____ C:\Users\Administrator\Downloads\Your Crafting List  (2).csv
2017-03-19 23:49 - 2017-03-20 02:26 - 00003219 _____ C:\Users\Administrator\Downloads\Your Crafting List  (1).csv
2017-03-19 23:35 - 2017-03-19 23:35 - 00002151 _____ C:\Users\Administrator\Downloads\Your Crafting List .csv
2017-03-16 18:34 - 2017-03-16 18:16 - 00549944 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-16 18:34 - 2017-03-16 18:16 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-16 18:32 - 2017-03-16 19:59 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-16 18:32 - 2017-02-23 17:56 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-03-16 18:32 - 2017-02-23 17:56 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-16 18:32 - 2017-02-23 05:34 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437878.dll
2017-03-16 18:32 - 2017-02-23 05:34 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437878.dll
2017-03-16 18:32 - 2017-02-23 05:34 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-16 18:32 - 2017-02-23 05:34 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-16 18:24 - 2017-03-16 18:24 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-16 18:22 - 2017-03-16 18:22 - 00000000 ____D C:\Users\Administrator\Documents\Add-in Express
2017-03-16 18:05 - 2017-03-16 18:31 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-16 18:05 - 2017-03-16 18:05 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-16 18:05 - 2017-03-16 18:05 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-16 18:05 - 2017-02-23 13:32 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-03-16 18:05 - 2017-02-23 09:30 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-03-16 17:57 - 2017-02-23 13:32 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-03-16 17:57 - 2017-02-23 13:32 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-03-16 17:57 - 2017-02-23 13:32 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-03-16 17:57 - 2017-02-23 13:32 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-03-14 12:56 - 2017-03-04 12:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-14 12:56 - 2017-03-04 11:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 12:56 - 2017-03-04 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-14 12:56 - 2017-03-04 03:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-14 12:56 - 2017-03-04 03:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-14 12:56 - 2017-03-04 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-14 12:56 - 2017-03-04 02:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-14 12:56 - 2017-03-04 02:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-14 12:56 - 2017-03-04 02:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-14 12:56 - 2017-03-04 02:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-14 12:56 - 2017-03-04 02:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-14 12:56 - 2017-03-04 02:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-14 12:56 - 2017-03-04 02:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-14 12:56 - 2017-03-04 02:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-14 12:56 - 2017-03-04 02:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-14 12:56 - 2017-03-04 02:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 12:56 - 2017-03-04 02:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-14 12:56 - 2017-03-04 02:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-14 12:56 - 2017-03-04 02:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-14 12:56 - 2017-03-04 02:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-14 12:56 - 2017-03-04 01:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-14 12:56 - 2017-03-04 01:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-14 12:56 - 2017-03-04 01:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-14 12:56 - 2017-03-04 01:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-14 12:56 - 2017-03-04 01:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-14 12:56 - 2017-03-04 01:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-14 12:56 - 2017-03-04 01:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-14 12:56 - 2017-03-04 01:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-14 12:56 - 2017-03-03 23:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 12:56 - 2017-03-02 13:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-14 12:56 - 2017-03-02 13:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 12:56 - 2017-03-02 13:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-14 12:56 - 2017-03-02 13:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-14 12:56 - 2017-03-02 13:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 12:56 - 2017-03-02 12:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 12:56 - 2017-03-02 12:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-14 12:56 - 2017-03-02 12:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-14 12:56 - 2017-03-02 12:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-14 12:56 - 2017-03-02 12:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-14 12:56 - 2017-03-02 12:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 12:56 - 2017-03-02 12:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-14 12:56 - 2017-03-02 12:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-14 12:56 - 2017-03-02 12:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 12:56 - 2017-03-02 12:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-14 12:56 - 2017-03-02 12:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-14 12:56 - 2017-03-02 12:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 12:56 - 2017-03-02 12:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 12:56 - 2017-03-02 12:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-14 12:56 - 2017-03-02 12:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 12:56 - 2017-03-02 12:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 12:56 - 2017-03-02 12:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 12:56 - 2017-03-02 12:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 12:56 - 2017-03-02 12:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-14 12:56 - 2017-03-02 12:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 12:56 - 2017-03-02 11:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 12:56 - 2017-03-02 11:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 12:56 - 2017-03-02 11:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 12:55 - 2017-03-04 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-14 12:55 - 2017-03-04 03:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-14 12:55 - 2017-03-04 03:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-14 12:55 - 2017-03-04 02:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-14 12:55 - 2017-03-04 02:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-14 12:55 - 2017-03-04 02:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-14 12:55 - 2017-03-04 02:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-14 12:55 - 2017-03-04 01:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-14 12:55 - 2017-03-02 13:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-14 12:55 - 2017-02-22 18:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 12:55 - 2017-02-22 18:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 12:55 - 2017-02-18 09:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 12:55 - 2017-02-18 09:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 12:55 - 2017-02-11 10:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 12:55 - 2017-02-11 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 12:55 - 2017-02-11 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-14 12:55 - 2017-02-10 11:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 12:55 - 2017-02-10 11:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-14 12:55 - 2017-02-10 11:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 12:55 - 2017-02-10 11:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 12:55 - 2017-02-10 09:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 12:55 - 2017-02-09 11:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 12:55 - 2017-02-09 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-14 12:55 - 2017-02-09 11:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 12:55 - 2017-02-09 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-14 12:55 - 2017-02-09 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-14 12:55 - 2017-02-09 11:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-14 12:55 - 2017-02-09 11:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-14 12:55 - 2017-02-09 11:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-14 12:55 - 2017-02-09 11:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 11:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-14 12:55 - 2017-02-09 11:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-14 12:55 - 2017-02-09 11:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-14 12:55 - 2017-02-09 11:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-14 12:55 - 2017-02-09 11:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-14 12:55 - 2017-02-09 10:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-14 12:55 - 2017-02-09 10:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-14 12:55 - 2017-02-09 10:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-14 12:55 - 2017-02-09 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 12:55 - 2017-02-09 10:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 12:55 - 2017-02-09 10:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-14 12:55 - 2017-02-09 10:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-14 12:55 - 2017-02-09 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-14 12:55 - 2017-02-09 10:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 12:55 - 2017-02-09 10:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-14 12:55 - 2017-02-09 10:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-14 12:55 - 2017-02-09 10:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-14 12:55 - 2017-02-09 10:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-14 12:55 - 2017-02-09 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 10:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 12:55 - 2017-02-09 09:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 12:55 - 2017-02-09 09:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 12:55 - 2017-02-06 11:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 12:55 - 2017-01-13 13:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 12:55 - 2017-01-13 13:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 12:55 - 2017-01-13 12:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 12:55 - 2017-01-13 12:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 12:55 - 2017-01-11 13:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 12:55 - 2017-01-11 13:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 12:55 - 2017-01-11 12:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 12:55 - 2017-01-11 12:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 12:55 - 2017-01-06 13:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-14 12:55 - 2017-01-06 12:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 12:55 - 2016-12-31 10:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-11 23:12 - 2017-03-11 23:29 - 00011051 _____ C:\Users\Administrator\Documents\Glyphs, Signets and Aux.xlsx
2017-03-11 15:59 - 2017-03-11 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\UnrealEngine
2017-03-11 15:59 - 2017-03-11 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\AtlanticIslandPark
2017-03-11 15:49 - 2017-03-11 15:49 - 00000202 _____ C:\Users\Administrator\Desktop\The Park.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-04 19:13 - 2015-08-25 21:29 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d0dfa717420978.job
2017-04-04 19:12 - 2014-05-17 12:22 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 19:12 - 2011-08-12 06:08 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-04 19:10 - 2014-01-28 16:30 - 00000000 __RSD C:\Users\Administrator\Documents\McAfee Vaults
2017-04-04 19:10 - 2013-06-02 21:10 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-04-04 19:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 19:08 - 2014-06-16 21:52 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1cf89d728b8072d.job
2017-04-04 19:08 - 2011-09-09 19:53 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Temp
2017-04-04 19:02 - 2013-10-05 21:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\Battle.net
2017-04-04 18:20 - 2017-02-16 04:20 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job
2017-04-04 18:20 - 2017-02-16 04:20 - 00000725 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job
2017-04-04 18:17 - 2017-02-16 04:17 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {37E79491-7708-4D3C-8211-DFF475CED810}.job
2017-04-04 17:08 - 2014-05-08 16:52 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1cf6b07df1de097.job
2017-04-04 16:39 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 16:39 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 16:33 - 2014-01-28 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-04-04 16:25 - 2011-09-13 21:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Ventrilo
2017-04-04 16:25 - 2011-08-20 16:41 - 00000000 ____D C:\Windows\Minidump
2017-04-04 16:25 - 2011-08-12 06:58 - 00000000 ____D C:\Windows\Panther
2017-04-04 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-04-04 16:13 - 2015-07-15 21:41 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0bf70e4712b78.job
2017-04-04 12:57 - 2017-02-10 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Curse Client
2017-04-03 21:46 - 2015-02-03 20:03 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0401653544997.job
2017-04-03 20:13 - 2015-12-03 17:08 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d12e1732fe28df.job
2017-04-01 18:37 - 2011-08-18 22:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-01 14:23 - 2011-08-18 03:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-30 03:37 - 2012-03-05 14:22 - 00000000 ____D C:\Users\Administrator\Documents\BioWare
2017-03-30 03:16 - 2011-11-17 16:12 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-03-30 02:59 - 2014-02-12 16:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-28 22:57 - 2009-07-14 00:13 - 00849608 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-26 15:06 - 2011-09-01 08:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-20 20:27 - 2012-06-24 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 20:27 - 2011-08-12 06:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 20:15 - 2016-01-29 20:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-17 12:15 - 2014-03-21 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-03-17 01:26 - 2012-01-18 07:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Origin
2017-03-16 19:59 - 2015-01-29 19:17 - 03583744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-03-16 19:59 - 2011-08-12 06:08 - 19883600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-03-16 19:59 - 2011-08-12 06:08 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-03-16 19:59 - 2011-08-12 06:08 - 00042686 _____ C:\Windows\system32\nvinfo.pb
2017-03-16 19:11 - 2015-10-20 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Corsair
2017-03-16 19:11 - 2015-10-20 15:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Corsair
2017-03-16 19:09 - 2012-01-18 07:13 - 00000000 ____D C:\ProgramData\Origin
2017-03-16 18:35 - 2011-08-12 06:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-16 18:34 - 2011-08-12 06:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-16 18:22 - 2011-09-05 12:34 - 00000000 ____D C:\ProgramData\WinZip
2017-03-16 18:16 - 2014-10-23 01:06 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-16 18:16 - 2011-08-12 06:08 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-16 18:06 - 2014-03-21 15:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-03-16 17:22 - 2014-09-08 23:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-16 04:39 - 2012-02-23 08:38 - 07813427 _____ C:\Windows\system32\nvcoproc.bin
2017-03-15 17:39 - 2016-04-07 16:44 - 00004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-15 17:39 - 2012-05-22 18:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 17:39 - 2012-05-22 18:23 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 17:39 - 2011-12-22 06:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 17:39 - 2011-08-18 22:43 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 14:58 - 2013-07-11 15:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 14:58 - 2013-07-11 15:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 14:58 - 2009-07-13 23:45 - 00323336 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-14 14:57 - 2015-04-15 11:51 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-14 14:57 - 2014-05-06 14:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-14 14:57 - 2013-07-27 16:17 - 00000000 ____D C:\Windows\system32\MRT
2017-03-14 14:57 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 14:54 - 2011-09-02 05:42 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 14:53 - 2013-07-11 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2013-08-17 10:22 - 2013-08-18 16:48 - 0003284 _____ () C:\Users\Administrator\AppData\Roaming\ANIWZCS{0178C7EE-F750-4985-9AD0-F8A9A84748DF}
2014-01-10 16:49 - 2014-01-10 16:49 - 0000000 _____ () C:\ProgramData\3541085065
2013-07-25 14:19 - 2013-07-25 14:19 - 0000040 _____ () C:\ProgramData\ra3.ini
2014-01-10 16:48 - 2014-01-10 16:48 - 0004137 _____ () C:\ProgramData\zrmjlmea.zpl
2014-01-10 16:49 - 2014-01-10 16:49 - 0004137 _____ () C:\ProgramData\{rmjlmea.zpl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-03 19:11
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Administrator (04-04-2017 19:14:25)
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-12 11:02:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1086365725-1468650204-1436194041-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1086365725-1468650204-1436194041-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1086365725-1468650204-1436194041-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Document Capture Pro (HKLM-x32\...\{8930DCE5-510D-4476-A879-835188F7B6F4}) (Version: 1.06.0011 - Seiko Epson Corporation)
Document Capture Pro OneNote Connector (HKLM-x32\...\{65FC2F65-FCD4-495C-B250-1F7C049E4A39}) (Version: 1.00.0000 - Seiko Epson Corporation)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E4631929-CBD3-49A1-9BB7-F36E701F7C34}) (Version: 3.10.0040 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON WF-4630 Series Printer Uninstall (HKLM\...\EPSON WF-4630 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-4630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-4630 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1034 - Marvell)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1086365725-1468650204-1436194041-500\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.6.29454 - Electronic Arts, Inc.)
Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden
Pokémon Uranium (HKLM-x32\...\{19097BE1-FE13-4CAA-9B51-0F019D2BB85E}) (Version: 1.0.4 - TTGJailbreak)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Safer Updater (HKLM-x32\...\Safer Updater) (Version: 1.1.0.6 - Safer Technologies, Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Park (HKLM\...\Steam App 402020) (Version:  - Funcom)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices  (04/21/2009 2.40.0.0) (HKLM\...\30853F7174C6EB267FDAABE50A369169D18DA611) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Driver Package - Datel Design & Development USBIOControlledDevices  (04/21/2009 2.40.0.0) (HKLM\...\8555DF8099612EF2F8333DC0EC454113D4537E7B) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{05abbd0e-d7fc-446e-afd3-a9ebf759a321}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{0a70a9e3-4119-42be-936a-453e8f1ec703}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{0ea501d1-629c-479f-9a58-2099857de936}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{14dc5dc5-5c9b-4cb6-80f7-ff500d8e280d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{193efc54-6e5d-41c0-81ba-535ec59a24ca}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{1d3f87d8-849f-439b-8454-d62b30f9b606}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{29dc645f-675b-48d6-bc0e-61e2e99205e6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{2ae5f180-8996-4e3d-80e4-67d2d80566ec}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{2c84726f-0806-40f9-8cb0-b0279d851d45}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{3acd8749-b59f-49d5-8446-2a0eba27aad8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{407c30a8-ba6f-4c20-9788-64ece021ba05}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{443871ee-3e71-4826-87b0-8d223d1bbfd1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{45dbf5f8-6b1f-4971-a931-3e44e0d364fe}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{4738f7f8-741f-4ea9-8afb-9788a8208599}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{4bdff7ca-057c-422b-9397-c03b460ba6e1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{51e9e809-3e8a-4011-919a-3eb067a4d226}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{52739cf0-6152-4006-8da8-6b627da40d6f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{5e1e9c1d-ab74-4d2b-889c-9e205b46e706}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{5f67e5c6-9ae5-4d0d-913d-51c63068a62b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{671de068-f89e-4597-8084-2d8cfb52773c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{76e2bae6-b2f5-4aeb-aa91-eb4d47acea88}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{7b80d40e-e92e-45d0-bd1e-e7e0b47af6bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{83d892d4-2276-47df-bd88-d7b50955a39b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{89f2abe6-4f23-447c-8529-b1a46c93c98e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{a1141f40-ce49-4915-a520-cb71342ada06}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{a190f108-4932-4cfa-bf50-c6199ad491b0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ae753ddc-5a1e-4fcc-a6b1-052cc06d6d85}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{c9c05ffb-f41c-4c84-943a-c7ed3a2a7ba1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ce1e6e09-2f1a-4f70-afb9-bd07f21ae7d9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{cfbe6a68-5e23-493f-b3eb-4234e5f038f8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{dd0d879e-7955-41cc-8e02-46ce2a8282cd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ed39eeb7-b410-479c-b78f-74f53fab9b62}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ee52ab5a-7d89-4b7c-9949-af0471c0b097}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ef9365b9-973f-496e-99a8-2356f36b9833}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086365725-1468650204-1436194041-500_Classes\CLSID\{ff432833-9269-4c75-9ada-502399904d54}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0093ABA4-5D00-475B-864A-9DA5C0E1049C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {09EE9E2E-8FFD-474E-A4FC-8E3DE51CCC5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1cf6b07df1de097 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {0AB49055-CD65-4357-AD3C-9DB83E425FFA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {1CCB58DA-0E33-41D6-B722-5642A6E3BE86} - System32\Tasks\{12D09D97-106B-4E1C-8554-8997BC521CB0} => pcalua.exe -a F:\Steam\steam.exe -c steam://uninstall/107310
Task: {245FB154-C569-48A3-B740-14BD63BE6FA0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {34683CAF-B4F0-47DD-A02E-AA18E9F8034C} - System32\Tasks\EPSON WF-4630 Series Update {43520EA8-34A3-4F8E-B178-3C45A157FC46} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {36B0F327-7599-4F09-BE97-E6F9C7EFE50E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{33604734-9495-4494-B9E4-12FCAA8F1230}.exe  <==== ATTENTION
Task: {3AD5A836-47E8-45E3-9B17-290B1696684F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {40027A8E-7CDA-4AD0-870E-09F238B3EEE4} - System32\Tasks\SaferUpdateTaskSCUD => C:\Program Files (x86)\Safer Technologies\Safer Updater\SaferUpdater.exe [2015-05-18] (Safer Technologies, Inc.)
Task: {4D987D17-957D-4073-BB0F-3863ED0D493F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {51EFB7B2-6512-4C2A-A608-F1CDF92338E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d0dfa717420978 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {543D3B9F-03CD-47A3-AC8B-190423807144} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {5704485D-5039-4CD9-945E-518AB9CE990B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1086365725-1468650204-1436194041-500
Task: {624CBC98-24F1-4B1F-8F38-9F1FC961E5C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1cf89d728b8072d => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {6AD026C1-108D-44E6-8E72-2D862168652D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {73282B5D-B697-4481-A89A-B1B42296283E} - System32\Tasks\EPSON WF-4630 Series Invitation {43520EA8-34A3-4F8E-B178-3C45A157FC46} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {7C45122F-A7B9-4DDD-B21C-C0D53BCEDD6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0401653544997 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {7D6DA199-C3B6-435E-B307-4496AAEA9574} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d08f635c711ab0 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {8DC6D612-4FEB-45C5-8CFD-F233C3732438} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {92FC79F9-8C86-45A6-9FF4-FAFA1E2630B5} - System32\Tasks\EPSON WF-4630 Series Invitation {37E79491-7708-4D3C-8211-DFF475CED810} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {954A6D82-2189-434F-8368-CE111762C0B5} - System32\Tasks\{0CB75BFE-A60D-4348-815F-D864CDDB229A} => pcalua.exe -a "C:\Users\Administrator\Downloads\setup (2).exe" -d C:\Users\Administrator\Downloads
Task: {97412DA1-7BCA-49CF-AE2C-98E7DC1D7903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0bf70e4712b78 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {9F03FA46-85B3-4101-9272-06CCBF563D42} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d12e173317568e => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {B1A55F20-EEF2-4985-B5DE-4585CFF7F257} - System32\Tasks\{31948789-09C1-4480-A05C-FA74D529EF30} => pcalua.exe -a C:\Users\Administrator\Downloads\EVGA_Precision_Setup_211.exe -d C:\Users\Administrator\Downloads
Task: {B72BC760-853F-4E18-A062-8F8181BF90EC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {BC44E9F0-52F7-48C5-B84C-9A365857FD3A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {D3B58626-2711-4943-BC17-EB4A0F428403} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d1ab21b0b84bc6 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {D6ECD2A8-EB89-4C7F-B622-D6BEF3FD6773} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d12e1732fe28df => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {DAE532AB-EEE3-4A54-95F2-E680C72E0E10} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {DEEC3507-C69B-435F-8171-2E19BA3C1C28} - System32\Tasks\{ED8C3B2B-5286-4E67-84B7-2A42A0874732} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C3F383C1-D050-4A40-843F-8171A6A02C3A}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {E6FC2818-83ED-4A05-A814-77DB4F7C54FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {EE2FAB9C-ED57-45BF-BB9E-A209ABB31386} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {F4609B5B-9B7D-488B-8CB4-D6D8D1304F3F} - System32\Tasks\EPSON WF-4630 Series Update {37E79491-7708-4D3C-8211-DFF475CED810} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FEAA5648-0C6D-4EBD-9E94-424D3FF3A838} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe 
Task: {FF8DDBF5-5E14-46B6-B115-215966FEB1BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0012850ffa341 => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{33604734-9495-4494-B9E4-12FCAA8F1230}.exe <==== ATTENTION
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {37E79491-7708-4D3C-8211-DFF475CED810}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {37E79491-7708-4D3C-8211-DFF475CED810}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE :/EXE:{37E79491-7708-4D3C-8211-DFF475CED810} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {43520EA8-34A3-4F8E-B178-3C45A157FC46}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE :/EXE:{43520EA8-34A3-4F8E-B178-3C45A157FC46} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1cf6b07df1de097.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0012850ffa341.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0401653544997.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d0bf70e4712b78.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500Core1d12e1732fe28df.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1cf89d728b8072d.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d08f635c711ab0.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086365725-1468650204-1436194041-500UA1d0dfa717420978.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-02-23 08:38 - 2017-03-16 18:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-03-14 12:30 - 2017-04-01 14:23 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2011-05-04 16:10 - 2011-05-04 16:10 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2017-03-30 02:59 - 2017-03-24 04:09 - 02271520 _____ () F:\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-30 02:59 - 2017-03-24 04:10 - 02267600 _____ () F:\ANTI-MALWARE\MwacLib.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-16 18:05 - 2017-02-23 13:32 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2011-05-04 16:10 - 2011-05-04 16:10 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-05-04 16:10 - 2011-05-04 16:10 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 17:59 - 2010-03-22 17:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2011-06-01 11:42 - 2011-06-01 11:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 11:46 - 2011-06-01 11:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2017-02-06 18:09 - 2017-02-01 04:01 - 01870168 _____ () C:\Users\Administrator\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 18:09 - 2017-02-01 04:01 - 00085848 _____ () C:\Users\Administrator\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
2011-06-01 11:16 - 2011-06-01 11:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 11:16 - 2011-06-01 11:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2017-03-16 18:05 - 2017-02-23 09:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-03-16 18:05 - 2017-02-23 09:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-03-16 18:05 - 2017-02-23 09:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-03-16 18:05 - 2017-02-23 09:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-03-16 18:05 - 2017-02-23 09:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-03-16 18:05 - 2017-02-23 09:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-12-08 16:17 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1086365725-1468650204-1436194041-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3B81E633-4DCE-4321-8478-1FC4F83C5AB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{5706F4ED-449C-410C-A963-807254154244}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{81AD6133-FB0E-4E71-8CEE-971B9AAFF821}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{464BA7EC-B868-4798-8A76-1670DF6B562B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{F381FE38-509A-4B9B-98DB-F36F487614C7}] => (Allow) C:\Program Files (x86)\StarCraft II\Support\BlizzardDownloader.exe
FirewallRules: [{B2E85114-E9DD-4494-8158-1F5AB8F52CA4}] => (Allow) C:\Program Files (x86)\StarCraft II\Support\BlizzardDownloader.exe
FirewallRules: [{4C99B97A-68F3-420F-A857-98008180632F}] => (Allow) LPort=3724
FirewallRules: [{70D2B904-C76D-4FAF-AF40-0572601054F6}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{00909B82-2333-4635-8F4C-ADD7BCA645B7}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{B82815D7-836A-4C14-A339-C52DF1944FA6}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{AF947C27-35DE-4A70-A114-941D96276B89}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{7F2096BE-D087-4B79-B6A1-00330C2C482D}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{FB8E7F47-0C2F-4B83-9ACD-7397AF1C977D}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{1F1E9046-8D5C-4A6A-BD09-217ED0EBA0F0}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{24695903-DD85-4B21-9B78-13C940FD01E2}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{65F2C371-7BB4-47BB-8B5F-1998490D690E}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{633C6746-2542-4A0F-AA8A-9C64E688F750}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{A8DCDEF4-9D5D-49FD-9756-0C033DE80F4A}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main.exe
FirewallRules: [{4ECC9243-A919-4468-8861-10C2EE37C0B8}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main.exe
FirewallRules: [{275BC1B8-4880-408B-A78A-03DBE3AD9405}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe
FirewallRules: [{9B91E4D6-6431-4834-B552-735A94878CBC}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe
FirewallRules: [{BCFF7688-F25F-498F-B86A-9925C8BF3D6D}] => (Allow) F:\Atari\Neverwinter Nights 2\nwupdate.exe
FirewallRules: [{EAD4F36E-1DAD-4F1D-8D90-A9EC55330D51}] => (Allow) F:\Atari\Neverwinter Nights 2\nwupdate.exe
FirewallRules: [{3D33E506-E8B1-412C-8C4D-3180C8094B93}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2server.exe
FirewallRules: [{F05845DE-78C8-4610-A349-95645DD49391}] => (Allow) F:\Atari\Neverwinter Nights 2\nwn2server.exe
FirewallRules: [{7AC91A8D-3120-45BB-B439-7E37BB49F9FB}] => (Allow) F:\World of Warcraft Public Test\Launcher.exe
FirewallRules: [{5F932BD7-0024-43B8-A112-47C24E7E0A5B}] => (Allow) F:\World of Warcraft Public Test\Launcher.exe
FirewallRules: [{5E992D34-F8C4-4A58-8140-A64B364EE2E3}] => (Allow) F:\World of Warcraft Public Test\Launcher.patch.exe
FirewallRules: [{2FE53ED6-99AC-4BD9-A246-35F3C33467AE}] => (Allow) F:\World of Warcraft Public Test\Launcher.patch.exe
FirewallRules: [{2101D601-6D12-4DA1-9A6A-167BA336CF71}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{6552EC99-A022-4ADA-9DD4-DCBFADA2AE73}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{98FFC970-A2F2-41FC-9F1E-7A393629186B}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{8B830DD0-F9E2-40A7-9AA8-618343603C03}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{B487261E-010E-4415-9091-BCB92DE6221C}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{7CA11D8E-E147-4317-AB82-9B4CB6D3D4AB}] => (Allow) F:\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{9FDD8720-815F-4E1A-A2B6-32DD96FBE85B}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{887BA6D7-0814-40FB-A228-74C8E86F11E1}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{76101CC2-AC1F-4629-B9FF-51FBBBFD9B6E}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{F256CB90-84D2-4E7D-B4E9-5A15A12A30E6}] => (Allow) F:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{90341A96-4E62-4CA2-998D-58A497AA5036}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{C8420866-4C24-4CF3-9EF9-6230F6749498}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{CC55E8B6-D4B7-422E-80F4-3C8FF743BE00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{1B643B36-A378-4F28-9424-0FEB870DE8AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{3594B879-F2F4-4E5E-A129-C2730B578812}] => (Allow) F:\Diablo III\Diablo III.exe
FirewallRules: [{002BDFA3-75B5-49C9-BF38-33D5A5B5862E}] => (Allow) F:\Diablo III\Diablo III.exe
FirewallRules: [{F37AA2F5-001B-44A3-A0D2-CD9103CABA61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{57D2DE06-801C-484B-8053-F1CD81453907}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{7CAC5314-DA69-40ED-BBB9-205A5DDEA669}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{CF1ABA7A-8D59-4ABD-9C63-84498097452D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{FEDCDA12-2108-4666-820D-6DF65821E799}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{4CB325A9-C91C-4B86-A6B7-C32863150D71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1199\Agent.exe
FirewallRules: [{68E216B7-30A8-4CD5-86DB-5506B9995412}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{62D6BA98-94D1-4D84-AEA5-EC07D4B797D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{3F230CA5-52F0-408A-9ABC-311E4ACB7CFF}] => (Allow) F:\StarCraft II\StarCraft II.exe
FirewallRules: [{E45D7F29-02D5-4766-8561-52C47C29BD13}] => (Allow) F:\StarCraft II\StarCraft II.exe
FirewallRules: [{5D1BE0EC-F333-4DE1-B82F-7AE2252452A1}] => (Allow) F:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{8D51EF01-0BD9-419D-ABA9-B8BE85158220}] => (Allow) F:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DF643608-E508-4A45-AA25-98A6F5EC7FE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{33D75722-6960-4022-B9AE-47DB86EE93E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{ECC4E88F-D1EA-44DB-AAA2-64B1139A47E2}] => (Allow) F:\World of Warcraft\Launcher.exe
FirewallRules: [{D99A1267-AB47-4EF1-A79B-9C11992FE314}] => (Allow) F:\World of Warcraft\Launcher.exe
FirewallRules: [{4BB90960-ED03-4A03-89CF-DBFA772B1D17}] => (Allow) F:\World of Warcraft\Launcher.patch.exe
FirewallRules: [{4EA64779-8266-4975-8027-103F10BB2964}] => (Allow) F:\World of Warcraft\Launcher.patch.exe
FirewallRules: [{CA57AADA-EE92-4385-9227-22D295BBD54F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{050AFB50-A301-4181-B5ED-15CB58E55536}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{3A8181C4-DC8B-4E8C-BD68-5B9CCD93B659}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{140C873A-9E7F-4A77-8981-48D45854A793}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{24FED292-600C-4E82-A559-C90841E6D296}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{EFE41CCA-516C-476D-A4F8-108A035D3D84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{240707AF-6D10-4BF7-861A-5365D8836DE5}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D57050C6-AE27-43B8-8735-FB68C8CFE363}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{908B10B8-0205-4460-8C29-052647DF3CBF}] => (Allow) F:\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{CD98C53C-8A08-4503-91F1-7C6EC044D6C2}] => (Allow) F:\Steam\steamapps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{5AB07B24-008B-4FBD-96B5-1186BB192E0C}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{BB388C4B-E8D5-447D-BCDF-CE497C129925}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe
FirewallRules: [{BF9C5DC4-E5F1-40E4-B3E5-CDFD1BC313B8}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\Versions\Base24247\SC2.exe
FirewallRules: [{17987C43-3553-450D-870B-641BDF124F96}] => (Allow) C:\Program Files (x86)\StarCraft II 2012 Beta\Versions\Base24247\SC2.exe
FirewallRules: [{E6D665F6-6F84-442B-B023-C483881760CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{A1ECCDED-4DBF-401D-A4CB-D0AF5888CE18}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{BF515BE6-32F1-4A85-A64C-69D2F97448FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{CCCA2DEB-C57C-4414-B779-A0310B34643A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [TCP Query User{D7F419E6-AB91-4A94-8202-1FB5D7329118}F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe] => (Allow) F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe
FirewallRules: [UDP Query User{A6D4313E-D798-4E19-B3B8-1D46E01DA709}F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe] => (Allow) F:\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe
FirewallRules: [{242FFA38-13E0-4FA5-8F0F-FE02183DFE3E}] => (Allow) F:\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{A42D775B-F41B-4C09-9273-D567C1E9BFC9}] => (Allow) F:\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [{C647DA89-88FC-456E-A20C-BB8E251DDA44}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{D89215EE-F9CD-4853-B423-D1D6950E135F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{4D109C26-690F-4EF6-B962-1D0F3B3237E0}] => (Allow) F:\Steam\steamapps\common\FFXINA\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{4411421A-4664-457C-9519-8A3F36F43ED2}] => (Allow) F:\Steam\steamapps\common\FFXINA\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{6CDACB61-35BB-4E91-9311-44F1C1917B45}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{FFB194D6-7A2F-49D4-BCA7-67508A6FC610}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{6758389A-8820-4A1B-9B7C-26AC1569CF33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{E8CF55A3-296A-4FD4-9DF6-AC6C3CAF1048}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{DEA5551B-EC4F-4C68-BD91-FAB1C16CC00D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{07CD9B34-589A-4D16-A840-7C8DF1AB85D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{D7549876-4645-4CF2-99B7-B9F423FFC8B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{3EDFF851-BE48-4D1D-BEE0-F2866A7EB5A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{13FB66EF-6B79-4BA0-9E2C-8036371FA6D3}] => (Allow) F:\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{A467D3CB-E62D-4EEF-8E44-D54C86D4F1AA}] => (Allow) F:\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{520102A6-336C-4F0C-9DDD-F2FBE4F6D403}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2163\Agent.exe
FirewallRules: [{C54B4518-8E9D-4A3E-A4B5-A28C387D4BC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2163\Agent.exe
FirewallRules: [{6FD8BBEB-0646-4D7E-9CAC-FE6C2D126655}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0AF02F67-0EB5-4E5D-BB5F-805A21299F32}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2697960F-7DC0-4841-A9C8-003C5E7713AF}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A4D761AE-BC23-486E-8A11-C88D5648061C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{255E0F33-E2DB-4D2B-A94A-334A5B135E2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{DA4681D4-A7F4-4863-9395-7A8C8218A587}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{C11A3031-49CB-4818-BF8A-5E86FF49FC2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{F87BDEBC-7D4D-489C-8ED0-17D9586AE136}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{40808914-ECF0-4070-8C1B-3EF64BA46551}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{5CF4C6B6-0C79-4453-9A02-C70DF9FFD540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2359\Agent.exe
FirewallRules: [{61F77D58-C8C6-4AE4-958D-67529C988464}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E9C66D73-CDEF-4FF5-B0C6-D321E3BCA992}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1379E1E1-C507-4C56-99AD-1D217BF619CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{7307A23D-9E16-42E8-B9FA-00818BDFF98C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2391\Agent.exe
FirewallRules: [{2EDD9B31-1926-44E2-BF87-B8469B252364}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{BBA8EF65-0A06-46C0-878F-4FCB486E6EDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2426\Agent.exe
FirewallRules: [{1BF2459A-FD90-4B4A-BE8C-19F1808D123A}] => (Allow) F:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{EBCB0172-C6C9-4859-B82E-5C0A4C75456A}] => (Allow) F:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{96D5DCAE-0C84-4EB9-B6B4-A99FFD37FC14}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{0A442168-B0C4-420E-8C1B-5FFDA8B4E15B}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{BB0C46CB-26EC-4C24-9299-C5E10D57C340}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{9342AD20-C80A-4AE8-A9DB-B5F4090535FE}] => (Allow) F:\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{A962F4EE-127A-40F6-B7CF-B84CA6DD29EA}] => (Allow) F:\Games\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{25D68699-85D5-45C5-99B0-C85D5B9F7B77}] => (Allow) F:\Games\Dragon Age 2\bin_ship\DragonAge2.exe
FirewallRules: [{227D48EA-BA02-49D2-AAAA-C26C71F822D5}] => (Allow) F:\Games\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{9BA08D3A-1F2D-49AB-A5A8-B2CE4770C3AB}] => (Allow) F:\Games\Dragon Age 2\DragonAge2Launcher.exe
FirewallRules: [{EF47085C-AF82-43AA-97A3-092ACA50A6F4}] => (Allow) F:\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{2BFD73AF-813F-4A36-A0BA-FA410E6BEC3C}] => (Allow) F:\Origin Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{22E7D5C1-69DE-4F5F-8767-50A13B7086AB}] => (Allow) F:\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{C5B9D03C-A797-4AB3-9A79-CC9B4ED81A5F}] => (Allow) F:\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{9C70A58D-902F-4187-816D-B3E3AFDCC55E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{098708B6-B253-45C2-AB3D-5676A129C75B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{E9CECD5B-CCD3-4B1B-BA6D-38E13EB03AC9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C4EA6161-5058-456D-850F-653E939D526F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C537DCE2-74A2-4A13-8F4E-460E3EEB0E69}] => (Allow) F:\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{53835365-3E45-415A-9E53-99F60E73AE75}] => (Allow) F:\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{AAED9357-4E52-4519-838F-DB0F30D0BEED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{C40C99D5-4C7F-41AD-BCC3-298232670CC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{BD786C56-46C3-43D9-9DCF-0686086D6931}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45F90777-FE03-4B54-91E2-189D15BC7660}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3D6AEF4-4FB1-4B01-AF5D-76D58AD33B03}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{56D86D35-6DE3-46EB-A985-949198CDB66E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{83E6CF1A-6B40-40BB-B7AD-8CA8D8372F81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{756B945E-7D6D-48C6-946A-1C3F6E96986A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{D614811F-112A-4F02-92CA-ACA712DE9B48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{4831F723-2168-4D5E-81A3-8BDFE8A5F257}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{19E7FE93-55D7-4281-A4B8-7B5206198BF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{24D52799-CE6D-4EF8-AA16-B442D8EC6032}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{AE313D8B-D8DE-484D-9950-8AC075668853}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{287C0F26-AD07-42BF-AF0A-965C49669606}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{0245C85B-7EAC-4D16-9BB3-FB4CEC1A2136}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{14E0F33C-D7F0-416C-8087-41A0C951EA60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{45996EF7-8EB8-4354-A506-ACC3FE89B256}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{945BCA16-4D7E-42B4-996D-5F6CA1EE5065}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{5E356214-F644-492F-BFE2-136D8E386DEB}] => (Allow) F:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{37FDC4AF-E03E-4515-9A87-E56C7624E843}] => (Allow) F:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{27D06992-9C36-457E-B236-5664433B61F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{CD3187EE-947E-4070-8902-134DCD7F17DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{1AF83D4D-DBB1-471C-8B97-47B995B30558}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{4E7A2D72-E163-4A25-A65A-CB49C4D8B84B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{0B3D1F07-71A0-48BC-970B-0BC31DD62706}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{749EA919-BF86-43DB-BE70-8AE230078429}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5D033D58-1E09-4089-9769-E106F591EBB2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{1C4B6906-4C6B-4E64-AE64-75DF67BAC840}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{CE7BCCFE-7C14-4FE9-8F9B-0C7512F67035}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{59465417-1D6B-4AE2-80B2-DCEBF96EDD4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C42A6E7E-A5D6-4AB5-88D9-56D088D0AF86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{CCF9BE08-E432-49E6-A480-3EB6350F95EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5AF31204-6A3E-42F7-A428-9A88594C66E4}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{8FF5FDE4-2DFC-4F50-B605-9782985781C8}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F842897A-1A5C-47D4-9034-4F916D5E5920}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{FA78AB21-D0F5-4762-B76F-0FC5921DEC5C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F3C007C4-3EFC-41BD-ABB8-4084B601B362}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{BA7C73C2-F0F7-425F-B16D-148232BF0DDC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{4902A92F-73B5-48CA-B7A3-7B487C4EC483}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{4523C682-D1B5-442E-806D-AB572FAF8919}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{8A5DF6A9-F30D-4EF3-85E5-DBC932AB592A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{7C5D432A-CCD0-4EC3-BADF-DDD4AE8AA418}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{EAC1F061-700B-44A1-8694-26CDE5A52924}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{A0D39117-45FF-4217-A557-E9C8349C0324}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{1BBBF0D2-379D-4BA8-9C6D-D33B79BC201A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{3FFE4326-66B7-4631-8796-E42E46342A75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{AA7DB089-AB80-47D9-BA35-41719B2A0CA3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{529C96D5-4B66-45D5-95FF-D0321809C01E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{D40DE8D3-CB8F-4D5A-8121-96CF7B93C5CE}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{7C112E5C-8B56-4C01-84AA-689B660CDF08}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{3E904989-D44E-4B2D-9EB4-C632A9B3D494}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\DragonAgeToolset.exe
FirewallRules: [{880DF84C-77F5-4CA4-9AFC-86A319BA74EF}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\DragonAgeToolset.exe
FirewallRules: [{838EEC69-5389-4C9E-AFBF-DD4EEB461A30}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\RPU.exe
FirewallRules: [{9E8D0F6E-6F99-49E2-B934-B78F60C5D053}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\RPU.exe
FirewallRules: [{315AFE11-674A-433F-AF77-E45BB85602FD}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\lightmapper\eclipseRay.exe
FirewallRules: [{65D8BC0F-0EAA-4077-9FA4-DC5429D92DF8}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\lightmapper\eclipseRay.exe
FirewallRules: [{9BFBE185-072E-4598-8625-6004A2004A51}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\GffEditor.exe
FirewallRules: [{CAC05E04-A5B4-4766-8E9E-739815D95945}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\GffEditor.exe
FirewallRules: [{DB82BD5A-B688-413B-93C0-25073441BA05}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\ErfEditor.exe
FirewallRules: [{D51578DD-1C82-4FA4-8D99-8A53CA9E8BC8}] => (Allow) F:\Steam\steamapps\common\Dragon Age Ultimate Edition\tools\ErfEditor.exe
FirewallRules: [{8EF3F24D-7056-4053-8582-829C59294F90}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{8A6F48B5-454C-45A9-BA4F-742FD74B4C6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D777F2D7-9913-4909-BDD1-C8C3F8E830B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{6E12717F-0F47-428E-9502-36351FFA5909}] => (Allow) F:\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{C61D323D-F6B6-4E5B-8ABF-4EACE674A99A}] => (Allow) F:\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{22BE5DFE-3F97-41A6-ADD5-3E2E83591F13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{13C564F1-9E86-4926-8196-06C075DBC52B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{09014014-989A-4757-9E67-F75EEB56FFFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{8EEBF3C8-9F7B-4F6C-9E44-10F4B6D1FAD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1465C685-7285-4D3C-AC05-D74450286D5B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8E7A1D5A-462C-41E7-9A83-BBAB6FA004AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{BAF23861-B1B1-465E-874B-8C7E884C8198}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{78CD4E96-2C28-4E4C-8D62-D713C9A00756}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{DAC7BC64-7496-4EF5-8BA1-C7EDD64EC30A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{FAD86B82-3449-4786-B675-86C243B0079E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{3AB358EC-826E-4322-A546-3A0E7B9D6C6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{E121F882-5B6B-4871-B062-2FF530768B95}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{F02517EE-7564-48AD-9018-7DEAC1B6DE4A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{BC75DB94-FAE9-40CE-8C21-E21513946354}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{0E1A66EF-537F-4779-A803-58F221E9D88B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{09DCA3D2-38A5-4782-A99C-4D0943D698C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9EB4E33B-B1C0-48C1-8C15-2E236AAACD12}] => (Allow) C:\Users\Administrator\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{EA9F5ADA-FC12-4079-98BA-68DDD5CFA2DC}] => (Allow) C:\Users\Administrator\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{2072D392-B627-4CE1-888E-820A33C2AA18}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{196BB377-09BE-46CF-BADC-23966E1BECE9}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{9611AAC7-91AC-49D8-AC30-36990403AE9F}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{1F728F7C-235C-403A-8539-A7FE962ED676}] => (Allow) F:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{22562D74-1675-4861-8957-E75613D8B92C}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{059BB105-9E03-447B-813C-26A10EBD6061}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14C82351-9D76-453A-AB12-7DDD7C865D56}] => (Allow) F:\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{A25D9186-7058-410B-8B00-ED26CB7D34AD}] => (Allow) F:\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{1DE70633-48FC-483C-8B92-361714B8A5B3}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{CBBB3114-79DA-4D0B-B6B9-0C9E73A67DA9}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{9A20D713-BF3E-42CA-89C6-911D771EF918}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{19408E6A-166F-4C86-871B-F85B042ED3BC}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{78C6C2E7-A2D4-4E9D-BBDA-0F593D97A609}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E464A919-5715-4AD2-A201-B09FFE98F978}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{D36894C3-BC3F-4338-A9F3-E907FE5AEF6C}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{DCCB339E-1EEC-4D7B-BD33-1B0AED5464B8}] => (Allow) F:\The Secret World\ClientPatcher.exe
FirewallRules: [{6A5332FD-7593-4756-8777-F0CB7C200B1C}] => (Allow) F:\The Secret World\ClientPatcher.exe
FirewallRules: [{5A8F2CB7-66E5-409B-B01A-A490EEABB78D}] => (Allow) F:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{FD536516-BEE7-45B2-9B3D-B4629840A370}] => (Allow) F:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{F50FEAF1-0509-4321-A78A-67C37A2FBC06}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E6406671-B0F4-44BF-83AB-839A5FD19B62}] => (Allow) F:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{24CAE813-794A-46EA-8E71-060B4E10273A}] => (Allow) F:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{02159DA8-9C41-4928-B873-78F93F1AB9D7}] => (Allow) F:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{AD9F8248-0987-4770-9617-BAB45DD595DF}] => (Allow) F:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{FF251ECA-A64C-4BBC-A0FD-6E480961AC98}] => (Allow) F:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{EC787455-F453-4AE1-8027-402C7AA45B82}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{F93A69D8-BC52-4B63-86E8-73A89BD62F44}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{0A6C679F-D426-4141-AFD3-961A5968CCF7}] => (Allow) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CF02B548-2B84-43F3-BBB6-A81146F92A45}] => (Allow) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C241D973-74AB-4030-8D34-223F4E49C8F2}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{EE6F7530-2AEA-4282-B539-54EF40F42BBA}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AD3B7247-C104-44FD-9B6D-92204BE70619}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{34736B24-27B1-449A-B797-8B7EE7A7BCCD}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{F9D3136E-464C-4918-BC82-4DD6DA9630EF}] => (Allow) C:\Users\Administrator\AppData\Local\Apps\2.0\ZBAAZ58A.2WE\LXJ5TLV6.YNP\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{E295D696-F31D-4884-96A0-6B27DEF9A12A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{0A6888E0-E8DE-4064-B4A7-903B4EB77DE8}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{3A3B50BD-6151-4C10-9C8E-C52E9FD3C5E5}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{F59528FB-9E25-4FD0-9283-C725AA45D449}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AC46468B-D3FB-4CE4-8509-74C2A6CB7483}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D8884038-C608-4765-8143-41F21B68267D}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{66211D24-F33C-489A-A911-FC92954E1F16}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{D2DB77F0-5A48-48A2-87BF-22ADA7F3B629}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{B753EA66-0776-4374-89A5-AEB50CF7DC8D}] => (Allow) F:\Steam\steamapps\common\The Park\AtlanticIslandPark\Binaries\Win64\ThePark.exe
FirewallRules: [{D772E711-ABDB-4FB3-B6BD-C84DBFD0F57A}] => (Allow) F:\Steam\steamapps\common\The Park\AtlanticIslandPark\Binaries\Win64\ThePark.exe
FirewallRules: [{16523FF6-D345-46C6-BC44-FE6A890965C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D3064D55-12D6-4A6D-B298-38DC90359FC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8013F3C8-3C74-4F0E-88C0-55878BA343A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6AAF9EC8-914C-4FAE-89A3-04EB18D9DA76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DFAE932C-6965-45D0-970B-4FE745A380DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/04/2017 07:12:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/04/2017 07:10:17 PM) (Source: MSSQL$BWDATOOLSET) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
 
Error: (04/04/2017 07:10:17 PM) (Source: MSSQL$BWDATOOLSET) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
 
Error: (04/04/2017 04:37:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (04/04/2017 04:31:10 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/04/2017 04:31:10 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/04/2017 04:31:10 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/04/2017 04:31:10 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/04/2017 04:31:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (04/04/2017 04:31:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (04/04/2017 07:12:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/04/2017 07:12:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/04/2017 07:12:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/04/2017 07:12:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/04/2017 07:12:40 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (04/04/2017 07:12:40 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (04/04/2017 07:12:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/04/2017 07:12:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/04/2017 07:12:24 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (04/04/2017 07:12:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 47%
Total physical RAM: 6135.11 MB
Available physical RAM: 3240.6 MB
Total Virtual: 12268.41 MB
Available Virtual: 9069.64 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:4.88 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:396.47 GB) NTFS
Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:854.26 GB) NTFS
Drive h: (RECOVERY) (Removable) (Total:14.6 GB) (Free:14.26 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 118B102D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 531468F0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 3 (Size: 1397.3 GB) (Disk ID: F8B79746)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#13 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 06 April 2017 - 04:26 PM

Hi Zack,

Thank you for the logs. Let's do two final scans.


Scan with Malwarebytes Antimalware (MBAM)

Please launch the copy of MBAM which is already on your PC.

  • After MBAM opens, if it says Your databases are out of date, click Fix Now (yellow button in upper right of MBAM window).
     

MBAM_Out_of_Date2.jpg
 

  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and, if not already checked, place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click Scan Now.
  • If you receive a message that updates are available, click Update Now (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning, it will display any detected threats.
  • Click Remove Selected.
  • MBAM will move infected files and registry keys into quarantine. If MBAM displays a message stating that it needs to reboot, please allow it to do so after the next three steps.
  • Don't click Finish yet.
  • While still on the Scan tab, click Save Results in lower right corner, and, in the window that opens, click Text file (*.txt), and save the log to your Desktop. Send the log to me in your next reply.

Go back to Scan tab and click Finish.

An abbreviated log is automatically saved by MBAM and can also be viewed by clicking the History tab > Application Logs > Export.



ESET Online Scanner

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Click this link to open ESET Online Scanner.
  • Click SCAN NOW.
  • esetonlinescanner_enu.exe will be downloaded to your PC. Take note of the folder to which it is downloaded.
  • Double-click on esetonlinescanner_enu.exe. If you see a Security Warning pop-up, click Run.
  • On the Terms of Use pop-up, click Accept.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click Advanced settings, and make sure there is a checkmark next to the first four items as follows. (uncheck everything else):
    • Scan for potentially unsafe applications
    • Scan for potentially suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Then click Scan. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click Save to text file... (only if anything is found) and give it a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Click Finish to exit ESET Online Scanner.
  • Don't forget to re-enable your antivirus when finished!


Summary:

  • Copy and paste the entire contents of the MBAM report into the body of your message.
  • Copy and paste the entire contents of the ESET report into the body of your message.
  • Tell me how your PC is running now.


    Thank you,

    Ray

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 Zack3086

Zack3086
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 06 April 2017 - 07:33 PM

My Comp is running beautifully thanks for all your help Ray!

 

Here is the MBAM Log:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/6/17
Scan Time: 4:55 PM
Logfile: MBAM Log.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1677
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ZACHARY-PC\Administrator
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338511
Time Elapsed: 2 min, 24 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Adware.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nogdfjjfhknacchjpiccacoimeelkajb, Quarantined, [5102], [387359],1.0.1677
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
And Here is the ESET Log:
 
C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar Win32/Toolbar.Conduit potentially unwanted application
C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchProtector.jsm Win32/Toolbar.Conduit.AT potentially unwanted application
C:\FRST\Quarantine\C\Users\Public\Conduit\ConduitHelper\ELib_Lib0.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\Users\Administrator\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx Win32/Bundled.Toolbar.Ask.P potentially unsafe application,Win32/Bundled.Toolbar.Ask.Q potentially unsafe application
C:\Users\Administrator\AppData\LocalLow\Sun\Java\jre1.7.0_55\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
G:\ZACHARY-PC\Backup Set 2017-03-30 034626\Backup Files 2017-03-30 034626\Backup files 13.zip a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

Edited by Zack3086, 06 April 2017 - 07:40 PM.


#15 RayS

RayS

  • Malware Study Hall Senior
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 08 April 2017 - 12:38 PM

Hi Zack,

 

Please note that I have edited the script below at 4:50PM EDT. If you already ran the original script, please run FRST64.exe again using this revised script.
 

My Comp is running beautifully...

Very nice!

The items detected by MBAM and ESET are adware and remnants of the uTorrent toolbar. It is safe to delete all of it. The script I have provided below does delete all these threats except for the backup file on your G drive:

G:\ZACHARY-PC\Backup Set 2017-03-30 034626\Backup Files 2017-03-30 034626\Backup files 13.zip

Please run the script, then make a new backup. Only after securing a new backup, manually navigate to this contaminated backup file using Windows Explorer and delete it.

 

 

Peer-to-Peer File Sharing Warning

I noticed that uTorrent had been enabled in the past.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected. I would recommend that you never install any peer-to-peer file sharing programs.

 

 

Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

Press the Windows key + R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

Start

DeleteKey: HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nogdfjjfhknacchjpiccacoimeelkajb
C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
C:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchProtector.jsm
C:\FRST\Quarantine\
C:\Users\Administrator\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx
C:\Users\Administrator\AppData\LocalLow\Sun\Java\jre1.7.0_55\java_sp.dll
FirewallRules: [{BD786C56-46C3-43D9-9DCF-0686086D6931}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45F90777-FE03-4B54-91E2-189D15BC7660}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22562D74-1675-4861-8957-E75613D8B92C}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{059BB105-9E03-447B-813C-26A10EBD6061}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe

End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.

 

 

Summary:

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Confirm that you have created a new backup.
  • Confirm that you have deleted the contaminated backup.
  • Does this PC have any remaining issues?

Thank you,

Ray


Edited by RayS, 08 April 2017 - 03:50 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users