Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of CoinMiner.BB!bit trojan


  • Please log in to reply
15 replies to this topic

#1 flyboy320

flyboy320

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 15 August 2017 - 01:44 PM

I have a local USB HDD connected to my router. Every few days or so, Windows Defender finds a file called Photo.scr on this drive usually in every folder, so about 100 in total. It says it's a trojan called CoinMiner.BB!bit. I can remove the photo.scr files OK, but within a day or so they keep re-appearing. I have run Windows defender on my local Windows drive, and on the storage drive as well without it finding any problems. I have also run Hitman pro, and MalwareBytes as well and neither of them find any problems.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017

Ran by Ross (administrator) on ROSS-PC (15-08-2017 14:37:01)
Running from D:\Downloads
Loaded Profiles: Ross (Available Profiles: Ross)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => KHALMNPR.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\Run: [Discord] => C:\Users\Ross\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\Run: [Gaijin.Net Agent] => "C:\Users\Ross\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\MountPoints2: {e4480101-dde9-11e4-a72d-7824af41af02} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk [2014-09-12]
ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.23 192.168.1.1
Tcpip\..\Interfaces\{74d39487-dde8-4bb3-8438-99c97b3d43cd}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{931e0659-baae-4fbf-b86b-3d9c7915f23e}: [DhcpNameServer] 192.168.1.23 192.168.1.1
Tcpip\..\Interfaces\{d211ea46-305c-4808-bb3c-c98024e48b5a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.1.30/
SearchScopes: HKU\S-1-5-21-3997761166-694740611-3261924530-1000 -> {19A0908E-35C9-454B-AE92-D2EBF00A1FAF} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: wpzj6flc.default
FF ProfilePath: C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\wpzj6flc.default [2017-08-15]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\wpzj6flc.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\wpzj6flc.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
FF Extension: (Bing Search) - C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\wpzj6flc.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-03]
FF SearchPlugin: C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\wpzj6flc.default\searchplugins\bing-.xml [2016-01-03]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @IPC/npmedia3.0.0.3,version=3.0.0.3 -> C:\Program Files\webrec\Torch\3.0.0.3\npmedia3.0.0.3.dll [2016-11-03] ()
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3997761166-694740611-3261924530-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ross\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-3997761166-694740611-3261924530-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-06-26] ()
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://mail.google.com/mail/?shva=1#inbox
CHR StartupUrls: Profile 1 -> "hxxp://gmail.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Profile 1 -> lp
CHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default [2017-08-15]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-29]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-29]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-29]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-29]
CHR Extension: (Yahoo Partner) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2017-01-29]
CHR Extension: (Skype) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-29]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-03-27]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-08-15]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2017-03-17]
CHR Extension: (Right Click Opens Link in New Tab) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afalkcagoidkdjdlfoaicbanbfgoamoo [2017-08-10]
CHR Extension: (h264ify) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleakchihdccplidncghkekgioiakgal [2017-08-02]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-19]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-07]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-06-05]
CHR Extension: (DocuSign - Secure Electronic Signature) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\goblijolcnempeilmnkmfbhohlpngemd [2017-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-08-01]
CHR Extension: (Tabs to the front!) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2015-08-20]
CHR Extension: (File System for Dropbox) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlffpaajmfllggclnjppbblobdhokjhe [2017-08-01]
CHR Extension: (Change Colors) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn [2015-08-20]
CHR Extension: (crxMouse Chrome™ Gestures) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2017-07-02]
CHR Extension: (Better YouTube Watch History) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-08-20]
CHR Extension: (Amcrest Web View) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oddndbjhpcpopbebhonolceinkbnheih [2017-06-08]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-08-20]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Extension: (Audio Cutter) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2015-08-20]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-08-15]
CHR Extension: (Google Slides) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-20]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-07]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-08-14]
CHR Extension: (Google Slides) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-20]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Loupe Collage) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2016-01-30]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (GeoGebra Math Apps) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-05-30]
CHR Extension: (ScootPad) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\boihgpoojeingjbbdjmoocbdibophjap [2016-09-08]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Sumo Paint) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2016-01-30]
CHR Extension: (Google Sheets) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-20]
CHR Extension: (PowerSchool Learning) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fgpoakifbipnkhifgabffhdkdnloobhm [2016-08-30]
CHR Extension: (Stupeflix Video Maker) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2016-01-30]
CHR Extension: (TLDR: Summarize Anything) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\giepilabiomhlcmlefmbfkgeoccfhhhc [2017-08-14]
CHR Extension: (VocabularySpellingCity) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gnbihkjgkedgkepcakdjcnbicklpgfpm [2016-01-30]
CHR Extension: (Pictico — Coloring for Kids) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gndkeamlgkegbmmoheplcndpopglacgf [2016-01-30]
CHR Extension: (G Suite Training) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2017-08-14]
CHR Extension: (CK-12) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ilmbnmigihncgeckjgmkehcgkdeohkhl [2016-09-26]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2017-08-14]
CHR Extension: (SWERVE) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\iohhoideobpgefghigibedhhglbaoham [2016-06-09]
CHR Extension: (MeeGenius! Children's Books) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2016-01-30]
CHR Extension: (LearnBoost) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lfbigbedbdencpbioocekehcblgokpno [2016-01-30]
CHR Extension: (Skype) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-17]
CHR Extension: (TypingClub) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2016-08-24]
CHR Extension: (Doge Ad Blocker) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\okclchcbnkcgkhlckejmhinjcibidcap [2017-02-25]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2016-01-30]
CHR Extension: (Khan Academy) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2016-01-30]
CHR Extension: (DOGOnews) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pcolnnhmiknpeonnnmoadeficjagocgf [2016-01-30]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-14]
CHR Extension: (Snapverter) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2016-01-30]
CHR Extension: (YouiDraw Logo Creator) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pmdikniemaokeigdgfkaihkldilkjmgi [2016-02-07]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-27]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-07-18] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-08-23] ()
S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-04-21] ()
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-29] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-02-08] ()
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-05-02] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [178312 2017-05-02] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-07-25] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmdag.sys [36558232 2017-05-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmpag.sys [528792 2017-05-03] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-08-23] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R0 iaStorF; C:\WINDOWS\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKsl119878a5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2AC2D2AB-2019-41EB-BBCA-430EC734C0B1}\MpKsl119878a5.sys [44928 2017-08-15] (Microsoft Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-03-08] (SoftEther Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-03-08] (SoftEther Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 vuhub; C:\WINDOWS\System32\drivers\vuhub.sys [47616 2007-12-17] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-15 14:36 - 2017-08-15 14:37 - 000000000 ____D C:\FRST
2017-08-15 08:48 - 2017-08-15 08:48 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Google
2017-08-15 08:04 - 2017-08-15 08:04 - 000000000 ____D C:\WINDOWS\Panther
2017-08-11 19:38 - 2017-08-11 19:38 - 000000000 ____D C:\Users\Ross\AppData\Local\Doctor Entertainment AB
2017-08-10 07:38 - 2017-08-10 07:38 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Jaxx
2017-08-09 22:48 - 2017-08-15 08:23 - 000000000 ____D C:\ProgramData\HitmanPro
2017-08-09 08:56 - 2017-08-09 08:56 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-09 07:59 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 07:59 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 07:59 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 07:59 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 07:59 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 07:59 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 07:59 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 07:59 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 07:59 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 07:59 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 07:59 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 07:59 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 07:59 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 07:59 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 07:59 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 07:59 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 07:59 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 07:59 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 07:59 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 07:59 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 07:59 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 07:59 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 07:59 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 07:59 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 07:59 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 07:59 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 07:59 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 07:59 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 07:59 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 07:59 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 07:59 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 07:59 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 07:59 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 07:59 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 07:59 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 07:59 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 07:59 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 07:59 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 07:59 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 07:59 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 07:59 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 07:59 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 07:59 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 07:59 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 07:59 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 07:59 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 07:59 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 07:59 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 07:59 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 07:59 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 07:59 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 07:59 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 07:59 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 07:59 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 07:59 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 07:59 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 07:59 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 07:59 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 07:59 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 07:59 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 07:59 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 07:59 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 07:59 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 07:59 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 07:59 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 07:59 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 07:59 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 07:59 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 07:59 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 07:59 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 07:59 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 07:59 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 07:59 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 07:59 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 07:59 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 07:59 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 07:59 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 07:59 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 07:59 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 07:59 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 07:59 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 07:59 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 07:59 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 07:59 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 07:59 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 07:59 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 07:59 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 07:59 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 07:59 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 07:59 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 07:59 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 07:59 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 07:59 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 07:59 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 07:59 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 07:59 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 07:59 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 07:59 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 07:59 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 07:59 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 07:59 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 07:59 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 07:59 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 07:59 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 07:59 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 07:59 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 07:59 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 07:59 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 07:59 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 07:59 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 07:59 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 07:59 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 07:59 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 07:59 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 07:59 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 07:59 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 07:59 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 07:59 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 07:59 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 07:59 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 07:59 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 07:59 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 07:59 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 07:59 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 07:59 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 07:59 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 07:59 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 07:59 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 07:59 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 07:59 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 07:59 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 07:59 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 07:59 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 07:59 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 07:59 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 07:59 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 07:59 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 07:59 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 07:59 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 07:59 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 07:59 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 07:59 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 07:59 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 07:59 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 07:59 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 07:59 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 07:59 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 07:59 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-08-09 07:59 - 2017-07-28 00:18 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-08-09 07:59 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 07:59 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 07:59 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 07:59 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 07:59 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 07:59 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 07:59 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 07:59 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 07:59 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 07:59 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 07:59 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 07:59 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 07:59 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 07:59 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 07:59 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 07:59 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 07:59 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 07:59 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 07:59 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 07:59 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 07:59 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 07:59 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-07-29 08:39 - 2017-08-02 18:28 - 000000000 ____D C:\Users\Ross\AppData\Roaming\obs-studio
2017-07-29 08:39 - 2017-07-29 08:39 - 000001310 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-07-29 08:39 - 2017-07-29 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-07-29 08:38 - 2017-07-29 08:38 - 000000000 ____D C:\Program Files (x86)\obs-studio
2017-07-29 08:31 - 2017-07-29 08:31 - 000000000 ____D C:\Users\Ross\AppData\Roaming\OBS
2017-07-29 08:06 - 2017-07-29 08:06 - 000001127 _____ C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OBS.lnk
2017-07-28 18:41 - 2017-07-28 18:41 - 000000000 ____D C:\Users\Ross\AppData\Roaming\EasyAntiCheat
2017-07-27 12:57 - 2017-07-27 12:57 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3997761166-694740611-3261924530-1000
2017-07-19 08:41 - 2017-08-15 08:45 - 000003124 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-15 14:15 - 2017-04-14 07:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-15 13:19 - 2017-04-14 07:20 - 002030546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-15 13:16 - 2017-04-14 07:26 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9B493980-A343-48DB-BB2C-485E24C6E271}
2017-08-15 12:47 - 2017-04-14 07:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-15 12:47 - 2017-04-14 07:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-15 12:47 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-08-15 12:47 - 2014-08-24 11:21 - 000000000 ____D C:\ProgramData\TEMP
2017-08-15 12:45 - 2017-05-20 18:37 - 000000000 ____D C:\ProgramData\NzbDrone
2017-08-15 12:43 - 2015-12-28 10:03 - 000000000 ____D C:\AdwCleaner
2017-08-15 12:43 - 2014-08-24 12:17 - 000000000 ____D C:\Users\Ross\Desktop\Cleanup
2017-08-15 11:30 - 2017-06-19 21:21 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-15 11:30 - 2017-06-19 21:20 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-15 09:11 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-15 08:01 - 2017-04-14 07:20 - 000000000 ____D C:\Users\Ross
2017-08-15 07:47 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-14 18:49 - 2015-08-23 17:08 - 000761896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-14 14:55 - 2017-06-26 18:45 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Ethereum Wallet
2017-08-14 11:03 - 2016-04-11 14:58 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Fund Manager
2017-08-10 18:44 - 2014-09-30 13:38 - 000000000 ____D C:\Users\Ross\AppData\Roaming\SpaceEngineers
2017-08-10 15:56 - 2014-09-13 10:10 - 000000000 ____D C:\Users\Ross\AppData\Roaming\vlc
2017-08-09 19:22 - 2017-06-19 21:21 - 000044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-09 19:20 - 2014-08-24 12:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-09 08:57 - 2016-10-23 14:59 - 000002265 _____ C:\Users\Ross\Desktop\Discord.lnk
2017-08-09 08:57 - 2016-10-23 14:59 - 000000000 ____D C:\Users\Ross\AppData\Roaming\discord
2017-08-09 08:56 - 2016-10-23 14:59 - 000000000 ____D C:\Users\Ross\AppData\Local\Discord
2017-08-09 08:17 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-09 08:05 - 2015-08-23 09:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 08:04 - 2017-04-14 07:19 - 000380320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 08:02 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 08:01 - 2014-08-24 00:03 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 08:00 - 2014-08-24 00:03 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-07 17:53 - 2014-08-23 23:59 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 21:53 - 2014-08-28 19:07 - 000000000 ____D C:\Users\Ross\Desktop\Ross
2017-07-31 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 11:15 - 2017-03-18 17:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-30 10:29 - 2017-06-27 11:34 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-07-29 08:58 - 2014-10-30 17:05 - 000000000 ____D C:\Users\Ross\AppData\Roaming\AMD
2017-07-28 11:09 - 2016-04-11 14:58 - 000000000 ____D C:\ProgramData\Fund Manager
2017-07-28 11:09 - 2016-04-11 14:57 - 000000000 ____D C:\Program Files (x86)\Fund Manager
2017-07-28 11:00 - 2016-04-12 16:29 - 000000000 ____D C:\Users\Ross\Documents\Fund Manager
2017-07-27 12:57 - 2015-08-23 09:54 - 000002397 _____ C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 12:57 - 2015-08-23 09:54 - 000000000 ___RD C:\Users\Ross\OneDrive
2017-07-26 11:40 - 2017-06-23 14:26 - 000000000 ____D C:\Users\Ross\AppData\Local\ElevatedDiagnostics
2017-07-22 15:34 - 2014-08-30 23:07 - 000000000 ____D C:\Users\Ross\AppData\Local\QuickPar
 
==================== Files in the root of some directories =======
 
2015-07-18 11:05 - 2015-07-18 11:44 - 000000429 _____ () C:\Users\Ross\AppData\Roaming\01_01_2014_WAR
2016-01-30 17:39 - 2016-01-30 17:39 - 000000045 _____ () C:\Users\Ross\AppData\Roaming\WB.CFG
2017-05-06 21:13 - 2017-05-12 18:23 - 000000600 _____ () C:\Users\Ross\AppData\Local\PUTTY.RND
2017-05-29 17:03 - 2017-07-07 09:28 - 000007660 _____ () C:\Users\Ross\AppData\Local\Resmon.ResmonCfg
2017-04-14 07:19 - 2017-04-14 07:19 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-05-03 18:42 - 2017-05-03 18:42 - 000186880 ____R () C:\Users\Ross\AppData\Local\Temp\usbitcmd.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-15 09:11
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 flyboy320

flyboy320
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 15 August 2017 - 01:49 PM

Here is the Addition;

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Ross (15-08-2017 14:37:25)
Running from D:\Downloads
Windows 10 Pro Version 1703 (X64) (2017-04-14 11:28:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3997761166-694740611-3261924530-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3997761166-694740611-3261924530-503 - Limited - Disabled)
Guest (S-1-5-21-3997761166-694740611-3261924530-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3997761166-694740611-3261924530-1002 - Limited - Enabled)
Ross (S-1-5-21-3997761166-694740611-3261924530-1000 - Administrator - Enabled) => C:\Users\Ross
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
ACP Application (HKLM\...\{F6191048-C738-9336-04C8-968455D82C31}) (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alienware TactX™ Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Assassin's Creed Revelations (HKLM-x32\...\Uplay Install 40) (Version:  - Ubisoft)
ASTRONEER (HKLM\...\Steam App 361420) (Version:  - System Era Softworks)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BeamNG.drive (HKLM\...\Steam App 284160) (Version:  - BeamNG)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Big Pharma (HKLM\...\Steam App 344850) (Version:  - Twice Circled)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.8 - CodeStuff)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creativerse (HKLM\...\Steam App 280790) (Version:  - Playful Corporation)
Dig or Die (HKLM\...\Steam App 315460) (Version:  - Gaddy Games)
Discord (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Evolve (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Fund Manager (HKLM-x32\...\Fund Manager) (Version:  - Beiley Software)
Galactic Civilizations III (HKLM-x32\...\Steam App 226860) (Version:  - Stardock Entertainment)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive®)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HITMAN™ (HKLM\...\Steam App 236870) (Version:  - Io-Interactive)
Home Design 3D (HKLM\...\Steam App 420000) (Version:  - Anuman Interactive)
I am Bread (HKLM\...\Steam App 327890) (Version:  - Bossa Studios)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{4a87bd28-a855-4a8d-b133-60ca8ccffd30}) (Version: 10.0.17 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
IPCWebComponents 3.0.0.1 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version:  - Squad)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.5.1 - Hermann Schinagl)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Mad Max (HKLM\...\Steam App 234140) (Version:  - Avalanche Studios)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
My Game Long Name (HKLM\...\UDK-f9f27db4-bb98-4869-aa33-c2d9df7bcdb5) (Version:  - Epic Games, Inc.)
My Summer Car (HKLM\...\Steam App 516750) (Version:  - Amistech Games)
NZB Completion Checker (HKLM-x32\...\{F24B72AD-16EA-4822-B537-A1E2F9B1C7C9}) (Version: 1.0 - Zoon Software)
NZBGet (HKLM-x32\...\NZBGet) (Version:  - Andrey Prygunkov)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Octodad Dadliest Catch (HKLM-x32\...\Octodad Dadliest Catch_is1) (Version: 1.0 - PLAZA)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version:  - Uber Entertainment)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prison Architect (HKLM\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.1.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Reassembly (HKLM\...\Steam App 329130) (Version:  - Anisoptera Games)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Ross (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Ross (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
Roguelands (HKLM\...\Steam App 364420) (Version:  - SmashGames)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
Scribblenauts Unlimited (HKLM\...\Steam App 218680) (Version:  - 5th Cell Media)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARDR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Slime Rancher (HKLM\...\Steam App 433340) (Version:  - Monomi Park)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Software Inc. (HKLM\...\Steam App 362620) (Version:  - Coredumping)
Sonarr version 2.0 (HKLM-x32\...\{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 2.0 - Team Sonarr)
Space Engineers (HKLM\...\Steam App 244850) (Version:  - Keen Software House)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
SPORE™ Creepy & Cute Parts Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Subnautica (HKLM\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Surgeon Simulator 2013 Steam Edition 1.0 (HKLM-x32\...\Surgeon Simulator 2013 Steam Edition 1.0) (Version: 1.0 - Cat-A-Cat)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TerraTech (HKLM\...\Steam App 285920) (Version:  - Payload Studios)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Escapists (HKLM\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)
Unity (HKLM-x32\...\Unity) (Version: 5.5.0f3 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Viscera Cleanup Detail (HKLM\...\Steam App 246900) (Version:  - RuneStorm)
Viscera Cleanup Detail: alpha v0.25
 (HKLM\...\UDK-825f17bc-0e3c-45e3-858f-4d11dce23f6c) (Version:  - RuneStorm
)
Viscera Cleanup Detail: Santa's Rampage (HKLM\...\Steam App 265210) (Version:  - RuneStorm)
Viscera Cleanup Detail: Shadow Warrior (HKLM\...\Steam App 255520) (Version:  - RuneStorm)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
War Thunder (HKLM\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Who's Your Daddy (HKLM\...\Steam App 427730) (Version:  - Evil Tortilla Games)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Filmora(Build 7.2.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0018315D-612C-4D8F-A13C-54AB00A9DA0F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {02397438-F1D9-4690-87DF-28638A06B5AD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {04EFA4B3-B4BB-4054-AB57-26F204C37D86} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {143BAF18-87A9-4F89-9F01-9E3E5DE48375} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1EB23183-845C-4284-BC4A-6A7C8FC8551D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F7C7E64-68E1-419F-B3AD-787D68AEA284} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {21A3E949-B3A6-4496-BFFE-34519D52E202} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2349AB97-E177-4207-BEAE-5D934B67907A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {258AE993-591E-4A01-AF82-4AB434C80B00} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {27226039-0754-43F1-8942-A53FF61A6A51} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {399C55BB-B54C-400A-9E00-9C9A81CBFE4F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3E8CD4BB-FE24-4139-9C72-E19AF6E1380C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {43033C18-DEE1-4E43-8A91-15AA9C9AB3D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {52F8C5C1-ED31-479E-8C86-A64FDBD09DA8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5719EC68-41DB-48F6-8FA9-54C6FA4DB217} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6707ECF9-84A6-40F6-9C1A-8C976CA3F94D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6971EEE9-AB73-40FF-A20A-752BB1A6D729} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6ED286CF-2165-48E3-B75B-5D66D76A4523} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {714A71DB-41B6-4A43-8C48-211C125FAB6B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73384035-D797-4ABD-8EAB-8BA165ED2AAF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7BE0F363-A794-4DD8-BC36-7A2A86A30C66} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {7C631C6C-7A6A-42F2-8597-CD04FEED461F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F53E260-34DC-497B-A5E0-7D8A6675D419} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81A281BD-6624-4889-9644-ECC612985166} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8A0BF106-1136-4AC4-817E-5BFF6EEC031B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {94D2F468-7E7A-47A6-B870-7101C0C84ED9} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {A1FFFBA5-D06E-4A66-B68E-C4EBBFC1CA84} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A8908BB9-A83C-49E3-9B1D-9BAA07C340F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A9A46677-9408-430F-B159-34DCC631F11B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {AAE4D55F-96BB-495E-958E-A71788B4BB42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AB7348AB-828B-4EE9-8665-38D78CB3F795} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0A9FEBB-6316-4E17-B4C6-5196A3FC6924} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD1F2CD6-17B3-4F23-BD19-EE94BB1CD17F} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {BF3F6073-E294-4FE3-AD63-FB0043E5B0F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BFF79704-5DF9-4A44-8F3A-C899AFD485B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C7D3421F-D25B-4CFF-9B2B-73AFD295EDF4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CEB6CBBC-1EF6-4F5A-9CCD-F46B70D58A83} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D14D9F09-08B6-42BE-A7B2-2CF962EA9374} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D68021AB-4A69-4C49-BC10-639ECCDCA9BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E163AC79-4EBF-4E6D-A95B-88C476D9EA0D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E85748B3-C2F9-44DE-997E-4A6F0F2F8D07} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7814744-50FC-4447-B6B3-8847F27EA822} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Ross\Desktop\Dad.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Ross\Desktop\Ross.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Ross\Desktop\School.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Amcrest Web View.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=oddndbjhpcpopbebhonolceinkbnheih
ShortcutWithArgument: C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for Dropbox.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=hlffpaajmfllggclnjppbblobdhokjhe
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-14 07:19 - 2015-08-23 09:53 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-02-06 17:06 - 2016-02-08 17:19 - 000075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-09-24 19:20 - 2016-09-24 19:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-03-23 16:37 - 2010-08-10 21:37 - 000334848 _____ () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-24 06:03 - 2016-10-24 06:03 - 000589512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2004-09-30 14:15 - 2004-09-30 14:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-08-07 17:53 - 2017-08-02 03:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-07 17:53 - 2017-08-02 03:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2016-08-16 08:32 - 2016-08-16 08:32 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 08:32 - 2016-08-16 08:32 - 013475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 09:08 - 2016-06-03 09:09 - 000680448 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-03 18:20 - 2016-03-03 18:20 - 000291328 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-04-14 07:19 - 2017-08-15 12:47 - 000035472 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-04-14 07:19 - 2015-08-23 09:53 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000228864 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000526848 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [140]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-01-30 17:38 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ross\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\-windows 8 background windows 8 wallpaper planet earth in space x.jpg
DNS Servers: 192.168.1.23 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: afcdpsrv => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
HKLM\...\StartupApproved\StartupFolder: => "AWMouseCI.lnk"
HKLM\...\StartupApproved\Run: => "Kernel and Hardware Abstraction Layer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{38A78149-20CC-41A5-A48D-C15524B372CF}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{351A78E2-8AFE-4995-8900-1B31C6B3168F}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{248F10DE-2645-45E2-88C6-92BD303F7AB0}] => (Allow) D:\Games\Steam\SteamApps\common\Hitman™\Launcher.exe
FirewallRules: [{59481A35-E625-482A-A199-C198B306D744}] => (Allow) D:\Games\Steam\SteamApps\common\Hitman™\Launcher.exe
FirewallRules: [{1200D525-66A3-4A4A-8F2E-24569BF6F482}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{68DE283E-9FC7-436D-93D1-AE989A23FB2C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{3A80D4DF-3863-4443-B737-4B71901A33FF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{C5FAF15E-AF9E-4347-98A6-1881068B789B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{4B4D9008-5CAC-4BC3-AED4-3D60E6F7B630}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{D69F71DC-8665-4FF5-ADAB-965A170A3AF4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [UDP Query User{2EBA4FEA-8190-45FE-B674-84A1B1BE24FD}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{0D67A613-775B-40E1-AEEE-242F25B3DF99}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{75E5F48F-71A5-432D-94D7-3BD7469BBA1D}] => (Allow) D:\Games\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{C4818938-ECEB-490E-A74D-561DEB743CFD}] => (Allow) D:\Games\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{3956D1FE-8091-4C1F-A0A5-26206814A57A}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{64AEA960-B1CD-4F7C-AC19-74CCB1378D68}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{2AD5F065-93E2-4F39-93CD-A1EB51187081}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2015-x64\Release\HomeDesign.exe
FirewallRules: [{D9ABC6FA-F229-4E6E-A35B-B82AF7BD2540}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2015-x64\Release\HomeDesign.exe
FirewallRules: [UDP Query User{E85E9A92-A65B-43CA-8882-3532D99D2E5A}D:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{4F2427A5-C359-41F8-9CA1-BA8EA9CD0D76}D:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{C84EC39D-2901-4F0E-B854-EEAAB7A41B03}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{0B8B9112-44D1-412A-9F4A-1D2D0FE6B328}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{433A5E7D-B932-4B3A-8E90-52C0B097EF4A}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{0524E897-7EE2-4C75-84A0-FB8FE30B0A04}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{9DA44FBF-8C42-49B5-A1DA-0354AC01C79A}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{599800BE-C544-42D0-B394-D7A858F1B224}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{8A6DF752-C95D-4472-974C-A442AF83A241}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{00136111-E38B-493A-88C4-04AE366ABD3C}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BDFB7EAE-379A-474C-A844-5DF3006B5996}] => (Allow) D:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A18BC452-C71C-46D7-9A12-B39C5BC784A3}] => (Allow) D:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{7709A603-246B-487E-97E6-6A3F9483502E}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{33AE496E-9B5D-41CA-98AC-01C96C2DFE3E}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0E62FF0C-052C-48BB-B785-4DAB9F6C90E1}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{371DE545-DB9C-4F5F-BC7B-6807B677A2D2}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{647617CA-2E45-4798-9DC0-132AB7B6FF34}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{2D9130BA-0BFE-46C3-8834-F4F78A212399}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{E68FD8D3-2372-47E1-820F-6A93A5D27052}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{61B70F9E-D0D1-429E-B7D7-E3FB495C8A25}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{ECCBE014-2BB1-4AD2-AEBD-6CCFC47DBF59}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{ED371EF7-2A40-4EE0-A23D-721912FFFA8E}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{E2AA8BF5-F160-4443-AF5B-92B6975608F9}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\StardockLauncher.exe
FirewallRules: [{B56328FD-2D97-4356-B950-41909E192986}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\StardockLauncher.exe
FirewallRules: [{DDC8A04B-1322-42CF-9215-193D6B7B4FF2}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9642AFD1-AB6F-411E-92E9-E1723CD9B36F}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{1861951B-8454-4F99-8C34-5E0869821D0D}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{45597A94-1291-4DCD-B97A-E739BD32DA20}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{2B8BE57E-6B91-498D-867E-457447D08F4A}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{033F0370-75C8-4808-8590-E9A885435436}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{90C16C8D-A748-4E6F-B5CE-02DA78660513}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7489033B-C2FD-491C-8EAB-E624005353A9}] => (Allow) D:\Games\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{373FC6BE-9ABB-4264-AE4B-C0BDA398EE9F}] => (Allow) D:\Games\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{6FAA9474-F3E9-4922-BD41-CB72BAD5AE4C}] => (Allow) D:\Games\Steam\SteamApps\common\Scribblenauts\Scribble.exe
FirewallRules: [{D55B90B2-996D-4215-8B5A-6D8F9835668B}] => (Allow) D:\Games\Steam\SteamApps\common\Scribblenauts\Scribble.exe
FirewallRules: [{FB9DBF35-24FA-48D6-9EF0-C8895D6EBC05}] => (Allow) D:\Games\Steam\SteamApps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{4033A5F2-5F03-4D08-97C6-BBF93E26F53C}] => (Allow) D:\Games\Steam\SteamApps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{77E737AE-2657-438E-ACE2-CDDF37A245A3}] => (Allow) D:\Games\Steam\SteamApps\common\Software Inc\Software Inc.exe
FirewallRules: [{A5D0064F-2509-47DD-9FF3-7EF447B4E95D}] => (Allow) D:\Games\Steam\SteamApps\common\Software Inc\Software Inc.exe
FirewallRules: [{4AEB2B65-5DFA-48BA-815C-144677BF1C04}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{0A882806-2D15-4293-853B-12E820DE56B1}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{92EBB8B3-AB08-4407-B8E6-4768063145B0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{69893BB0-205A-4D32-B243-AEB8D438A742}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E3F47FAA-CCBF-4C2F-A904-88FE2AD3F034}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{8FE208C5-A7B0-4E9B-A840-79A36F08EB58}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{F4D7F508-58B3-4355-8D89-6DA513049DA5}] => (Allow) D:\Games\Steam\SteamApps\common\The Escapists\TheEscapists.exe
FirewallRules: [{A8AC1ADB-F5AA-4C2D-96F6-FEA8F4E1E438}] => (Allow) D:\Games\Steam\SteamApps\common\The Escapists\TheEscapists.exe
FirewallRules: [{F6498414-0DF2-4F46-B713-FE55AE5EB5C1}] => (Allow) D:\Games\Steam\SteamApps\common\My Summer Car\mysummercar.exe
FirewallRules: [{780137E8-7FA1-49FC-AB85-E8007657313F}] => (Allow) D:\Games\Steam\SteamApps\common\My Summer Car\mysummercar.exe
FirewallRules: [{9F8326FD-4409-4F0C-A81B-ED41536CE139}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{0C0A77F5-55F0-4B86-9FB4-C98D9EE3B5C9}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{04E9713C-1F5C-4E6A-9D5A-3EC8366B1EBD}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{A26C53B2-4AEB-4C92-8B71-25E54C3FDEA8}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{5476EDA9-F6BF-43BE-9F57-021415901C93}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{74B86FE2-9DEB-485E-A793-FE395BC6AA90}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{36EA735F-93FB-4090-9D58-B888DE17985E}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2010-x86\Release\HomeDesign.exe
FirewallRules: [{C9D095AE-B2B8-4C71-9BE8-04C755369461}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2010-x86\Release\HomeDesign.exe
FirewallRules: [{A69EC939-7530-49E4-8687-90509CC0C063}] => (Allow) D:\Games\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{E40976FC-6E98-4552-A380-C9784F13BD2E}] => (Allow) D:\Games\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{EF1EF9BF-7EA2-48C4-AE43-ECCF4A4917ED}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{5AF26079-33F3-45C8-8EE7-D0A49EE39A13}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{9C8A30E0-D71D-4DC4-83F5-F30BB4C30877}] => (Allow) D:\Games\Steam\SteamApps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F0EA1BB9-9694-4328-990F-91644676A1B6}] => (Allow) D:\Games\Steam\SteamApps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{1D44470F-C211-4981-934F-7EA9EA6BED18}] => (Allow) D:\Games\Steam\SteamApps\common\Big Pharma\Big Pharma.exe
FirewallRules: [{176EF670-11FC-4498-AA23-3F3E52B98038}] => (Allow) D:\Games\Steam\SteamApps\common\Big Pharma\Big Pharma.exe
FirewallRules: [{1CA13A4C-B2C5-4AB5-B8C9-AEC8B86797E9}] => (Allow) D:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{28557803-E9D8-483B-BC94-6CDCDD684D4A}] => (Allow) D:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{4DD09491-A085-467F-99AF-8861F2524D97}] => (Allow) D:\Games\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{DE3AD877-0D0E-4D6E-B63B-A3ACD3D5B779}] => (Allow) D:\Games\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{B282449A-B7D4-437A-AA0D-9FBB9A95DF72}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{FE53D29D-93F8-4F51-9D3F-175481D6EC70}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{6A85B081-C3BE-4CF4-B6F0-835E8EFF0438}] => (Allow) D:\Games\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{243501AA-9AFC-4B5D-A5E4-AD4890627A41}] => (Allow) D:\Games\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{0053F8E5-0FAE-4134-BD7E-8014B63CE46A}] => (Allow) D:\Games\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{902BFE88-426C-4BBB-92C5-15D255B4517D}] => (Allow) D:\Games\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{406FB2CA-CD65-47AC-B612-68BBFE403313}] => (Allow) D:\Games\Steam\SteamApps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{094DBBBE-541A-411C-B984-4A15D8B01D69}] => (Allow) D:\Games\Steam\SteamApps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [UDP Query User{15CCF9DF-2083-4E06-BA62-A4F606F6A0DE}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{64D83101-822F-4358-B21A-6AB6A6F1E34C}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{2CC5C067-B822-42DB-93AF-F5DF6A537C45}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{1A4042C9-84ED-4945-801A-C8F9188720CE}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{AA8CA176-17D6-4344-9E2A-92D7FB56A50C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23DCB194-8922-4802-A584-FCDC8742CD76}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6900FFBB-90AB-4FFA-93D0-5B7F0E7F8207}] => (Allow) D:\Games\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{A28169A4-48AE-4C4A-891B-3ECFB6223092}] => (Allow) D:\Games\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{D832E54F-E0CD-41FC-BD85-877D2C6C741B}D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{DC920217-5BAA-47EC-9955-CFBF57887BF1}D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{8218616B-83D2-4BFF-8E45-BF6CDAD92955}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{24B5C092-2CC3-4822-B4AB-A877809C799D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{CA2E24C8-DE67-48FD-8BEE-F59434487BC0}] => (Allow) D:\Games\Battle.net\Battle.net.exe
FirewallRules: [{D1448A8E-231A-4A6B-BEA7-AA0459F61CF4}] => (Allow) D:\Games\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{9F8E7653-049A-4759-B265-6F84EA562759}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{ABA8C5B9-6368-4BD4-99CE-5BBD013DB645}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{CE065C3A-981D-41BB-A525-2ECA0A9D312C}D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [UDP Query User{94BCDC9F-CF0C-4EC5-A100-7432589E824D}D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [{132FCBE8-7632-4CD2-9684-0011936E0A93}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{1D20C4A3-0CA8-471C-9A37-10408ABEE964}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{4B0D88B7-AF10-4B9B-9C33-67F95BE2B956}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{B9B79AD9-0C22-46C4-B104-F9DCF0D2FD8B}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{6E837903-03D9-4575-90A7-B8990B2670B9}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{745643B3-8840-4534-A04F-722CA1D522EC}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{531E172D-8E77-4EC8-B8BF-C4AFFF33DF14}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6144C5F5-7422-4B8B-863A-2FEE23517934}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{25E77128-3C6B-4B8F-BA25-43A795A1C0F3}] => (Allow) D:\Games\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{A52A7CDE-2589-4BD5-8F45-A51A5EDBD2AD}] => (Allow) D:\Games\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{DC25E6D1-FF71-4748-9C7A-30506920D328}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8023040D-1A70-4B1E-B674-15E8B03501E8}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E4560619-6675-4C2C-BB8B-391756F8E82D}] => (Allow) D:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{283BA33B-3A86-4F0E-B634-A26DF0BD4710}] => (Allow) D:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{EABFDD7C-C89D-4B4F-A024-53B888B8E04A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{DE4AB65D-1FA7-4647-A87E-0D22CB11A6CF}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{066A268C-EB02-4464-98E0-603979AAAFD3}] => (Allow) D:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B1996E1A-A163-42C7-852C-68C07651B6DC}] => (Allow) D:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4014668A-B8EC-4DED-9349-5632AB2AD9B6}D:\games\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\games\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{D91EF495-52B6-4BAE-89F1-8002B1EF562E}D:\games\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\games\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{EB55F472-BB3E-419A-808D-D6354EAE8230}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{85CA62A5-7BEF-49BF-9194-923129B9BE5A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{77703349-8EB9-4F3F-A0DD-1AD57BDD9677}] => (Allow) D:\Games\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{86433954-27D0-491F-B0C7-30368640BD9B}] => (Allow) D:\Games\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{DA5BA918-2019-44F2-A9F3-F0F86FF28E24}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{3CA14FDC-46E3-4F95-B65F-4634B619B229}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{EF8C7433-6837-4430-A72E-371ACAB712A1}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
FirewallRules: [{3EA245A6-6FDF-4588-B4DA-06CE6D0F243B}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
FirewallRules: [{CFC2E322-4FC5-4922-8C11-5689337C928C}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
FirewallRules: [{73E6BAB6-F4BB-4210-AAD2-992E0B6CE413}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
FirewallRules: [{51345407-CB23-464A-BFCA-A90E4C93717C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{58089F56-A0D3-49E6-BCE8-FB37A2E86546}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{853CC065-89CA-49B8-B2FF-95FCCC9D0109}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{11CDC902-DC7D-46B1-9714-89A2C8715013}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{450D1029-D3BF-4025-9EB8-C2D4A99064E5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EBD58468-C2B7-47D8-B6ED-14518911373A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{73A74F42-A4B9-4E21-A00B-44299A5CD3D2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{E80D6BB2-A886-4F19-96E1-947E413B0E69}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{32FD6464-5BC8-4318-A1A6-CCC66A631310}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{CD99B876-844D-4A7D-958F-835B0064F0F5}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6B5971D4-A049-4E48-8F39-07B84AC53623}] => (Allow) D:\Games\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D0F8142E-B504-4F33-85B1-507B3967220D}] => (Allow) D:\Games\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D516882B-8311-4D3C-9D6A-6680783AB752}] => (Allow) D:\Games\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{02E7813D-829B-4B37-9563-D7F6A0DEB694}] => (Allow) D:\Games\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E4204F0E-F7C6-4D8F-91C4-C7A47668079C}] => (Allow) D:\Games\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{E6C50B86-A9C4-4509-8505-ACFBFBB33725}] => (Allow) D:\Games\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{C4204064-7477-4928-91CF-2027D7DEE12F}] => (Allow) D:\Games\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{67399486-410B-4960-84E8-B38BF10643F8}] => (Allow) D:\Games\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{57A7FBC6-6B70-4742-A501-6C5BAA9AAAB5}] => (Allow) D:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{739A1219-05CC-4802-B5DE-92F801D93039}] => (Allow) D:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{01B22787-47D1-4F72-9528-20B014FA4AEC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{050118EC-F98E-4F9B-8409-0EAEECACB29F}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{13B53C78-076B-4B8D-8ABC-D83794C77766}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{675F021F-6D2B-41CA-BCAF-EC1CC551D640}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{184ABEB5-2937-461E-9607-43B8887C1FA3}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{22250AE9-6496-47DE-BC00-A715DC412D54}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{21765BF2-94A5-412A-A9DF-1A06A6C7FCD6}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{544E618B-4F34-45F0-9D9F-E1E8AE5106C5}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRPR.exe
FirewallRules: [{2F69961B-C711-4477-9EB1-E19C7165FF60}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRPR.exe
FirewallRules: [{FDFCB65B-B8C8-48F0-A011-06CECFE6C911}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{500CF9E0-E628-4E80-B9DA-7D38B291AA2B}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{9C07E6E0-C75C-483A-B7A9-3C4002417B73}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6F41C701-4969-459C-AF03-7F0513FD9826}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F7CE91D-B533-4D9F-BB16-2DD348555C60}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A91BE814-4852-4F21-8180-B0295F348AA6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{A930C872-98AE-45F8-9695-0F2AA019C705}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{7F15143F-25B5-4A1D-B7F6-E4C3F3F99AB0}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{831099D8-AA23-4822-ABF1-006852AB1AD1}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{C4F63BB0-4742-48D0-862C-48D8ADE486A4}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{51F3D3DB-C6EA-432D-8996-35ABB9DE6863}] => (Allow) D:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{27B3F4C6-BE43-4EC6-B01B-CCE2CD718854}] => (Allow) D:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9EBB55AF-F9AC-430B-9D51-E7DE7C321D02}] => (Allow) D:\Games\Steam\SteamApps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{1D9D04DD-5D2E-4086-86C0-2110B4661B68}] => (Allow) D:\Games\Steam\SteamApps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{23CDDA54-50E7-4613-A64B-32DE40B0368E}] => (Allow) D:\Games\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{0C14AC25-9240-4BCA-8B2D-C7E555D2805A}] => (Allow) D:\Games\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{52B5C928-05CD-450E-BAAE-2F2987B67CAC}] => (Allow) D:\Games\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{48F6CD48-A7F4-4D87-BF17-ACE7B265DE3E}] => (Allow) D:\Games\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{BAC0637D-73A1-416A-AE1D-699C6121D9F6}] => (Allow) D:\Games\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{2727EDCC-50C0-49A3-8A8B-132FEE734048}] => (Allow) D:\Games\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{25FD926A-F44C-456D-BDE0-0175015C66A6}] => (Allow) D:\Games\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B970F65E-7A45-4983-8C85-EEE6C1EEBEA7}] => (Allow) D:\Games\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{78797074-2711-4596-BE88-674FEA336C5F}] => (Allow) D:\Games\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{2FCCD648-6EA1-4D04-9CD0-AA9BF934E96B}] => (Allow) D:\Games\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{19826475-AB64-4DFA-B8E4-0B7A40A0D442}] => (Allow) D:\Games\Steam\SteamApps\common\Roguelands\Roguelands.exe
FirewallRules: [{C2EF92C1-AE97-4214-A52A-D507F19BF7E5}] => (Allow) D:\Games\Steam\SteamApps\common\Roguelands\Roguelands.exe
FirewallRules: [{D299A665-1A68-487A-AEE6-E1736B454DED}] => (Allow) D:\Games\Steam\SteamApps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{C819F525-FD13-4C6C-B235-BB2C1C2A9F4E}] => (Allow) D:\Games\Steam\SteamApps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{4A49F434-14F5-4D5D-8FCF-519EA5772C60}] => (Allow) D:\Games\Steam\SteamApps\common\iambread\IamBread.exe
FirewallRules: [{332BB20E-E9E9-4107-B736-1456B31E8234}] => (Allow) D:\Games\Steam\SteamApps\common\iambread\IamBread.exe
FirewallRules: [{09876243-F003-409E-A9B2-CBEB425BCEE6}] => (Allow) D:\Games\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{8E9F2DDE-83EE-4627-82DB-70980EB15827}] => (Allow) D:\Games\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{3299567D-6C54-41A3-86B0-406C13EE0F36}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{E9F4E261-5FCF-4F81-B60B-E3F247503889}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{E10677B4-4C4D-44C0-9474-82137676DC36}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{01E2F8C9-5405-40D6-9D7F-C20BF42FF413}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A7D8CC9E-049C-4A40-8AEE-EF19CF163795}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{8EB996B3-068A-419A-958B-7EC8658C2DD8}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [TCP Query User{AD46FB66-1487-4A01-BBE0-81E149D81E90}C:\program files (x86)\nzbget\nzbget.exe] => (Allow) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [UDP Query User{D15A3935-9027-423D-ACD0-5EE67CB14249}C:\program files (x86)\nzbget\nzbget.exe] => (Allow) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [{06F15E57-CA8E-49F3-95BC-588FA0AD6100}] => (Allow) D:\Games\Steam\SteamApps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{122C1115-1F14-4006-BC17-A302303725C1}] => (Allow) D:\Games\Steam\SteamApps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [TCP Query User{27FD50FB-EFE9-4106-8BD8-2A8509CF35B5}D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{1CA12608-2039-441A-BA31-B8906DAF26D4}D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{01362FC1-A880-47D7-954A-D13A1AB5B35E}] => (Allow) D:\Games\Steam\SteamApps\common\Dig or Die\DigOrDie.exe
FirewallRules: [{158EAB88-6E3B-41A7-AECD-7C7445F27EB4}] => (Allow) D:\Games\Steam\SteamApps\common\Dig or Die\DigOrDie.exe
FirewallRules: [{986118E5-6E93-4E5D-9F00-1B31DD6531D0}] => (Allow) LPort=8989
FirewallRules: [{FB257F85-E717-4453-940E-186BE325AE03}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{77B5F704-FE73-4E2B-AAEE-F6B10B9BE70F}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{33A0A5C0-4404-4977-AED5-FE6B7056CDF6}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{FCD83636-1529-42CC-9096-1587533FF758}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{60E9EA4A-96D8-4FA9-BB9F-E93648AE3F24}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{1D75155A-A7DE-42EA-996C-A3136DBFB858}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{B8BF6366-82EE-497E-AD30-2D98017BED34}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{3ED56618-07E0-4186-BC7F-C5E28D1D5CCE}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{AE6117E4-83AB-4A53-B2F8-48EE89D6F6DD}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A3A849C4-3ADA-49B7-A7A1-BE20FD4228EA}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{1B501078-D61C-4320-8961-BD93321F2FEB}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{05D805F9-9C13-470C-862C-BE65E8AE7556}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{62E52FFD-8463-441F-ACC0-D4112EDCB945}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{1226EEB1-0AAD-4047-9BCC-5F9152481232}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [TCP Query User{924A9CCB-8EE8-4B66-9BE2-71EE5B7829E4}D:\games\crossout\launcher.exe] => (Block) D:\games\crossout\launcher.exe
FirewallRules: [UDP Query User{0933D952-9632-4F6D-AD65-B1C12CBA0D5C}D:\games\crossout\launcher.exe] => (Block) D:\games\crossout\launcher.exe
FirewallRules: [{7FC2AB62-5726-4FE8-A6EA-26C3EAABBEBC}] => (Allow) D:\Games\Steam\SteamApps\common\Hitman™\Launcher.exe
FirewallRules: [{1795A596-41CA-400F-872D-284206DE16F6}] => (Allow) D:\Games\Steam\SteamApps\common\Hitman™\Launcher.exe
FirewallRules: [{2649E0B5-05A2-4C0F-BBD2-AFE0A7FAF82C}] => (Allow) D:\Games\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{3C0E9DDE-9216-496C-B434-46783E72D36A}] => (Allow) D:\Games\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{645F9B58-0E22-4BD2-A25E-4DE1E7A39C8E}D:\games\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{5292BB88-9D65-4B47-9754-59B531FE1A2B}D:\games\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{1CA23927-65FA-4BF1-A775-F7A39F69DE91}] => (Block) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{EA7B1151-F5CB-4D0F-AD35-9315B580C3BF}] => (Block) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{9DB2212E-09BF-4EA9-8F22-66B5E2E8605A}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{8EA61456-4FDE-4FCF-94A5-D583505565A9}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [{2F3C45F5-C245-45CA-8500-AC33E59A78AF}] => (Block) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [{10BB5D61-7ECC-4C18-999B-C8F5BBB2391C}] => (Block) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [TCP Query User{5FB907E7-E50E-45ED-9C26-08A7B328FD7A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe] => (Allow) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [UDP Query User{82E399FA-CF5E-473B-931F-4EF48EE3821A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe] => (Allow) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [{7B327DC4-79FB-4551-8168-8E3C70B7A8EC}] => (Block) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [{0749B35E-D543-4DEC-99BC-4B3D32D989A0}] => (Block) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [TCP Query User{E52DC1B8-344E-4EBC-B630-AA8F042177F3}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{52EFD66C-84BD-4ACB-952E-D09A0F8250E2}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [{D3005B3E-93AE-4267-A297-DF67626A4F41}] => (Block) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [{4F674BB5-BE52-46A9-8F77-7D2546FB5B51}] => (Block) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [{B496067F-0160-44C6-8CC0-98971B4FF734}] => (Allow) D:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D341D348-3AE4-4DA1-8FC7-D1A4062B654F}] => (Allow) D:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C0A59CDE-F5A0-44D9-95A2-ACC8884D7EED}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{96D2B85A-F28F-4AF3-B4A0-2F7996732D8F}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{A4B910CE-B93A-4897-8B13-FEBEFE06F2CA}] => (Allow) D:\Games\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C712699A-7382-48A5-9D0B-8C1849D63760}] => (Allow) D:\Games\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{D139EB7E-E91F-44D1-BF36-FE7062BBB1D0}D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{B267D001-2EA9-4356-BACE-DF3F86BBD7EC}D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{2FD6ADDB-457A-41AD-A2CB-940292D2A7A8}] => (Allow) D:\Games\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{B877B750-DB11-4E5D-8A89-F4AEB05E5C31}] => (Allow) D:\Games\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{7F0A6342-62ED-4F33-9840-950AD4A61662}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E6DD130E-C44D-4F66-B4DC-C1D698B5662F}] => (Allow) D:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{58AB4C57-245E-4290-AF25-5FBFCA4522DE}] => (Allow) D:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4691C12A-3660-4766-BF94-D66BA25E00D6}] => (Allow) D:\Games\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{FF9CD2C3-0B4E-4FBD-ACB8-614852F5E371}] => (Allow) D:\Games\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
StandardProfile\AuthorizedApplications: [C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Users\Ross\AppData\Roaming\taskserv.exe] => Enabled:Windows Messanger
 
==================== Restore Points =========================
 
29-07-2017 08:34:14 Revo Uninstaller Pro's restore point - Open Broadcaster Software
08-08-2017 21:33:48 Scheduled Checkpoint
15-08-2017 08:06:37 Revo Uninstaller Pro's restore point - Portal Stories: Mel
15-08-2017 08:36:26 Revo Uninstaller Pro's restore point - Forts
15-08-2017 08:42:48 Revo Uninstaller Pro's restore point - Ethereum Ethereum-Wallet
15-08-2017 08:43:14 Revo Uninstaller Pro's restore point - Ethereum Mist
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2017 02:31:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 02:28:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 02:22:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 01:56:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 01:55:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 01:37:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 01:37:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 01:37:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/15/2017 01:37:31 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/15/2017 01:24:06 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (08/15/2017 02:38:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft Sticky Notes.
 
Error: (08/15/2017 02:38:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: App Installer.
 
Error: (08/15/2017 02:38:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Store Purchase App.
 
Error: (08/15/2017 02:37:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft People.
 
Error: (08/15/2017 02:37:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Voice Recorder.
 
Error: (08/15/2017 02:37:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft Solitaire Collection.
 
Error: (08/15/2017 02:37:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft Advertising SDK for XAML.
 
Error: (08/15/2017 02:37:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft Engagement Framework.
 
Error: (08/15/2017 02:37:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Mail and Calendar.
 
Error: (08/15/2017 02:37:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Store.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-15 09:11:16.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-11 08:51:23.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-10 12:19:04.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-09 08:16:17.666
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-29 11:21:31.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-26 11:40:40.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-25 13:20:06.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-14 22:52:56.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-12 17:48:05.962
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-11 15:51:25.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 54%
Total physical RAM: 8132.42 MB
Available physical RAM: 3715.68 MB
Total Virtual: 16324.42 MB
Available Virtual: 12454.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.81 GB) (Free:138.35 GB) NTFS
Drive d: (Storage) (Fixed) (Total:1863.01 GB) (Free:977.54 GB) NTFS
Drive e: (backup) (Fixed) (Total:465.76 GB) (Free:391.89 GB) NTFS
Drive y: (Movies) (Network) (Total:2794.52 GB) (Free:2053.08 GB) NTFS
Drive z: () (Network) (Total:1862.36 GB) (Free:1293.68 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: B2E9F0B2)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4DA96056)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 20732CA8)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:33 PM

Posted 16 August 2017 - 06:36 PM

My name is John. I'll be helping you with your issue. :)

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please backup all essential data now. We are are removing software designed to damage/compromise your system, it's inherently risky business.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

I've looked at your post and will respond as soon as possible with instructions.

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

John



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:33 PM

Posted 17 August 2017 - 03:18 AM

Hi flyboy320

 

I see you have a torrent client installed. Torrented software often contains malware and other nasties. It's a really effective way of getting infected with malware. Right up the list there, next to deliberately infecting yourself. It's up to you whether you want to run the risk by keeping this software on your machine, but I ask you not to run any torrent transfers until we are finished please.

 
Do you have LogMeIn installed deliberately? If not, please uninstall this application now.
 
I see you have PC Tools Registry Mechanic installed. Bleeping Computer does not recommend the use of PC Optimizers, Driver Updaters or Registry Cleaners. Please see this excellent post on the subject by Quietman7.

I would recommend that you uninstall this program. Using such programs can cause computer issues, and I speak from personal experience. You are well advised to stay away from these applications. They are all "snake oil" as well as being dangerous to the health and performance of your computer. Generally speaking all of the functions that these program classes perform are either already built into Windows or should not be done automatically, only when the need arises.

 

Now let's get fixing :)

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0018315D-612C-4D8F-A13C-54AB00A9DA0F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {143BAF18-87A9-4F89-9F01-9E3E5DE48375} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {21A3E949-B3A6-4496-BFFE-34519D52E202} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {399C55BB-B54C-400A-9E00-9C9A81CBFE4F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {52F8C5C1-ED31-479E-8C86-A64FDBD09DA8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6971EEE9-AB73-40FF-A20A-752BB1A6D729} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {73384035-D797-4ABD-8EAB-8BA165ED2AAF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BF3F6073-E294-4FE3-AD63-FB0043E5B0F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BFF79704-5DF9-4A44-8F3A-C899AFD485B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D68021AB-4A69-4C49-BC10-639ECCDCA9BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E163AC79-4EBF-4E6D-A95B-88C476D9EA0D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\ProgramData\TEMP:5C321E34
C:\ProgramData\TEMP:D1B5B4F1
FirewallRules: [TCP Query User{531E172D-8E77-4EC8-B8BF-C4AFFF33DF14}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6144C5F5-7422-4B8B-863A-2FEE23517934}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{986118E5-6E93-4E5D-9F00-1B31DD6531D0}] => (Allow) LPort=8989
FirewallRules: [TCP Query User{5FB907E7-E50E-45ED-9C26-08A7B328FD7A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe] => (Allow) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [UDP Query User{82E399FA-CF5E-473B-931F-4EF48EE3821A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe] => (Allow) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [{7B327DC4-79FB-4551-8168-8E3C70B7A8EC}] => (Block) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [{0749B35E-D543-4DEC-99BC-4B3D32D989A0}] => (Block) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [TCP Query User{9DB2212E-09BF-4EA9-8F22-66B5E2E8605A}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{8EA61456-4FDE-4FCF-94A5-D583505565A9}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [{2F3C45F5-C245-45CA-8500-AC33E59A78AF}] => (Block) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [{10BB5D61-7ECC-4C18-999B-C8F5BBB2391C}] => (Block) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [TCP Query User{E52DC1B8-344E-4EBC-B630-AA8F042177F3}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{52EFD66C-84BD-4ACB-952E-D09A0F8250E2}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [{D3005B3E-93AE-4267-A297-DF67626A4F41}] => (Block) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [{4F674BB5-BE52-46A9-8F77-7D2546FB5B51}] => (Block) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
StandardProfile\AuthorizedApplications: [C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Users\Ross\AppData\Roaming\taskserv.exe] => Enabled:Windows Messanger
C:\Users\Ross\AppData\Roaming\taskserv.exe
EmptyTemp:

If you no longer use SoftEther VPN Client, or dont know why it's on your machine please add these lines to the file and save it again.

R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-03-08] (SoftEther Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-03-08] (SoftEther Corporation)
FirewallRules: [{1200D525-66A3-4A4A-8F2E-24569BF6F482}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{68DE283E-9FC7-436D-93D1-AE989A23FB2C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{3A80D4DF-3863-4443-B737-4B71901A33FF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{C5FAF15E-AF9E-4347-98A6-1881068B789B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{4B4D9008-5CAC-4BC3-AED4-3D60E6F7B630}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{D69F71DC-8665-4FF5-ADAB-965A170A3AF4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
C:\Program Files\SoftEther VPN Client
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log.

i5r8d1.jpg  Please run Farbar Recovery Scan Tool again.

  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply.

 

 

Please include in your reply

  • FRST fix log
  • new FRST scan log
  • new FRST addition.txt

How is your machine behaving now? Do the files continue to appear?

 

Do the .scr files appear only on the D:\ drive? Or are they also detected on the C:\ ?

 

John



#5 flyboy320

flyboy320
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 17 August 2017 - 09:36 AM

First and foremost, thanks for helping me out.. :bananas:

I think point 4. below is important.

 

1.Do you have LogMeIn installed deliberately?

My son was using this, but is no longer, so I uninstalled it

 

2. I see you have PC Tools Registry Mechanic installed. 

As per your advice, I have uninstalled this, as well as a few other games that we no longer use.

 

3. If you no longer use SoftEther VPN Client

I don't know what this is, so I included the additional lines to the fixlist.txt file

 

4. Do the .scr files appear only on the D:\ drive? Or are they also detected on the C:\ ?

They only appear on my network drive which is a USB drive (WD MyBook drive) connected to my router. The files do not show up on any other drives on my computer (I currently have 3 drives, C, D, and E on this computer, and the infected files do not show up on any of these drives). 

 

5. How is your machine behaving now? Do the files continue to appear?

I will monitor the network drive and follow up :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017

Ran by Ross (17-08-2017 10:03:14) Run:1
Running from D:\Downloads\bleepingComputer
Loaded Profiles: Ross (Available Profiles: Ross)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0018315D-612C-4D8F-A13C-54AB00A9DA0F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {143BAF18-87A9-4F89-9F01-9E3E5DE48375} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {21A3E949-B3A6-4496-BFFE-34519D52E202} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {399C55BB-B54C-400A-9E00-9C9A81CBFE4F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {52F8C5C1-ED31-479E-8C86-A64FDBD09DA8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6971EEE9-AB73-40FF-A20A-752BB1A6D729} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {73384035-D797-4ABD-8EAB-8BA165ED2AAF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BF3F6073-E294-4FE3-AD63-FB0043E5B0F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BFF79704-5DF9-4A44-8F3A-C899AFD485B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D68021AB-4A69-4C49-BC10-639ECCDCA9BC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E163AC79-4EBF-4E6D-A95B-88C476D9EA0D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\ProgramData\TEMP:5C321E34
C:\ProgramData\TEMP:D1B5B4F1
FirewallRules: [TCP Query User{531E172D-8E77-4EC8-B8BF-C4AFFF33DF14}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{6144C5F5-7422-4B8B-863A-2FEE23517934}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{986118E5-6E93-4E5D-9F00-1B31DD6531D0}] => (Allow) LPort=8989
FirewallRules: [TCP Query User{5FB907E7-E50E-45ED-9C26-08A7B328FD7A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe] => (Allow) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [UDP Query User{82E399FA-CF5E-473B-931F-4EF48EE3821A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe] => (Allow) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [{7B327DC4-79FB-4551-8168-8E3C70B7A8EC}] => (Block) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [{0749B35E-D543-4DEC-99BC-4B3D32D989A0}] => (Block) D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe
FirewallRules: [TCP Query User{9DB2212E-09BF-4EA9-8F22-66B5E2E8605A}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{8EA61456-4FDE-4FCF-94A5-D583505565A9}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [{2F3C45F5-C245-45CA-8500-AC33E59A78AF}] => (Block) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [{10BB5D61-7ECC-4C18-999B-C8F5BBB2391C}] => (Block) C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe
FirewallRules: [TCP Query User{E52DC1B8-344E-4EBC-B630-AA8F042177F3}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{52EFD66C-84BD-4ACB-952E-D09A0F8250E2}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [{D3005B3E-93AE-4267-A297-DF67626A4F41}] => (Block) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [{4F674BB5-BE52-46A9-8F77-7D2546FB5B51}] => (Block) C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
StandardProfile\AuthorizedApplications: [C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Users\Ross\AppData\Roaming\taskserv.exe] => Enabled:Windows Messanger
C:\Users\Ross\AppData\Roaming\taskserv.exe
EmptyTemp:
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-03-08] (SoftEther Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-03-08] (SoftEther Corporation)
FirewallRules: [{1200D525-66A3-4A4A-8F2E-24569BF6F482}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{68DE283E-9FC7-436D-93D1-AE989A23FB2C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{3A80D4DF-3863-4443-B737-4B71901A33FF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{C5FAF15E-AF9E-4347-98A6-1881068B789B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{4B4D9008-5CAC-4BC3-AED4-3D60E6F7B630}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{D69F71DC-8665-4FF5-ADAB-965A170A3AF4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
C:\Program Files\SoftEther VPN Client
*****************
 
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0018315D-612C-4D8F-A13C-54AB00A9DA0F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0018315D-612C-4D8F-A13C-54AB00A9DA0F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{143BAF18-87A9-4F89-9F01-9E3E5DE48375} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{143BAF18-87A9-4F89-9F01-9E3E5DE48375} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21A3E949-B3A6-4496-BFFE-34519D52E202} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21A3E949-B3A6-4496-BFFE-34519D52E202} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{399C55BB-B54C-400A-9E00-9C9A81CBFE4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{399C55BB-B54C-400A-9E00-9C9A81CBFE4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52F8C5C1-ED31-479E-8C86-A64FDBD09DA8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52F8C5C1-ED31-479E-8C86-A64FDBD09DA8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6971EEE9-AB73-40FF-A20A-752BB1A6D729} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6971EEE9-AB73-40FF-A20A-752BB1A6D729} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73384035-D797-4ABD-8EAB-8BA165ED2AAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73384035-D797-4ABD-8EAB-8BA165ED2AAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF3F6073-E294-4FE3-AD63-FB0043E5B0F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF3F6073-E294-4FE3-AD63-FB0043E5B0F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFF79704-5DF9-4A44-8F3A-C899AFD485B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFF79704-5DF9-4A44-8F3A-C899AFD485B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D68021AB-4A69-4C49-BC10-639ECCDCA9BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D68021AB-4A69-4C49-BC10-639ECCDCA9BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E163AC79-4EBF-4E6D-A95B-88C476D9EA0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E163AC79-4EBF-4E6D-A95B-88C476D9EA0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
Could not move "C:\ProgramData\TEMP:5C321E34" => Scheduled to move on reboot.
Could not move "C:\ProgramData\TEMP:D1B5B4F1" => Scheduled to move on reboot.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{531E172D-8E77-4EC8-B8BF-C4AFFF33DF14}C:\windows\explorer.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6144C5F5-7422-4B8B-863A-2FEE23517934}C:\windows\explorer.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{986118E5-6E93-4E5D-9F00-1B31DD6531D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5FB907E7-E50E-45ED-9C26-08A7B328FD7A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{82E399FA-CF5E-473B-931F-4EF48EE3821A}D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B327DC4-79FB-4551-8168-8E3C70B7A8EC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0749B35E-D543-4DEC-99BC-4B3D32D989A0} => value removed successfully
"D:\downloads\claymore.s.dual.ethereum.decred_siacoin_lbry_pascal.amd.nvidia.gpu.miner.v9.5\ethdcrminer64.exe" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9DB2212E-09BF-4EA9-8F22-66B5E2E8605A}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8EA61456-4FDE-4FCF-94A5-D583505565A9}C:\users\ross\appdata\roaming\mist\binaries\geth\unpacked\geth.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F3C45F5-C245-45CA-8500-AC33E59A78AF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10BB5D61-7ECC-4C18-999B-C8F5BBB2391C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E52DC1B8-344E-4EBC-B630-AA8F042177F3}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{52EFD66C-84BD-4ACB-952E-D09A0F8250E2}C:\users\ross\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3005B3E-93AE-4267-A297-DF67626A4F41} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F674BB5-BE52-46A9-8F77-7D2546FB5B51} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Ross\AppData\Roaming\taskserv.exe => value removed successfully
"C:\Users\Ross\AppData\Roaming\taskserv.exe" => not found.
SeLow => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SeLow => key removed successfully
SeLow => service removed successfully
Neo_VPN => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Neo_VPN => key removed successfully
Neo_VPN => service removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1200D525-66A3-4A4A-8F2E-24569BF6F482} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68DE283E-9FC7-436D-93D1-AE989A23FB2C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A80D4DF-3863-4443-B737-4B71901A33FF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5FAF15E-AF9E-4347-98A6-1881068B789B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B4D9008-5CAC-4BC3-AED4-3D60E6F7B630} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D69F71DC-8665-4FF5-ADAB-965A170A3AF4} => value removed successfully
C:\Program Files\SoftEther VPN Client => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71173754 B
Java, Flash, Steam htmlcache => 679015563 B
Windows/system/drivers => 194609 B
Edge => 9076201 B
Chrome => 1014176654 B
Firefox => 8330472 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 12870 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 37564 B
Ross => 129819087 B
 
RecycleBin => 3599 B
EmptyTemp: => 1.8 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-08-2017 10:04:28)
 
"C:\ProgramData\TEMP:5C321E34" => Could not move
"C:\ProgramData\TEMP:D1B5B4F1" => Could not move
 
==== End of Fixlog 10:04:28 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
Ran by Ross (administrator) on ROSS-PC (17-08-2017 10:25:59)
Running from D:\Downloads\bleepingComputer
Loaded Profiles: Ross (Available Profiles: Ross)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => KHALMNPR.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\Run: [Discord] => C:\Users\Ross\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\MountPoints2: {e4480101-dde9-11e4-a72d-7824af41af02} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk [2014-09-12]
ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.23 192.168.1.1
Tcpip\..\Interfaces\{74d39487-dde8-4bb3-8438-99c97b3d43cd}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{931e0659-baae-4fbf-b86b-3d9c7915f23e}: [DhcpNameServer] 192.168.1.23 192.168.1.1
Tcpip\..\Interfaces\{d211ea46-305c-4808-bb3c-c98024e48b5a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.1.30/
SearchScopes: HKU\S-1-5-21-3997761166-694740611-3261924530-1000 -> {19A0908E-35C9-454B-AE92-D2EBF00A1FAF} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: wpzj6flc.default
FF ProfilePath: C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\wpzj6flc.default [2017-08-17]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\wpzj6flc.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\wpzj6flc.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
FF Extension: (Bing Search) - C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\wpzj6flc.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-03]
FF SearchPlugin: C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\wpzj6flc.default\searchplugins\bing-.xml [2016-01-03]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @IPC/npmedia3.0.0.3,version=3.0.0.3 -> C:\Program Files\webrec\Torch\3.0.0.3\npmedia3.0.0.3.dll [2016-11-03] ()
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3997761166-694740611-3261924530-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ross\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-3997761166-694740611-3261924530-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-06-26] ()
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://mail.google.com/mail/?shva=1#inbox
CHR StartupUrls: Profile 1 -> "hxxp://gmail.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Profile 1 -> lp
CHR DefaultSuggestURL: Profile 1 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default [2017-08-17]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-29]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-29]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-29]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-29]
CHR Extension: (Yahoo Partner) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2017-01-29]
CHR Extension: (Skype) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-29]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-08-17]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-08-17]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2017-03-17]
CHR Extension: (Right Click Opens Link in New Tab) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afalkcagoidkdjdlfoaicbanbfgoamoo [2017-08-10]
CHR Extension: (h264ify) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleakchihdccplidncghkekgioiakgal [2017-08-02]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-19]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-07]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-06-05]
CHR Extension: (DocuSign - Secure Electronic Signature) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\goblijolcnempeilmnkmfbhohlpngemd [2017-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-08-01]
CHR Extension: (Tabs to the front!) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2015-08-20]
CHR Extension: (File System for Dropbox) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlffpaajmfllggclnjppbblobdhokjhe [2017-08-01]
CHR Extension: (Change Colors) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn [2015-08-20]
CHR Extension: (crxMouse Chromeâ„¢ Gestures) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2017-07-02]
CHR Extension: (Better YouTube Watch History) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-08-20]
CHR Extension: (Amcrest Web View) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oddndbjhpcpopbebhonolceinkbnheih [2017-06-08]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2015-08-20]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Extension: (Audio Cutter) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2015-08-20]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-08-17]
CHR Extension: (Google Slides) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-20]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-07]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-08-17]
CHR Extension: (Google Slides) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-20]
CHR Extension: (Google Docs) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-20]
CHR Extension: (Google Drive) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Loupe Collage) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2016-01-30]
CHR Extension: (YouTube) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (GeoGebra Math Apps) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-05-30]
CHR Extension: (ScootPad) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\boihgpoojeingjbbdjmoocbdibophjap [2016-09-08]
CHR Extension: (Google Search) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Sumo Paint) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2016-01-30]
CHR Extension: (Google Sheets) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-20]
CHR Extension: (PowerSchool Learning) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fgpoakifbipnkhifgabffhdkdnloobhm [2016-08-30]
CHR Extension: (Stupeflix Video Maker) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2016-01-30]
CHR Extension: (TLDR: Summarize Anything) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\giepilabiomhlcmlefmbfkgeoccfhhhc [2017-08-14]
CHR Extension: (VocabularySpellingCity) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gnbihkjgkedgkepcakdjcnbicklpgfpm [2016-01-30]
CHR Extension: (Pictico — Coloring for Kids) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gndkeamlgkegbmmoheplcndpopglacgf [2016-01-30]
CHR Extension: (G Suite Training) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2017-08-14]
CHR Extension: (CK-12) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ilmbnmigihncgeckjgmkehcgkdeohkhl [2016-09-26]
CHR Extension: (Read&Write for Google Chromeâ„¢) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2017-08-14]
CHR Extension: (SWERVE) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\iohhoideobpgefghigibedhhglbaoham [2016-06-09]
CHR Extension: (MeeGenius! Children's Books) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2016-01-30]
CHR Extension: (LearnBoost) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lfbigbedbdencpbioocekehcblgokpno [2016-01-30]
CHR Extension: (Skype) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-17]
CHR Extension: (TypingClub) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2016-08-24]
CHR Extension: (Doge Ad Blocker) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\okclchcbnkcgkhlckejmhinjcibidcap [2017-02-25]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2016-01-30]
CHR Extension: (Khan Academy) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2016-01-30]
CHR Extension: (DOGOnews) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pcolnnhmiknpeonnnmoadeficjagocgf [2016-01-30]
CHR Extension: (Gmail) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-14]
CHR Extension: (Snapverter) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2016-01-30]
CHR Extension: (YouiDraw Logo Creator) - C:\Users\Ross\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pmdikniemaokeigdgfkaihkldilkjmgi [2016-02-07]
CHR Profile: C:\Users\Ross\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-17]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-07-18] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-08-23] ()
S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-04-21] ()
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-29] (EasyAntiCheat Ltd)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-02-08] ()
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [401024 2017-05-02] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [178312 2017-05-02] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-07-25] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmdag.sys [36558232 2017-05-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmpag.sys [528792 2017-05-03] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-08-23] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R0 iaStorF; C:\WINDOWS\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKsl4d658c55; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9370C7B2-0447-4C76-A5B5-32E92DB77FB2}\MpKsl4d658c55.sys [44928 2017-08-17] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 vuhub; C:\WINDOWS\System32\drivers\vuhub.sys [47616 2007-12-17] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-15 14:36 - 2017-08-17 10:25 - 000000000 ____D C:\FRST
2017-08-15 08:48 - 2017-08-15 08:48 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Google
2017-08-15 08:04 - 2017-08-15 08:04 - 000000000 ____D C:\WINDOWS\Panther
2017-08-11 19:38 - 2017-08-11 19:38 - 000000000 ____D C:\Users\Ross\AppData\Local\Doctor Entertainment AB
2017-08-10 07:38 - 2017-08-10 07:38 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Jaxx
2017-08-09 22:48 - 2017-08-15 08:23 - 000000000 ____D C:\ProgramData\HitmanPro
2017-08-09 08:56 - 2017-08-09 08:56 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-09 07:59 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 07:59 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 07:59 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 07:59 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 07:59 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 07:59 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 07:59 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 07:59 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 07:59 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 07:59 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 07:59 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 07:59 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 07:59 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 07:59 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 07:59 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 07:59 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 07:59 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 07:59 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 07:59 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 07:59 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 07:59 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 07:59 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 07:59 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 07:59 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 07:59 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 07:59 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 07:59 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 07:59 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 07:59 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 07:59 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 07:59 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 07:59 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 07:59 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 07:59 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 07:59 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 07:59 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 07:59 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 07:59 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 07:59 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 07:59 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 07:59 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 07:59 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 07:59 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 07:59 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 07:59 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 07:59 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 07:59 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 07:59 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 07:59 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 07:59 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 07:59 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 07:59 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 07:59 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 07:59 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 07:59 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 07:59 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 07:59 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 07:59 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 07:59 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 07:59 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 07:59 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 07:59 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 07:59 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 07:59 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 07:59 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 07:59 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 07:59 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 07:59 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 07:59 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 07:59 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 07:59 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 07:59 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 07:59 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 07:59 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 07:59 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 07:59 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 07:59 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 07:59 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 07:59 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 07:59 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 07:59 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 07:59 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 07:59 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 07:59 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 07:59 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 07:59 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 07:59 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 07:59 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 07:59 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 07:59 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 07:59 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 07:59 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 07:59 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 07:59 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 07:59 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 07:59 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 07:59 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 07:59 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 07:59 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 07:59 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 07:59 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 07:59 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 07:59 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 07:59 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 07:59 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 07:59 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 07:59 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 07:59 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 07:59 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 07:59 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 07:59 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 07:59 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 07:59 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 07:59 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 07:59 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 07:59 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 07:59 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 07:59 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 07:59 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 07:59 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 07:59 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 07:59 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 07:59 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 07:59 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 07:59 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 07:59 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 07:59 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 07:59 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 07:59 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 07:59 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 07:59 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 07:59 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 07:59 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 07:59 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 07:59 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 07:59 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 07:59 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 07:59 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 07:59 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 07:59 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 07:59 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 07:59 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 07:59 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 07:59 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 07:59 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 07:59 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 07:59 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 07:59 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 07:59 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 07:59 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 07:59 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 07:59 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 07:59 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 07:59 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 07:59 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 07:59 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 07:59 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 07:59 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 07:59 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-08-09 07:59 - 2017-07-28 00:18 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-08-09 07:59 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 07:59 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 07:59 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 07:59 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 07:59 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 07:59 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 07:59 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 07:59 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 07:59 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 07:59 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 07:59 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 07:59 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 07:59 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 07:59 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 07:59 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 07:59 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 07:59 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 07:59 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 07:59 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 07:59 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 07:59 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 07:59 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 07:59 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 07:59 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 07:59 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 07:59 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 07:59 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 07:59 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 07:59 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 07:59 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 07:59 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 07:59 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 07:59 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-07-29 08:39 - 2017-08-02 18:28 - 000000000 ____D C:\Users\Ross\AppData\Roaming\obs-studio
2017-07-29 08:39 - 2017-07-29 08:39 - 000001310 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-07-29 08:39 - 2017-07-29 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-07-29 08:38 - 2017-07-29 08:38 - 000000000 ____D C:\Program Files (x86)\obs-studio
2017-07-29 08:31 - 2017-07-29 08:31 - 000000000 ____D C:\Users\Ross\AppData\Roaming\OBS
2017-07-28 18:41 - 2017-07-28 18:41 - 000000000 ____D C:\Users\Ross\AppData\Roaming\EasyAntiCheat
2017-07-27 12:57 - 2017-07-27 12:57 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3997761166-694740611-3261924530-1000
2017-07-19 08:41 - 2017-08-17 10:03 - 000003124 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-17 10:10 - 2017-04-14 07:20 - 002102746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-17 10:04 - 2017-04-14 07:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-17 10:04 - 2017-04-14 07:19 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-17 10:04 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-08-17 10:04 - 2015-11-04 09:55 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-08-17 10:03 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-17 10:03 - 2016-08-28 10:24 - 000000000 ____D C:\Users\Ross\AppData\LocalLow\Temp
2017-08-17 10:03 - 2009-07-13 23:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-17 08:49 - 2017-05-20 18:37 - 000000000 ____D C:\ProgramData\NzbDrone
2017-08-17 08:49 - 2017-04-14 07:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-17 08:01 - 2014-08-24 12:17 - 000000000 ____D C:\Users\Ross\Desktop\Cleanup
2017-08-17 07:56 - 2014-08-24 11:21 - 000000000 ____D C:\ProgramData\TEMP
2017-08-17 07:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-16 21:41 - 2017-04-14 07:20 - 000000000 ____D C:\Users\Ross
2017-08-16 16:49 - 2015-08-23 17:08 - 000792104 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-16 14:07 - 2017-04-14 07:26 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9B493980-A343-48DB-BB2C-485E24C6E271}
2017-08-16 13:04 - 2014-09-13 10:10 - 000000000 ____D C:\Users\Ross\AppData\Roaming\vlc
2017-08-15 20:46 - 2014-10-16 19:45 - 000000000 ____D C:\Users\Ross\Desktop\David
2017-08-15 20:46 - 2014-08-28 19:07 - 000000000 ____D C:\Users\Ross\Desktop\Ross
2017-08-15 20:45 - 2014-08-24 12:18 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-08-15 14:37 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-15 12:43 - 2015-12-28 10:03 - 000000000 ____D C:\AdwCleaner
2017-08-15 11:30 - 2017-06-19 21:21 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-15 11:30 - 2017-06-19 21:20 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-14 14:55 - 2017-06-26 18:45 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Ethereum Wallet
2017-08-14 11:03 - 2016-04-11 14:58 - 000000000 ____D C:\Users\Ross\AppData\Roaming\Fund Manager
2017-08-10 18:44 - 2014-09-30 13:38 - 000000000 ____D C:\Users\Ross\AppData\Roaming\SpaceEngineers
2017-08-09 19:22 - 2017-06-19 21:21 - 000044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-09 19:20 - 2014-08-24 12:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-09 08:57 - 2016-10-23 14:59 - 000002265 _____ C:\Users\Ross\Desktop\Discord.lnk
2017-08-09 08:57 - 2016-10-23 14:59 - 000000000 ____D C:\Users\Ross\AppData\Roaming\discord
2017-08-09 08:56 - 2016-10-23 14:59 - 000000000 ____D C:\Users\Ross\AppData\Local\Discord
2017-08-09 08:17 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-09 08:05 - 2015-08-23 09:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 08:04 - 2017-04-14 07:19 - 000380320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-09 08:04 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 08:02 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 08:01 - 2014-08-24 00:03 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 08:00 - 2014-08-24 00:03 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-07 17:53 - 2014-08-23 23:59 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-31 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 11:15 - 2017-03-18 17:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-30 10:29 - 2017-06-27 11:34 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-07-29 08:58 - 2014-10-30 17:05 - 000000000 ____D C:\Users\Ross\AppData\Roaming\AMD
2017-07-28 11:09 - 2016-04-11 14:58 - 000000000 ____D C:\ProgramData\Fund Manager
2017-07-28 11:09 - 2016-04-11 14:57 - 000000000 ____D C:\Program Files (x86)\Fund Manager
2017-07-28 11:00 - 2016-04-12 16:29 - 000000000 ____D C:\Users\Ross\Documents\Fund Manager
2017-07-27 12:57 - 2015-08-23 09:54 - 000002397 _____ C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 12:57 - 2015-08-23 09:54 - 000000000 ___RD C:\Users\Ross\OneDrive
2017-07-26 11:40 - 2017-06-23 14:26 - 000000000 ____D C:\Users\Ross\AppData\Local\ElevatedDiagnostics
2017-07-22 15:34 - 2014-08-30 23:07 - 000000000 ____D C:\Users\Ross\AppData\Local\QuickPar
 
==================== Files in the root of some directories =======
 
2015-07-18 11:05 - 2015-07-18 11:44 - 000000429 _____ () C:\Users\Ross\AppData\Roaming\01_01_2014_WAR
2016-01-30 17:39 - 2016-01-30 17:39 - 000000045 _____ () C:\Users\Ross\AppData\Roaming\WB.CFG
2017-05-06 21:13 - 2017-05-12 18:23 - 000000600 _____ () C:\Users\Ross\AppData\Local\PUTTY.RND
2017-05-29 17:03 - 2017-07-07 09:28 - 000007660 _____ () C:\Users\Ross\AppData\Local\Resmon.ResmonCfg
2017-04-14 07:19 - 2017-04-14 07:19 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-15 09:11
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by Ross (17-08-2017 10:26:21)
Running from D:\Downloads\bleepingComputer
Windows 10 Pro Version 1703 (X64) (2017-04-14 11:28:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3997761166-694740611-3261924530-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3997761166-694740611-3261924530-503 - Limited - Disabled)
Guest (S-1-5-21-3997761166-694740611-3261924530-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3997761166-694740611-3261924530-1002 - Limited - Enabled)
Ross (S-1-5-21-3997761166-694740611-3261924530-1000 - Administrator - Enabled) => C:\Users\Ross
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
ACP Application (HKLM\...\{F6191048-C738-9336-04C8-968455D82C31}) (Version: 2016.0718.1650.38 - Advanced Micro Devices, Inc.) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alienware TactX™ Mouse CI 1.00 (HKLM\...\{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}) (Version: 1.00 - Alienware)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Assassin's Creed Revelations (HKLM-x32\...\Uplay Install 40) (Version:  - Ubisoft)
ASTRONEER (HKLM\...\Steam App 361420) (Version:  - System Era Softworks)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BeamNG.drive (HKLM\...\Steam App 284160) (Version:  - BeamNG)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Big Pharma (HKLM\...\Steam App 344850) (Version:  - Twice Circled)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.8 - CodeStuff)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creativerse (HKLM\...\Steam App 280790) (Version:  - Playful Corporation)
Dig or Die (HKLM\...\Steam App 315460) (Version:  - Gaddy Games)
Discord (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Evolve (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Fund Manager (HKLM-x32\...\Fund Manager) (Version:  - Beiley Software)
Galactic Civilizations III (HKLM-x32\...\Steam App 226860) (Version:  - Stardock Entertainment)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive®)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HITMANâ„¢ (HKLM\...\Steam App 236870) (Version:  - Io-Interactive)
Home Design 3D (HKLM\...\Steam App 420000) (Version:  - Anuman Interactive)
I am Bread (HKLM\...\Steam App 327890) (Version:  - Bossa Studios)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{4a87bd28-a855-4a8d-b133-60ca8ccffd30}) (Version: 10.0.17 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
IPCWebComponents 3.0.0.1 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version:  - Squad)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.5.1 - Hermann Schinagl)
Mad Max (HKLM\...\Steam App 234140) (Version:  - Avalanche Studios)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
My Game Long Name (HKLM\...\UDK-f9f27db4-bb98-4869-aa33-c2d9df7bcdb5) (Version:  - Epic Games, Inc.)
My Summer Car (HKLM\...\Steam App 516750) (Version:  - Amistech Games)
NZB Completion Checker (HKLM-x32\...\{F24B72AD-16EA-4822-B537-A1E2F9B1C7C9}) (Version: 1.0 - Zoon Software)
NZBGet (HKLM-x32\...\NZBGet) (Version:  - Andrey Prygunkov)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version:  - Uber Entertainment)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prison Architect (HKLM\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.1.5 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Reassembly (HKLM\...\Steam App 329130) (Version:  - Anisoptera Games)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Ross (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Ross (HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
Roguelands (HKLM\...\Steam App 364420) (Version:  - SmashGames)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
Scribblenauts Unlimited (HKLM\...\Steam App 218680) (Version:  - 5th Cell Media)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARDR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skypeâ„¢ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Slime Rancher (HKLM\...\Steam App 433340) (Version:  - Monomi Park)
Sniper Elite 3 (HKLM-x32\...\U25pcGVyRWxpdGUz_is1) (Version: 1 - )
Software Inc. (HKLM\...\Steam App 362620) (Version:  - Coredumping)
Sonarr version 2.0 (HKLM-x32\...\{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 2.0 - Team Sonarr)
Space Engineers (HKLM\...\Steam App 244850) (Version:  - Keen Software House)
SPOREâ„¢ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
SPOREâ„¢ Creepy & Cute Parts Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Subnautica (HKLM\...\Steam App 264710) (Version:  - Unknown Worlds Entertainment)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TerraTech (HKLM\...\Steam App 285920) (Version:  - Payload Studios)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Escapists (HKLM\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Simsâ„¢ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)
Unity (HKLM-x32\...\Unity) (Version: 5.5.0f3 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Viscera Cleanup Detail (HKLM\...\Steam App 246900) (Version:  - RuneStorm)
Viscera Cleanup Detail: alpha v0.25
 (HKLM\...\UDK-825f17bc-0e3c-45e3-858f-4d11dce23f6c) (Version:  - RuneStorm
)
Viscera Cleanup Detail: Santa's Rampage (HKLM\...\Steam App 265210) (Version:  - RuneStorm)
Viscera Cleanup Detail: Shadow Warrior (HKLM\...\Steam App 255520) (Version:  - RuneStorm)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
War Thunder (HKLM\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Who's Your Daddy (HKLM\...\Steam App 427730) (Version:  - Evil Tortilla Games)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Filmora(Build 7.2.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02397438-F1D9-4690-87DF-28638A06B5AD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1EB23183-845C-4284-BC4A-6A7C8FC8551D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F7C7E64-68E1-419F-B3AD-787D68AEA284} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {2349AB97-E177-4207-BEAE-5D934B67907A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {258AE993-591E-4A01-AF82-4AB434C80B00} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {27226039-0754-43F1-8942-A53FF61A6A51} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E8CD4BB-FE24-4139-9C72-E19AF6E1380C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {43033C18-DEE1-4E43-8A91-15AA9C9AB3D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5719EC68-41DB-48F6-8FA9-54C6FA4DB217} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58BCBCCA-005D-41B5-A2AA-D49C357CC2BC} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] ()
Task: {6707ECF9-84A6-40F6-9C1A-8C976CA3F94D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6ED286CF-2165-48E3-B75B-5D66D76A4523} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {714A71DB-41B6-4A43-8C48-211C125FAB6B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BE0F363-A794-4DD8-BC36-7A2A86A30C66} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {7C631C6C-7A6A-42F2-8597-CD04FEED461F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F53E260-34DC-497B-A5E0-7D8A6675D419} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81A281BD-6624-4889-9644-ECC612985166} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8A0BF106-1136-4AC4-817E-5BFF6EEC031B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {94D2F468-7E7A-47A6-B870-7101C0C84ED9} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {A1FFFBA5-D06E-4A66-B68E-C4EBBFC1CA84} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A8908BB9-A83C-49E3-9B1D-9BAA07C340F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A9A46677-9408-430F-B159-34DCC631F11B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {AAE4D55F-96BB-495E-958E-A71788B4BB42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AB7348AB-828B-4EE9-8665-38D78CB3F795} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0A9FEBB-6316-4E17-B4C6-5196A3FC6924} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C7D3421F-D25B-4CFF-9B2B-73AFD295EDF4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CEB6CBBC-1EF6-4F5A-9CCD-F46B70D58A83} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D14D9F09-08B6-42BE-A7B2-2CF962EA9374} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E85748B3-C2F9-44DE-997E-4A6F0F2F8D07} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F7814744-50FC-4447-B6B3-8847F27EA822} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Ross\Desktop\Dad.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Ross\Desktop\Ross.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Ross\Desktop\School.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Amcrest Web View.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=oddndbjhpcpopbebhonolceinkbnheih
ShortcutWithArgument: C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\File System for Dropbox.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=hlffpaajmfllggclnjppbblobdhokjhe
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-14 07:19 - 2015-08-23 09:53 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-02-06 17:06 - 2016-02-08 17:19 - 000075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-09-24 19:20 - 2016-09-24 19:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-03-23 16:37 - 2010-08-10 21:37 - 000334848 _____ () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
2016-10-24 06:03 - 2016-10-24 06:03 - 000589512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2004-09-30 14:15 - 2004-09-30 14:15 - 000192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-07 17:53 - 2017-08-02 03:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-07 17:53 - 2017-08-02 03:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2017-04-14 07:19 - 2017-08-17 10:04 - 000035472 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-04-14 07:19 - 2015-08-23 09:53 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000228864 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000526848 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-10-10 12:46 - 2016-10-10 12:46 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-01-30 17:38 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ross\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\-windows 8 background windows 8 wallpaper planet earth in space x.jpg
DNS Servers: 192.168.1.23 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: afcdpsrv => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
HKLM\...\StartupApproved\StartupFolder: => "AWMouseCI.lnk"
HKLM\...\StartupApproved\Run: => "Kernel and Hardware Abstraction Layer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3997761166-694740611-3261924530-1000\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{38A78149-20CC-41A5-A48D-C15524B372CF}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{351A78E2-8AFE-4995-8900-1B31C6B3168F}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{248F10DE-2645-45E2-88C6-92BD303F7AB0}] => (Allow) D:\Games\Steam\SteamApps\common\Hitmanâ„¢\Launcher.exe
FirewallRules: [{59481A35-E625-482A-A199-C198B306D744}] => (Allow) D:\Games\Steam\SteamApps\common\Hitmanâ„¢\Launcher.exe
FirewallRules: [UDP Query User{2EBA4FEA-8190-45FE-B674-84A1B1BE24FD}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{0D67A613-775B-40E1-AEEE-242F25B3DF99}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{75E5F48F-71A5-432D-94D7-3BD7469BBA1D}] => (Allow) D:\Games\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{C4818938-ECEB-490E-A74D-561DEB743CFD}] => (Allow) D:\Games\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{3956D1FE-8091-4C1F-A0A5-26206814A57A}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{64AEA960-B1CD-4F7C-AC19-74CCB1378D68}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{2AD5F065-93E2-4F39-93CD-A1EB51187081}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2015-x64\Release\HomeDesign.exe
FirewallRules: [{D9ABC6FA-F229-4E6E-A35B-B82AF7BD2540}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2015-x64\Release\HomeDesign.exe
FirewallRules: [UDP Query User{E85E9A92-A65B-43CA-8882-3532D99D2E5A}D:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{4F2427A5-C359-41F8-9CA1-BA8EA9CD0D76}D:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{C84EC39D-2901-4F0E-B854-EEAAB7A41B03}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{0B8B9112-44D1-412A-9F4A-1D2D0FE6B328}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win64\UDK.exe
FirewallRules: [{433A5E7D-B932-4B3A-8E90-52C0B097EF4A}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{0524E897-7EE2-4C75-84A0-FB8FE30B0A04}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Santa's Rampage\Binaries\Win32\UDK.exe
FirewallRules: [{9DA44FBF-8C42-49B5-A1DA-0354AC01C79A}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{599800BE-C544-42D0-B394-D7A858F1B224}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{8A6DF752-C95D-4472-974C-A442AF83A241}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{00136111-E38B-493A-88C4-04AE366ABD3C}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BDFB7EAE-379A-474C-A844-5DF3006B5996}] => (Allow) D:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A18BC452-C71C-46D7-9A12-B39C5BC784A3}] => (Allow) D:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{7709A603-246B-487E-97E6-6A3F9483502E}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{33AE496E-9B5D-41CA-98AC-01C96C2DFE3E}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0E62FF0C-052C-48BB-B785-4DAB9F6C90E1}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{371DE545-DB9C-4F5F-BC7B-6807B677A2D2}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{647617CA-2E45-4798-9DC0-132AB7B6FF34}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{2D9130BA-0BFE-46C3-8834-F4F78A212399}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{E68FD8D3-2372-47E1-820F-6A93A5D27052}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{61B70F9E-D0D1-429E-B7D7-E3FB495C8A25}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{ECCBE014-2BB1-4AD2-AEBD-6CCFC47DBF59}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{ED371EF7-2A40-4EE0-A23D-721912FFFA8E}] => (Allow) D:\Games\Steam\SteamApps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{E2AA8BF5-F160-4443-AF5B-92B6975608F9}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\StardockLauncher.exe
FirewallRules: [{B56328FD-2D97-4356-B950-41909E192986}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\StardockLauncher.exe
FirewallRules: [{DDC8A04B-1322-42CF-9215-193D6B7B4FF2}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9642AFD1-AB6F-411E-92E9-E1723CD9B36F}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{1861951B-8454-4F99-8C34-5E0869821D0D}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{45597A94-1291-4DCD-B97A-E739BD32DA20}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{2B8BE57E-6B91-498D-867E-457447D08F4A}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{033F0370-75C8-4808-8590-E9A885435436}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{90C16C8D-A748-4E6F-B5CE-02DA78660513}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7489033B-C2FD-491C-8EAB-E624005353A9}] => (Allow) D:\Games\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{373FC6BE-9ABB-4264-AE4B-C0BDA398EE9F}] => (Allow) D:\Games\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{6FAA9474-F3E9-4922-BD41-CB72BAD5AE4C}] => (Allow) D:\Games\Steam\SteamApps\common\Scribblenauts\Scribble.exe
FirewallRules: [{D55B90B2-996D-4215-8B5A-6D8F9835668B}] => (Allow) D:\Games\Steam\SteamApps\common\Scribblenauts\Scribble.exe
FirewallRules: [{FB9DBF35-24FA-48D6-9EF0-C8895D6EBC05}] => (Allow) D:\Games\Steam\SteamApps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{4033A5F2-5F03-4D08-97C6-BBF93E26F53C}] => (Allow) D:\Games\Steam\SteamApps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{77E737AE-2657-438E-ACE2-CDDF37A245A3}] => (Allow) D:\Games\Steam\SteamApps\common\Software Inc\Software Inc.exe
FirewallRules: [{A5D0064F-2509-47DD-9FF3-7EF447B4E95D}] => (Allow) D:\Games\Steam\SteamApps\common\Software Inc\Software Inc.exe
FirewallRules: [{4AEB2B65-5DFA-48BA-815C-144677BF1C04}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{0A882806-2D15-4293-853B-12E820DE56B1}] => (Allow) D:\Games\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{92EBB8B3-AB08-4407-B8E6-4768063145B0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{69893BB0-205A-4D32-B243-AEB8D438A742}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E3F47FAA-CCBF-4C2F-A904-88FE2AD3F034}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{8FE208C5-A7B0-4E9B-A840-79A36F08EB58}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{F4D7F508-58B3-4355-8D89-6DA513049DA5}] => (Allow) D:\Games\Steam\SteamApps\common\The Escapists\TheEscapists.exe
FirewallRules: [{A8AC1ADB-F5AA-4C2D-96F6-FEA8F4E1E438}] => (Allow) D:\Games\Steam\SteamApps\common\The Escapists\TheEscapists.exe
FirewallRules: [{F6498414-0DF2-4F46-B713-FE55AE5EB5C1}] => (Allow) D:\Games\Steam\SteamApps\common\My Summer Car\mysummercar.exe
FirewallRules: [{780137E8-7FA1-49FC-AB85-E8007657313F}] => (Allow) D:\Games\Steam\SteamApps\common\My Summer Car\mysummercar.exe
FirewallRules: [{9F8326FD-4409-4F0C-A81B-ED41536CE139}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{0C0A77F5-55F0-4B86-9FB4-C98D9EE3B5C9}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{04E9713C-1F5C-4E6A-9D5A-3EC8366B1EBD}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{A26C53B2-4AEB-4C92-8B71-25E54C3FDEA8}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{5476EDA9-F6BF-43BE-9F57-021415901C93}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{74B86FE2-9DEB-485E-A793-FE395BC6AA90}] => (Allow) D:\Games\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{36EA735F-93FB-4090-9D58-B888DE17985E}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2010-x86\Release\HomeDesign.exe
FirewallRules: [{C9D095AE-B2B8-4C71-9BE8-04C755369461}] => (Allow) D:\Games\Steam\SteamApps\common\Home Design 3D\Bin\vs2010-x86\Release\HomeDesign.exe
FirewallRules: [{A69EC939-7530-49E4-8687-90509CC0C063}] => (Allow) D:\Games\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{E40976FC-6E98-4552-A380-C9784F13BD2E}] => (Allow) D:\Games\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{EF1EF9BF-7EA2-48C4-AE43-ECCF4A4917ED}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{5AF26079-33F3-45C8-8EE7-D0A49EE39A13}] => (Allow) D:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{9C8A30E0-D71D-4DC4-83F5-F30BB4C30877}] => (Allow) D:\Games\Steam\SteamApps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F0EA1BB9-9694-4328-990F-91644676A1B6}] => (Allow) D:\Games\Steam\SteamApps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{1D44470F-C211-4981-934F-7EA9EA6BED18}] => (Allow) D:\Games\Steam\SteamApps\common\Big Pharma\Big Pharma.exe
FirewallRules: [{176EF670-11FC-4498-AA23-3F3E52B98038}] => (Allow) D:\Games\Steam\SteamApps\common\Big Pharma\Big Pharma.exe
FirewallRules: [{1CA13A4C-B2C5-4AB5-B8C9-AEC8B86797E9}] => (Allow) D:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{28557803-E9D8-483B-BC94-6CDCDD684D4A}] => (Allow) D:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{4DD09491-A085-467F-99AF-8861F2524D97}] => (Allow) D:\Games\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{DE3AD877-0D0E-4D6E-B63B-A3ACD3D5B779}] => (Allow) D:\Games\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{B282449A-B7D4-437A-AA0D-9FBB9A95DF72}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{FE53D29D-93F8-4F51-9D3F-175481D6EC70}] => (Allow) D:\Games\Steam\SteamApps\common\Reassembly\win32\ReassemblyRelease.exe
FirewallRules: [{6A85B081-C3BE-4CF4-B6F0-835E8EFF0438}] => (Allow) D:\Games\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{243501AA-9AFC-4B5D-A5E4-AD4890627A41}] => (Allow) D:\Games\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{0053F8E5-0FAE-4134-BD7E-8014B63CE46A}] => (Allow) D:\Games\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{902BFE88-426C-4BBB-92C5-15D255B4517D}] => (Allow) D:\Games\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{406FB2CA-CD65-47AC-B612-68BBFE403313}] => (Allow) D:\Games\Steam\SteamApps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{094DBBBE-541A-411C-B984-4A15D8B01D69}] => (Allow) D:\Games\Steam\SteamApps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [UDP Query User{15CCF9DF-2083-4E06-BA62-A4F606F6A0DE}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{64D83101-822F-4358-B21A-6AB6A6F1E34C}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{2CC5C067-B822-42DB-93AF-F5DF6A537C45}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{1A4042C9-84ED-4945-801A-C8F9188720CE}] => (Allow) D:\Games\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{AA8CA176-17D6-4344-9E2A-92D7FB56A50C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23DCB194-8922-4802-A584-FCDC8742CD76}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6900FFBB-90AB-4FFA-93D0-5B7F0E7F8207}] => (Allow) D:\Games\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{A28169A4-48AE-4C4A-891B-3ECFB6223092}] => (Allow) D:\Games\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{D832E54F-E0CD-41FC-BD85-877D2C6C741B}D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{DC920217-5BAA-47EC-9955-CFBF57887BF1}D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) D:\games\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{8218616B-83D2-4BFF-8E45-BF6CDAD92955}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{24B5C092-2CC3-4822-B4AB-A877809C799D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{CA2E24C8-DE67-48FD-8BEE-F59434487BC0}] => (Allow) D:\Games\Battle.net\Battle.net.exe
FirewallRules: [{D1448A8E-231A-4A6B-BEA7-AA0459F61CF4}] => (Allow) D:\Games\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{9F8E7653-049A-4759-B265-6F84EA562759}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{ABA8C5B9-6368-4BD4-99CE-5BBD013DB645}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{CE065C3A-981D-41BB-A525-2ECA0A9D312C}D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [UDP Query User{94BCDC9F-CF0C-4EC5-A100-7432589E824D}D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) D:\downloads\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [{132FCBE8-7632-4CD2-9684-0011936E0A93}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{1D20C4A3-0CA8-471C-9A37-10408ABEE964}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{4B0D88B7-AF10-4B9B-9C33-67F95BE2B956}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{B9B79AD9-0C22-46C4-B104-F9DCF0D2FD8B}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{6E837903-03D9-4575-90A7-B8990B2670B9}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{745643B3-8840-4534-A04F-722CA1D522EC}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{25E77128-3C6B-4B8F-BA25-43A795A1C0F3}] => (Allow) D:\Games\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{A52A7CDE-2589-4BD5-8F45-A51A5EDBD2AD}] => (Allow) D:\Games\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{DC25E6D1-FF71-4748-9C7A-30506920D328}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8023040D-1A70-4B1E-B674-15E8B03501E8}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E4560619-6675-4C2C-BB8B-391756F8E82D}] => (Allow) D:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{283BA33B-3A86-4F0E-B634-A26DF0BD4710}] => (Allow) D:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{EABFDD7C-C89D-4B4F-A024-53B888B8E04A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{DE4AB65D-1FA7-4647-A87E-0D22CB11A6CF}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{066A268C-EB02-4464-98E0-603979AAAFD3}] => (Allow) D:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B1996E1A-A163-42C7-852C-68C07651B6DC}] => (Allow) D:\Games\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{4014668A-B8EC-4DED-9349-5632AB2AD9B6}D:\games\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\games\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{D91EF495-52B6-4BAE-89F1-8002B1EF562E}D:\games\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\games\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{EB55F472-BB3E-419A-808D-D6354EAE8230}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{85CA62A5-7BEF-49BF-9194-923129B9BE5A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{77703349-8EB9-4F3F-A0DD-1AD57BDD9677}] => (Allow) D:\Games\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{86433954-27D0-491F-B0C7-30368640BD9B}] => (Allow) D:\Games\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{DA5BA918-2019-44F2-A9F3-F0F86FF28E24}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{3CA14FDC-46E3-4F95-B65F-4634B619B229}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{EF8C7433-6837-4430-A72E-371ACAB712A1}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
FirewallRules: [{3EA245A6-6FDF-4588-B4DA-06CE6D0F243B}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
FirewallRules: [{CFC2E322-4FC5-4922-8C11-5689337C928C}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
FirewallRules: [{73E6BAB6-F4BB-4210-AAD2-992E0B6CE413}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
FirewallRules: [{51345407-CB23-464A-BFCA-A90E4C93717C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{58089F56-A0D3-49E6-BCE8-FB37A2E86546}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{853CC065-89CA-49B8-B2FF-95FCCC9D0109}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{11CDC902-DC7D-46B1-9714-89A2C8715013}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{450D1029-D3BF-4025-9EB8-C2D4A99064E5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EBD58468-C2B7-47D8-B6ED-14518911373A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{73A74F42-A4B9-4E21-A00B-44299A5CD3D2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{E80D6BB2-A886-4F19-96E1-947E413B0E69}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{32FD6464-5BC8-4318-A1A6-CCC66A631310}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{CD99B876-844D-4A7D-958F-835B0064F0F5}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6B5971D4-A049-4E48-8F39-07B84AC53623}] => (Allow) D:\Games\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D0F8142E-B504-4F33-85B1-507B3967220D}] => (Allow) D:\Games\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D516882B-8311-4D3C-9D6A-6680783AB752}] => (Allow) D:\Games\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{02E7813D-829B-4B37-9563-D7F6A0DEB694}] => (Allow) D:\Games\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E4204F0E-F7C6-4D8F-91C4-C7A47668079C}] => (Allow) D:\Games\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{E6C50B86-A9C4-4509-8505-ACFBFBB33725}] => (Allow) D:\Games\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{C4204064-7477-4928-91CF-2027D7DEE12F}] => (Allow) D:\Games\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{67399486-410B-4960-84E8-B38BF10643F8}] => (Allow) D:\Games\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{57A7FBC6-6B70-4742-A501-6C5BAA9AAAB5}] => (Allow) D:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{739A1219-05CC-4802-B5DE-92F801D93039}] => (Allow) D:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{01B22787-47D1-4F72-9528-20B014FA4AEC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{050118EC-F98E-4F9B-8409-0EAEECACB29F}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{13B53C78-076B-4B8D-8ABC-D83794C77766}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{675F021F-6D2B-41CA-BCAF-EC1CC551D640}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{184ABEB5-2937-461E-9607-43B8887C1FA3}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{22250AE9-6496-47DE-BC00-A715DC412D54}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{21765BF2-94A5-412A-A9DF-1A06A6C7FCD6}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{544E618B-4F34-45F0-9D9F-E1E8AE5106C5}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRPR.exe
FirewallRules: [{2F69961B-C711-4477-9EB1-E19C7165FF60}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRPR.exe
FirewallRules: [{FDFCB65B-B8C8-48F0-A011-06CECFE6C911}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{500CF9E0-E628-4E80-B9DA-7D38B291AA2B}] => (Allow) D:\Games\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{9C07E6E0-C75C-483A-B7A9-3C4002417B73}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6F41C701-4969-459C-AF03-7F0513FD9826}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F7CE91D-B533-4D9F-BB16-2DD348555C60}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A91BE814-4852-4F21-8180-B0295F348AA6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{A930C872-98AE-45F8-9695-0F2AA019C705}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{7F15143F-25B5-4A1D-B7F6-E4C3F3F99AB0}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{831099D8-AA23-4822-ABF1-006852AB1AD1}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{C4F63BB0-4742-48D0-862C-48D8ADE486A4}] => (Allow) D:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{51F3D3DB-C6EA-432D-8996-35ABB9DE6863}] => (Allow) D:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{27B3F4C6-BE43-4EC6-B01B-CCE2CD718854}] => (Allow) D:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9EBB55AF-F9AC-430B-9D51-E7DE7C321D02}] => (Allow) D:\Games\Steam\SteamApps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{1D9D04DD-5D2E-4086-86C0-2110B4661B68}] => (Allow) D:\Games\Steam\SteamApps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{23CDDA54-50E7-4613-A64B-32DE40B0368E}] => (Allow) D:\Games\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{0C14AC25-9240-4BCA-8B2D-C7E555D2805A}] => (Allow) D:\Games\Steam\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{52B5C928-05CD-450E-BAAE-2F2987B67CAC}] => (Allow) D:\Games\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{48F6CD48-A7F4-4D87-BF17-ACE7B265DE3E}] => (Allow) D:\Games\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{BAC0637D-73A1-416A-AE1D-699C6121D9F6}] => (Allow) D:\Games\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{2727EDCC-50C0-49A3-8A8B-132FEE734048}] => (Allow) D:\Games\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{25FD926A-F44C-456D-BDE0-0175015C66A6}] => (Allow) D:\Games\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B970F65E-7A45-4983-8C85-EEE6C1EEBEA7}] => (Allow) D:\Games\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{78797074-2711-4596-BE88-674FEA336C5F}] => (Allow) D:\Games\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{2FCCD648-6EA1-4D04-9CD0-AA9BF934E96B}] => (Allow) D:\Games\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{19826475-AB64-4DFA-B8E4-0B7A40A0D442}] => (Allow) D:\Games\Steam\SteamApps\common\Roguelands\Roguelands.exe
FirewallRules: [{C2EF92C1-AE97-4214-A52A-D507F19BF7E5}] => (Allow) D:\Games\Steam\SteamApps\common\Roguelands\Roguelands.exe
FirewallRules: [{D299A665-1A68-487A-AEE6-E1736B454DED}] => (Allow) D:\Games\Steam\SteamApps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{C819F525-FD13-4C6C-B235-BB2C1C2A9F4E}] => (Allow) D:\Games\Steam\SteamApps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{4A49F434-14F5-4D5D-8FCF-519EA5772C60}] => (Allow) D:\Games\Steam\SteamApps\common\iambread\IamBread.exe
FirewallRules: [{332BB20E-E9E9-4107-B736-1456B31E8234}] => (Allow) D:\Games\Steam\SteamApps\common\iambread\IamBread.exe
FirewallRules: [{09876243-F003-409E-A9B2-CBEB425BCEE6}] => (Allow) D:\Games\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{8E9F2DDE-83EE-4627-82DB-70980EB15827}] => (Allow) D:\Games\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{3299567D-6C54-41A3-86B0-406C13EE0F36}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{E9F4E261-5FCF-4F81-B60B-E3F247503889}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{E10677B4-4C4D-44C0-9474-82137676DC36}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{01E2F8C9-5405-40D6-9D7F-C20BF42FF413}] => (Allow) D:\Games\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A7D8CC9E-049C-4A40-8AEE-EF19CF163795}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{8EB996B3-068A-419A-958B-7EC8658C2DD8}] => (Allow) D:\Games\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [TCP Query User{AD46FB66-1487-4A01-BBE0-81E149D81E90}C:\program files (x86)\nzbget\nzbget.exe] => (Allow) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [UDP Query User{D15A3935-9027-423D-ACD0-5EE67CB14249}C:\program files (x86)\nzbget\nzbget.exe] => (Allow) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [{06F15E57-CA8E-49F3-95BC-588FA0AD6100}] => (Allow) D:\Games\Steam\SteamApps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{122C1115-1F14-4006-BC17-A302303725C1}] => (Allow) D:\Games\Steam\SteamApps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [TCP Query User{27FD50FB-EFE9-4106-8BD8-2A8509CF35B5}D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{1CA12608-2039-441A-BA31-B8906DAF26D4}D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{01362FC1-A880-47D7-954A-D13A1AB5B35E}] => (Allow) D:\Games\Steam\SteamApps\common\Dig or Die\DigOrDie.exe
FirewallRules: [{158EAB88-6E3B-41A7-AECD-7C7445F27EB4}] => (Allow) D:\Games\Steam\SteamApps\common\Dig or Die\DigOrDie.exe
FirewallRules: [{FB257F85-E717-4453-940E-186BE325AE03}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{77B5F704-FE73-4E2B-AAEE-F6B10B9BE70F}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{33A0A5C0-4404-4977-AED5-FE6B7056CDF6}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{FCD83636-1529-42CC-9096-1587533FF758}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{60E9EA4A-96D8-4FA9-BB9F-E93648AE3F24}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{1D75155A-A7DE-42EA-996C-A3136DBFB858}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{B8BF6366-82EE-497E-AD30-2D98017BED34}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{3ED56618-07E0-4186-BC7F-C5E28D1D5CCE}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{AE6117E4-83AB-4A53-B2F8-48EE89D6F6DD}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A3A849C4-3ADA-49B7-A7A1-BE20FD4228EA}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{1B501078-D61C-4320-8961-BD93321F2FEB}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{05D805F9-9C13-470C-862C-BE65E8AE7556}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{62E52FFD-8463-441F-ACC0-D4112EDCB945}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{1226EEB1-0AAD-4047-9BCC-5F9152481232}] => (Allow) D:\Games\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [TCP Query User{924A9CCB-8EE8-4B66-9BE2-71EE5B7829E4}D:\games\crossout\launcher.exe] => (Block) D:\games\crossout\launcher.exe
FirewallRules: [UDP Query User{0933D952-9632-4F6D-AD65-B1C12CBA0D5C}D:\games\crossout\launcher.exe] => (Block) D:\games\crossout\launcher.exe
FirewallRules: [{7FC2AB62-5726-4FE8-A6EA-26C3EAABBEBC}] => (Allow) D:\Games\Steam\SteamApps\common\Hitmanâ„¢\Launcher.exe
FirewallRules: [{1795A596-41CA-400F-872D-284206DE16F6}] => (Allow) D:\Games\Steam\SteamApps\common\Hitmanâ„¢\Launcher.exe
FirewallRules: [{2649E0B5-05A2-4C0F-BBD2-AFE0A7FAF82C}] => (Allow) D:\Games\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{3C0E9DDE-9216-496C-B434-46783E72D36A}] => (Allow) D:\Games\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{645F9B58-0E22-4BD2-A25E-4DE1E7A39C8E}D:\games\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{5292BB88-9D65-4B47-9754-59B531FE1A2B}D:\games\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{1CA23927-65FA-4BF1-A775-F7A39F69DE91}] => (Block) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{EA7B1151-F5CB-4D0F-AD35-9315B580C3BF}] => (Block) D:\games\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{B496067F-0160-44C6-8CC0-98971B4FF734}] => (Allow) D:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D341D348-3AE4-4DA1-8FC7-D1A4062B654F}] => (Allow) D:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C0A59CDE-F5A0-44D9-95A2-ACC8884D7EED}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{96D2B85A-F28F-4AF3-B4A0-2F7996732D8F}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{A4B910CE-B93A-4897-8B13-FEBEFE06F2CA}] => (Allow) D:\Games\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C712699A-7382-48A5-9D0B-8C1849D63760}] => (Allow) D:\Games\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{D139EB7E-E91F-44D1-BF36-FE7062BBB1D0}D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{B267D001-2EA9-4356-BACE-DF3F86BBD7EC}D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\games\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{2FD6ADDB-457A-41AD-A2CB-940292D2A7A8}] => (Allow) D:\Games\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{B877B750-DB11-4E5D-8A89-F4AEB05E5C31}] => (Allow) D:\Games\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{7F0A6342-62ED-4F33-9840-950AD4A61662}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E6DD130E-C44D-4F66-B4DC-C1D698B5662F}] => (Allow) D:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{58AB4C57-245E-4290-AF25-5FBFCA4522DE}] => (Allow) D:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4691C12A-3660-4766-BF94-D66BA25E00D6}] => (Allow) D:\Games\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{FF9CD2C3-0B4E-4FBD-ACB8-614852F5E371}] => (Allow) D:\Games\Steam\SteamApps\common\Factorio\bin\x64\factorio.exe
 
==================== Restore Points =========================
 
29-07-2017 08:34:14 Revo Uninstaller Pro's restore point - Open Broadcaster Software
08-08-2017 21:33:48 Scheduled Checkpoint
15-08-2017 08:06:37 Revo Uninstaller Pro's restore point - Portal Stories: Mel
15-08-2017 08:36:26 Revo Uninstaller Pro's restore point - Forts
15-08-2017 08:42:48 Revo Uninstaller Pro's restore point - Ethereum Ethereum-Wallet
15-08-2017 08:43:14 Revo Uninstaller Pro's restore point - Ethereum Mist
17-08-2017 07:56:16 Revo Uninstaller Pro's restore point - PC Tools Registry Mechanic 11.1
17-08-2017 07:57:47 Revo Uninstaller Pro's restore point - LogMeIn Hamachi
17-08-2017 07:57:58 Removed LogMeIn Hamachi
17-08-2017 08:03:28 Revo Uninstaller Pro's restore point - Octodad Dadliest Catch
17-08-2017 08:04:36 Revo Uninstaller Pro's restore point - Surgeon Simulator 2013 Steam Edition 1.0
17-08-2017 10:03:17 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2017 10:20:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/17/2017 10:04:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROSS-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (08/17/2017 10:26:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft Photos.
 
Error: (08/17/2017 10:26:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Xbox.
 
Error: (08/17/2017 10:26:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Camera.
 
Error: (08/17/2017 10:26:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft .Net Native Runtime Package 1.6.
 
Error: (08/17/2017 10:26:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft .Net Native Framework Package 1.6.
 
Error: (08/17/2017 10:26:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 3D Builder.
 
Error: (08/17/2017 10:26:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: MSN Weather.
 
Error: (08/17/2017 10:26:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Application:9WZDNCRFJ3PT-Submission:1152921504626818499.
 
Error: (08/17/2017 10:26:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Alarms & Clock.
 
Error: (08/17/2017 10:26:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Application:9WZDNCRFJ364-Submission:1152921504626788769.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-17 08:49:33.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-16 09:19:41.559
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-15 09:11:16.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-11 08:51:23.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-10 12:19:04.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-09 08:16:17.666
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-29 11:21:31.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-26 11:40:40.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-25 13:20:06.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-14 22:52:56.960
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8132.42 MB
Available physical RAM: 5070.88 MB
Total Virtual: 16324.42 MB
Available Virtual: 12848.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.81 GB) (Free:136.55 GB) NTFS
Drive d: (Storage) (Fixed) (Total:1863.01 GB) (Free:981.97 GB) NTFS
Drive e: (backup) (Fixed) (Total:465.76 GB) (Free:414.05 GB) NTFS
Drive z: () (Network) (Total:1862.36 GB) (Free:1290.38 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: B2E9F0B2)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4DA96056)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 20732CA8)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 flyboy320

flyboy320
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 18 August 2017 - 06:14 AM

Files have returned, seems I'm still infected.



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:33 PM

Posted 20 August 2017 - 08:28 AM

Hi flyboy320,

 

We need to remove the VPN adapter that we broke by deleting the files earlier.

  1. Go to “Network and Sharing Center” from the control panel
  2. Click “Change adapter settings” in the left pane.
  3. Then you can see the adapters and the VPN connection, just right-click on the VPN connection and select Delete.

Next...

 

Before moving forward at this stage could you please wait until the files appear again, then a load a couple of them to www.virustotal.com.

 

Please copy the links of the results into your response.

 

Next...

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

FirewallRules: [{EABFDD7C-C89D-4B4F-A024-53B888B8E04A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{DE4AB65D-1FA7-4647-A87E-0D22CB11A6CF}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{EB55F472-BB3E-419A-808D-D6354EAE8230}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{85CA62A5-7BEF-49BF-9194-923129B9BE5A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{DA5BA918-2019-44F2-A9F3-F0F86FF28E24}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{3CA14FDC-46E3-4F95-B65F-4634B619B229}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{EF8C7433-6837-4430-A72E-371ACAB712A1}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
FirewallRules: [{3EA245A6-6FDF-4588-B4DA-06CE6D0F243B}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
CreateRestorePoint:
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log.

 

We need to scan the drive with the problem, but to do that effectively we should connect it to your PC. To ensure that the drive doesn't infect your machine directly we need to disable AutoRun.

 

Please create a new text file and copy these lines inside

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoAutorun"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoAutorun"=-

Now save that file as disableautorun.reg

 

Now double-click the file and add the information the registry.

 

Next...

 

Please attach the drive directly to your PC

 

Next...

 

eset-mobile-security_5619.png?width=64&a  ESET Online scanner

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

  • click "SCAN NOW"

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.


  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications
  • Do not change any of the Advanced options
  • Click Scan.

ESET will then download updates and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes click Save to a text file and save it to your desktop. Note: If no malware was found you will not get a list.
  • Click Do not clean
  • Check Remove application data and then click Finish
  • Please copy the log in your reply.

 

Please include in your reply

  • virustotal links
  • FRST fix log
  • ESET scan log
  • Are there other machines accessing the router also, or is your machine the only one on the network?

John

 

 



#8 flyboy320

flyboy320
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 21 August 2017 - 05:59 PM

We need to remove the VPN adapter that we broke by deleting the files earlier.

 

1. Go to “Network and Sharing Center” from the control panel

2. Click “Change adapter settings” in the left pane.

3. Then you can see the adapters and the VPN connection, just right-click on the VPN connection and select Delete.

 

The option to delete the VPN device is grayed out so I cannot delete it. Is there something else I can try?

 

Having said that I think I have found the cause of the trojan files showing up on my network drive. The only other computer connected to it is my Raspberry Pi running Kodi. I had a thought that perhaps one of the addons in Kodi was causing the issue. So I powered down the RP (it was always powered on), and in the last three days, the file hasn't shown up (prior to this it was showing up every day at least once). That perhaps explains why the trojan files were only showing up on my network drive, and not any of the other three drives on my desktop.

 

Ill report back if the files return, but in the mean time, thanks a million for all your help :)



#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:33 PM

Posted 22 August 2017 - 02:39 AM

Hi flyboy320,

 

It's good to hear that you may have discovered the source of the infection.

 

Sad to say though that as your Kodi system is running on Raspberry Pi, which is Linux based, there is no way you can ever trust that operating system again. Linux is easily manipulated in ways that cannot be detected by scanners. You will need to re-flash the box with a fresh operating system image and reinstall Kodi. Have you done this before? Do you need assistance?

 

Let's finish cleaning up your other machine though...

 

Let's try another way of removing that VPN adapter

  1. Use hotkey Win+R to open the Run dialog.
  2. In the Run dialog, type devmgmt.msc and press Enter. This will open the Device Manager window.
  3. In the Device Manager window, click the arrow next to Network adapters,
  4. Right-click on the VPN adapter and choose Uninstall.

 

Let's still remove the other unwanted entries and scan your drives for leftover malicious files.

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

FirewallRules: [{EABFDD7C-C89D-4B4F-A024-53B888B8E04A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{DE4AB65D-1FA7-4647-A87E-0D22CB11A6CF}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{EB55F472-BB3E-419A-808D-D6354EAE8230}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{85CA62A5-7BEF-49BF-9194-923129B9BE5A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{DA5BA918-2019-44F2-A9F3-F0F86FF28E24}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{3CA14FDC-46E3-4F95-B65F-4634B619B229}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{EF8C7433-6837-4430-A72E-371ACAB712A1}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
FirewallRules: [{3EA245A6-6FDF-4588-B4DA-06CE6D0F243B}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
CreateRestorePoint:
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log.

We need to scan the drive with the problem, but to do that effectively we should connect it to your PC. To ensure that the drive doesn't infect your machine directly we need to disable AutoRun.

 

Please create a new text file and copy these lines inside

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoAutorun"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoAutorun"=-Now save that file as disableautorun.reg

Now double-click the file and add the information the registry.

 

Next...

 

Please attach the drive directly to your PC

 

Next...

 

eset-mobile-security_5619.png?width=64&a  ESET Online scanner

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

  • click "SCAN NOW"

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.


  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications
  • Do not change any of the Advanced options
  • Click Scan.

ESET will then download updates and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes click Save to a text file and save it to your desktop. Note: If no malware was found you will not get a list.
  • Click Do not clean
  • Check Remove application data and then click Finish
  • Please copy the log in your reply.

 

Please include in your reply

  • Do you require assistance re-installing your Raspberry Pi?
  • FRST fix log
  • ESET scan log

John



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:33 PM

Posted 24 August 2017 - 05:43 PM

Hi flyboy320,

 

It's been a few days, do you still require assistance?

 

John



#11 flyboy320

flyboy320
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 24 August 2017 - 05:46 PM

Hi John. Yes I might. I placed an old backup image on my RP3 which I was sure was free from any Trojans, but the files re-appeared yesterday so I have turned off the RP3 for now and I'll see if the files return. If you could give me a few more days to see if they come back that would be great, thanks :)



#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:33 PM

Posted 24 August 2017 - 05:57 PM

No problem at all. Just let me know when you are ready.



#13 flyboy320

flyboy320
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 26 August 2017 - 03:43 PM

So the files have returned (with my Raspberry Pi offline), so I assume the trojan/virus is somewhere on my local drive.

 

I have uploaded the photo.scr file to virustotal and here is the link to the result;

 

https://www.virustotal.com/#/file/807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d/detection

 

I have also seen since the drive has been connected directly to my computer, there are some other files that have turned up that are trojans as well They are usually xml  files, and here is the link from virustotal;

 

https://www.virustotal.com/#/file/0c4dee0184faf43eeaf19ffd42d9d93e222ee94cfa95c2e8932c54640e46b2ab/detection

 

Here is a copy of the ESET scan log;

 

G:\Photo.scr Win32/Crytes.AA worm
G:\Computer backups\LeTV\Backup ROM's\TWRP Backups\AOSP pkphilip\system.ext4.win a variant of Android/Spy.Agent.WU trojan
G:\Computer backups\LeTV\Backup ROM's\TWRP Backups\MIUI full\system.ext4.win a variant of Android/Apptrack.D potentially unwanted application
G:\Computer backups\LeTV\Backup ROM's\TWRP Backups\Original shipped ROM\system.ext4.win000 multiple threats,a variant of Android/TrojanDownloader.Agent.EZ trojan,a variant of Android/TrojanDownloader.Agent.EB trojan,a variant of Android/Agent.PK trojan
G:\Computer backups\Nook HD+\Nook2016-01-04--10-34-36\data.ext4.win a variant of Android/AdDisplay.AirPush.G potentially unwanted application
G:\My Documents\Nook Backup\B&N original ROM\backup\2013-10-19.17.15.16\system.ext4.tar.a a variant of Android/Agent.AW trojan
G:\My Documents\Nook Backup\Xperia\2\data.ext4.tar.a a variant of Android/AdDisplay.AirPush.G potentially unwanted application
 
It didn't find anything on my C, D, or E drive, just my G drive (which is my network drive connected directly to my PC). The first one is the trojan file that keeps appearing when the drive is hooked up to my router as a network drive. The other trojans seem to be related to backup of my phone's ROM (anything under LETV) as well as the backups of my Nook reader's ROM. I'm not sure how these could be trojans as they are just backups of the cell phone and my Barnes & Noble Nook reader?
 
Here is the FRST fix log;
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Ross (26-08-2017 08:13:45) Run:3
Running from D:\Downloads\bleepingComputer
Loaded Profiles: Ross (Available Profiles: Ross)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
FirewallRules: [{EABFDD7C-C89D-4B4F-A024-53B888B8E04A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{DE4AB65D-1FA7-4647-A87E-0D22CB11A6CF}] => (Allow) C:\Users\Ross\AppData\Local\Temp\crhome.exe
FirewallRules: [{EB55F472-BB3E-419A-808D-D6354EAE8230}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{85CA62A5-7BEF-49BF-9194-923129B9BE5A}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftA795.tmp\Printer.exe
FirewallRules: [{DA5BA918-2019-44F2-A9F3-F0F86FF28E24}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{3CA14FDC-46E3-4F95-B65F-4634B619B229}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pftABE9.tmp\Printer.exe
FirewallRules: [{EF8C7433-6837-4430-A72E-371ACAB712A1}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
FirewallRules: [{3EA245A6-6FDF-4588-B4DA-06CE6D0F243B}] => (Allow) C:\Users\Ross\AppData\Local\Temp\pft1056.tmp\Printer.exe
CreateRestorePoint:
*****************
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EABFDD7C-C89D-4B4F-A024-53B888B8E04A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE4AB65D-1FA7-4647-A87E-0D22CB11A6CF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB55F472-BB3E-419A-808D-D6354EAE8230} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85CA62A5-7BEF-49BF-9194-923129B9BE5A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA5BA918-2019-44F2-A9F3-F0F86FF28E24} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CA14FDC-46E3-4F95-B65F-4634B619B229} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF8C7433-6837-4430-A72E-371ACAB712A1} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3EA245A6-6FDF-4588-B4DA-06CE6D0F243B} => value not found.
Restore point was successfully created.
 
==== End of Fixlog 08:14:01 ====

Edited by flyboy320, 26 August 2017 - 05:05 PM.


#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:12:33 PM

Posted 29 August 2017 - 04:09 PM

Thanks for your patience flyboy320. I've had some personal matters to attend to and will respond to your thread as soon as possible.

 

John



#15 flyboy320

flyboy320
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 29 August 2017 - 04:54 PM

No problem John, no rush :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users