Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disk Usage Always 100% When IDLE Until I Move Mouse/Open Task Manager


  • This topic is locked This topic is locked
6 replies to this topic

#1 lemote

lemote

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 03 October 2017 - 07:01 PM

My disk usage is always 100% when idle until I come back to my computer and move my mouse around or open task manager. Sometimes, it continues to maintain high usage even when I move the mouse around, but more times than not it has been prone to stopping when I come back. I've read and seen that this is potentially a bitcoin miner, but I cannot figure out what type or where it is. My svchost.exe has been quite high in disk usage, but it is the svchost.exe file in the Sys32 folder which I've read should not be the culprit (the one in the temp folder should be). I am willing to get rid of uTorrent if need be!

 

   LOGS:

FRST.txt

 

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Users\Eyob Melesse\Desktop\MalwareRemoval\adwcleaner_7.0.2.1.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480584 2017-07-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [130808 2017-07-17] (Intel)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2017-09-16] (Valve Corporation)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Spotify] => C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe [20803184 2017-10-02] (Spotify Ltd)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe [3229160 2017-05-28] (Blizzard Entertainment)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Romaco Timeout] => C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe [769536 2012-12-30] (Romaco Canada)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Spotify Web Helper] => C:\Users\Eyob Melesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-02] (Spotify Ltd)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Black Desert Online\DGCefBrowser.exe [3450240 2017-03-02] (Kakao Games Europe B.V.)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Black Desert Online\DGCefBrowser.exe [3450240 2017-03-02] (Kakao Games Europe B.V.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-08-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-08-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-08-25]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{4a369b14-d295-43fb-9e84-6df988d5c0ce}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4a369b14-d295-43fb-9e84-6df988d5c0ce}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{fea16690-f628-4ed7-8443-cb1b203c43bc}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-02-16] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-02-16] (LastPass)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-02-16] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-02-16] (LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ybzp7w2y.default
FF ProfilePath: C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default [2017-10-03]
FF Extension: (Test Pilot) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\@testpilot-addon.xpi [2017-09-21]
FF Extension: (MEGA) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\firefox@mega.co.nz.xpi [2017-09-28]
FF Extension: (Lazarus: Form Recovery) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\lazarus@interclue.com.xpi [2016-10-11]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\support@lastpass.com [2017-09-28]
FF Extension: (Suspend Tab) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\suspendtab@piro.sakura.ne.jp.xpi [2016-11-12]
FF Extension: (Wayback Machine) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\wayback_machine@mozilla.org.xpi [2017-02-28]
FF Extension: (Session Manager) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-09-14]
FF Extension: (Adblock Plus) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-01]
FF Extension: (Greasemonkey) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-02]
FF Extension: (YouTube Flash Video Player) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-09-21]
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-10-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-13] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-02-16] (LastPass)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [No File]
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Eyob Melesse\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-02-16] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)
FF Plugin HKU\S-1-5-21-1084774566-2120172311-3928770883-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-09-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2008-07-08] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-12]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-21]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-21]
CHR Extension: (Session Manager) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-02-14]
CHR Extension: (iCloud) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2017-01-30]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-21]
CHR Extension: (Green Assistant) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bncccjepkagemgfhbeknoggaadchfcfb [2017-08-07]
CHR Extension: (Adblock Plus) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Pandora) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2017-01-30]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-12]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-31]
CHR Extension: (Music Player for Google Drive) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2017-01-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-01-30]
CHR Extension: (Matthew Bauer) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhficiigpnhhaojldmanflihieepanbb [2017-04-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-28]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-01-30]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2017-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bncccjepkagemgfhbeknoggaadchfcfb] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-06-06] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-07-17] (Intel)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-09] (EasyAntiCheat Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-07-18] (Malwarebytes Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-14] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [542672 2016-05-10] (Intel Corporation)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77432 2017-07-18] ()
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2017-09-08] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-31] (REALiX™)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2017-03-18] (Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81736 2017-07-27] (Insecure.Com LLC.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [38368 2017-09-03] (Wellbia.com Co., Ltd.)
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-03 19:47 - 2017-10-03 19:47 - 000029645 _____ C:\Users\Eyob Melesse\Desktop\FRST.txt
2017-10-03 19:47 - 2017-10-03 19:47 - 000000000 ____D C:\FRST
2017-10-03 19:42 - 2017-10-03 19:45 - 002399744 _____ (Farbar) C:\Users\Eyob Melesse\Desktop\FRST64.exe
2017-10-02 21:54 - 2017-10-02 21:55 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-02 21:54 - 2017-10-02 21:54 - 006654960 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet_2.exe
2017-10-02 21:54 - 2017-10-02 21:54 - 006654960 _____ (AVAST Software) C:\Users\Eyob Melesse\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2017-10-02 21:04 - 2017-10-02 21:17 - 000245616 _____ C:\WINDOWS\ntbtlog.txt
2017-10-02 21:04 - 2017-10-02 21:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-10-01 17:40 - 2017-10-03 19:47 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\Anki2
2017-09-30 10:53 - 2017-09-30 10:53 - 028953739 _____ C:\Users\Eyob Melesse\Downloads\anki-2.0.47.exe
2017-09-30 10:53 - 2017-09-30 10:53 - 000000788 _____ C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2017-09-30 10:53 - 2017-09-30 10:53 - 000000758 _____ C:\Users\Eyob Melesse\Desktop\Anki.lnk
2017-09-30 10:53 - 2017-09-30 10:53 - 000000000 ____D C:\Program Files (x86)\Anki
2017-09-28 15:45 - 2017-09-28 15:45 - 031641600 _____ C:\Users\Eyob Melesse\Downloads\EpicInstaller-6.3.0.msi
2017-09-28 15:40 - 2017-09-28 15:40 - 000000000 ___RD C:\Sandbox
2017-09-24 16:51 - 2017-09-24 16:51 - 000001500 _____ C:\Users\Eyob Melesse\Downloads\algebra2slover.zip
2017-09-24 14:20 - 2017-09-24 15:58 - 000001292 _____ C:\Users\Eyob Melesse\Desktop\nativelog.txt
2017-09-24 14:19 - 2017-09-24 14:19 - 014379150 _____ C:\Users\Eyob Melesse\Downloads\Wurst-Client-v6.12.1-MC1.12-OF.jar
2017-09-24 14:17 - 2017-09-24 14:18 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-09-24 14:17 - 2017-09-24 14:17 - 000001030 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-09-24 14:17 - 2017-09-24 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-09-24 14:16 - 2017-09-24 14:16 - 002314240 _____ C:\Users\Eyob Melesse\Downloads\MinecraftInstaller.msi
2017-09-17 19:04 - 2017-09-17 19:04 - 000305173 _____ C:\Users\Eyob Melesse\Downloads\Macros-Effects-1.zip
2017-09-17 19:04 - 2017-09-17 19:04 - 000043396 _____ C:\Users\Eyob Melesse\Downloads\PUBG-Macros-3.zip
2017-09-17 18:43 - 2017-09-17 18:43 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Romaco_Canada
2017-09-17 18:39 - 2017-09-17 18:39 - 000002589 _____ C:\Users\Public\Desktop\Romaco Timeout.lnk
2017-09-17 18:39 - 2017-09-17 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Romaco Canada
2017-09-17 18:39 - 2017-09-17 18:39 - 000000000 ____D C:\Program Files (x86)\Romaco Canada
2017-09-17 18:38 - 2017-09-17 18:38 - 002564758 _____ (Romaco Canada) C:\Users\Eyob Melesse\Downloads\Romaco Timeout 3.1.4.0 Installer.exe
2017-09-17 18:36 - 2017-09-17 18:37 - 000000000 ____D C:\ProgramData\Cold Turkey
2017-09-17 18:36 - 2017-09-17 18:36 - 000000000 ____D C:\Program Files\WinPcap
2017-09-17 18:34 - 2017-09-17 18:34 - 008839536 _____ (Cold Turkey Software Inc. ) C:\Users\Eyob Melesse\Downloads\Cold_Turkey_Installer.exe
2017-09-17 18:29 - 2017-09-17 15:58 - 000001063 _____ C:\Users\Eyob Melesse\Desktop\Settings_v0.ini
2017-09-17 13:01 - 2017-09-17 01:21 - 000141561 _____ C:\Users\Eyob Melesse\Desktop\110AD00901001001.profjce
2017-09-16 20:28 - 2017-09-16 20:28 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\SteamCrack
2017-09-16 20:28 - 2017-09-16 20:28 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\cache
2017-09-16 20:19 - 2017-09-16 20:45 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\Steamcrack
2017-09-16 01:11 - 2017-09-16 01:11 - 078071056 _____ (TeamSpeak Systems GmbH) C:\Users\Eyob Melesse\Downloads\TeamSpeak3-Client-win64-3.1.6.exe
2017-09-16 01:11 - 2017-09-16 01:11 - 000001305 _____ C:\Users\Eyob Melesse\Desktop\TeamSpeak 3 Client.lnk
2017-09-15 23:05 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-15 23:05 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-15 23:05 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-15 23:05 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-15 23:05 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-15 23:05 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-15 23:05 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-15 23:05 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-15 23:05 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-15 23:05 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-15 23:05 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-15 23:05 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-15 23:05 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-15 23:05 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-15 23:05 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-15 23:05 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-15 23:05 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-15 23:05 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-15 23:05 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-15 23:05 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-15 23:05 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-15 23:05 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-15 23:05 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-15 23:05 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-15 23:05 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-15 23:05 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-15 23:05 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-15 23:05 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-15 23:05 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-15 23:05 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-15 23:05 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-15 23:05 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-15 23:05 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-15 23:05 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-15 23:05 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-15 23:05 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-15 23:05 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-15 23:05 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-15 23:05 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-15 23:05 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-15 23:05 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-15 23:05 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-15 23:05 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-15 23:05 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-15 23:05 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-15 23:05 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-15 23:05 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-15 23:05 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-15 23:05 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-15 23:05 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-15 23:05 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-15 23:05 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-15 23:05 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-15 23:05 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-15 23:05 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-15 23:04 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-15 23:04 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-15 23:04 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-15 23:04 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-15 23:04 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-15 23:04 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-15 23:04 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-15 23:04 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-15 23:04 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-15 23:04 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-15 23:04 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-15 23:04 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-15 23:04 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-15 23:04 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-15 23:04 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-15 23:04 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-15 23:04 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-15 23:04 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-15 23:04 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-15 23:04 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-15 23:04 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-15 23:04 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-15 23:04 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-15 23:04 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-15 23:04 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-15 23:04 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-15 23:04 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-15 23:04 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-15 23:04 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-15 23:04 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-15 23:04 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-15 23:04 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-15 23:04 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-15 23:04 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-15 23:04 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-15 23:04 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-15 23:04 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-15 23:04 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-15 23:04 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-15 23:04 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-15 23:04 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-15 23:04 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-15 23:04 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-15 23:04 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-15 23:04 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-15 23:04 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-15 23:04 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-15 23:04 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-15 23:04 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-15 23:04 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-15 23:04 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-15 23:04 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-15 23:04 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-15 23:04 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-15 23:04 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-15 23:04 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-15 23:04 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-14 22:42 - 2017-09-14 22:42 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\EasyAntiCheat
2017-09-14 15:44 - 2017-09-29 15:44 - 000001688 _____ C:\WINDOWS\Sandboxie.ini
2017-09-14 15:44 - 2017-09-14 15:42 - 000000937 _____ C:\Users\Eyob Melesse\Desktop\Sandboxed Web Browser.lnk
2017-09-14 15:43 - 2017-09-14 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-09-14 15:42 - 2017-09-14 15:42 - 008981640 _____ (Sandboxie Holdings, LLC) C:\Users\Eyob Melesse\Downloads\SandboxieInstall.exe
2017-09-14 15:42 - 2017-09-14 15:42 - 000000000 ____D C:\Program Files\Sandboxie
2017-09-14 15:41 - 2017-09-14 15:42 - 000141758 _____ C:\TDSSKiller.3.1.0.15_14.09.2017_15.41.09_log.txt
2017-09-14 15:40 - 2017-09-14 15:40 - 000000366 _____ C:\TDSSKiller.3.1.0.11_14.09.2017_15.40.46_log.txt
2017-09-13 14:58 - 2017-09-13 15:32 - 000146616 _____ C:\Users\Eyob Melesse\Downloads\dual-enrollment-application.pdf
2017-09-12 18:06 - 2017-09-12 18:06 - 000000000 ____D C:\Users\Eyob Melesse\Documents\Electronic Arts
2017-09-12 13:45 - 2017-09-12 13:45 - 000002178 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2017-09-12 13:09 - 2017-09-12 13:09 - 000138430 _____ C:\Users\Eyob Melesse\Downloads\The.Sims.4.Deluxe.Edition.v1.25.136.1020.Incl.All.DLCs.&.Add-ons.MULTI17-Repack.torrent
2017-09-12 12:56 - 2017-09-12 14:15 - 3437428736 _____ C:\Users\Eyob Melesse\Desktop\codex-dragon.ball.xenoverse.2.iso
2017-09-12 12:56 - 2017-09-12 12:56 - 000057892 _____ C:\Users\Eyob Melesse\Downloads\Dragon.Ball.Xenoverse.2-CODEX.torrent
2017-09-11 21:21 - 2017-09-11 21:21 - 001467904 _____ () C:\Users\Eyob Melesse\Downloads\Loadlibrayy.exe
2017-09-11 21:21 - 2017-09-11 21:21 - 000044032 _____ C:\Users\Eyob Melesse\Downloads\TslGame_BATTLEGROUNDS.dll
2017-09-11 21:21 - 2017-09-11 21:21 - 000020768 _____ C:\Users\Eyob Melesse\Downloads\System.Runtime.CompilerServices.Unsafe.dll
2017-09-11 21:21 - 2017-09-11 21:21 - 000007229 _____ C:\Users\Eyob Melesse\Downloads\System.Runtime.CompilerServices.Unsafe.xml
2017-09-11 21:20 - 2017-09-11 21:21 - 000108032 _____ C:\Users\Eyob Melesse\Downloads\Loadlibrayy.pdb
2017-09-11 21:20 - 2017-09-11 21:20 - 000000186 _____ C:\Users\Eyob Melesse\Downloads\Loadlibrayy.exe.config
2017-09-10 19:34 - 2017-09-10 19:53 - 001112398 _____ C:\TDSSKiller.3.1.0.15_10.09.2017_19.34.01_log.txt
2017-09-10 19:31 - 2017-09-10 19:31 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-09-10 19:27 - 2017-09-10 19:31 - 000283528 _____ C:\TDSSKiller.3.1.0.15_10.09.2017_19.27.09_log.txt
2017-09-10 19:27 - 2017-09-10 19:27 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Eyob Melesse\Downloads\tdsskiller.exe
2017-09-09 20:25 - 2017-09-10 23:53 - 004833205 _____ C:\Users\Eyob Melesse\Desktop\loadlibrayy-master bypass.rar
2017-09-08 09:00 - 2017-09-08 09:00 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-09-08 08:59 - 2017-09-08 09:00 - 010820032 _____ (SurfRight B.V.) C:\Users\Eyob Melesse\Desktop\HitmanPro_x64.exe
2017-09-08 08:59 - 2014-03-20 17:36 - 000668672 _____ C:\Users\Eyob Melesse\Desktop\HitmanPro Universal Crack (64 bit).exe
2017-09-07 22:04 - 2017-09-07 22:04 - 003251696 _____ (Blizzard Entertainment) C:\Users\Eyob Melesse\Downloads\Overwatch-Setup.exe
2017-09-07 17:58 - 2017-09-07 17:58 - 002054090 _____ C:\Users\Eyob Melesse\Downloads\video.mov
2017-09-07 16:59 - 2017-09-07 17:00 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\PUBG LAGSWITCH
2017-09-06 00:37 - 2017-09-05 06:11 - 000056872 _____ (HEXA Desktop SoftWare) C:\Users\Eyobwvhdqsgr64.sys
2017-09-06 00:37 - 2017-09-05 06:10 - 000704872 _____ (DeskTop SoftWare) C:\Users\Eyobmultitask64.dat
2017-09-06 00:37 - 2017-09-05 06:10 - 000601448 _____ (DeskTop SoftWare) C:\Users\Eyobmultitask.dat
2017-09-05 18:10 - 2017-09-05 18:10 - 002873112 _____ (Reason Company Software Inc.) C:\Users\Eyob Melesse\Downloads\herdProtectScan_Setup(1).exe
2017-09-05 18:10 - 2017-09-05 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2017-09-05 15:41 - 2017-09-05 15:41 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-09-05 15:41 - 2017-09-05 15:41 - 000000000 ____D C:\ProgramData\Sophos
2017-09-05 15:41 - 2017-09-05 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-09-05 15:41 - 2017-09-05 15:41 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-09-05 15:38 - 2017-09-05 15:38 - 175519016 _____ (Sophos Limited) C:\Users\Eyob Melesse\Downloads\Sophos Virus Removal Tool.exe
2017-09-05 15:34 - 2017-09-05 15:34 - 000380928 _____ C:\Users\Eyob Melesse\Downloads\2syd5j5z.exe
2017-09-05 10:11 - 2017-09-05 10:11 - 000000000 ____D C:\hello
2017-09-05 10:07 - 2017-09-05 10:07 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-09-05 10:07 - 2017-09-05 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ Build Tools
2017-09-05 10:07 - 2017-09-05 10:07 - 000000000 ____D C:\Program Files\Application Verifier
2017-09-05 10:07 - 2017-09-05 10:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual C++ Build Tools
2017-09-05 10:07 - 2017-09-05 10:07 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-09-05 10:06 - 2017-09-05 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-09-05 10:05 - 2017-09-05 10:06 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-09-05 10:05 - 2017-09-05 10:05 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-09-05 10:04 - 2017-09-05 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2017-09-05 10:04 - 2017-09-05 10:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-09-05 09:59 - 2017-09-05 09:59 - 003287928 _____ (Microsoft Corporation) C:\Users\Eyob Melesse\Downloads\visualcppbuildtools_full.exe
2017-09-04 11:59 - 2017-09-04 11:59 - 000073511 _____ C:\Users\Eyob Melesse\Downloads\yehn Eyut.xlsx - Sheet1.pdf
2017-09-04 11:37 - 2017-08-22 10:44 - 001090048 _____ C:\Users\Eyob Melesse\Desktop\Basic Recoil.exe
2017-09-04 02:17 - 2017-09-11 22:25 - 000046400 _____ (CPUID) C:\WINDOWS\system32\Drivers\cpuz141.sys
2017-09-04 02:11 - 2017-09-04 02:41 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\XENOS INJECTOR
2017-09-04 02:11 - 2017-09-04 02:11 - 014360863 _____ C:\Users\Eyob Melesse\Downloads\Xenos Injector v2.2.0_mpgh.net.zip
2017-09-04 01:28 - 2017-09-04 01:28 - 000114009 _____ C:\Users\Eyob Melesse\Downloads\simplenr_mpgh.net.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-03 19:01 - 2017-05-20 15:22 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\Spotify
2017-10-03 18:58 - 2017-06-03 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-03 12:25 - 2017-06-03 16:39 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-03 02:00 - 2016-08-20 19:26 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Adobe
2017-10-02 21:43 - 2016-09-03 16:24 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-02 21:39 - 2016-09-03 21:56 - 000000000 ____D C:\AdwCleaner
2017-10-02 21:25 - 2017-06-03 16:53 - 001664528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-02 21:21 - 2016-08-21 13:18 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\CrashDumps
2017-10-02 21:20 - 2017-05-28 18:39 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-10-02 21:18 - 2017-06-03 16:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-02 21:03 - 2017-03-18 07:40 - 114032640 _____ C:\WINDOWS\system32\config\BBI
2017-10-02 19:44 - 2016-08-21 02:42 - 000000000 ____D C:\Users\Eyob Melesse\Documents\ShareX
2017-10-02 19:10 - 2017-08-13 17:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-02 19:10 - 2016-08-21 11:46 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\discord
2017-10-02 19:10 - 2016-08-21 02:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-02 19:09 - 2016-08-21 02:39 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-02 19:07 - 2017-05-28 18:40 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Battle.net
2017-10-02 19:06 - 2017-05-20 15:23 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Spotify
2017-10-02 10:23 - 2017-09-02 20:29 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\Soundboard
2017-09-30 20:10 - 2017-07-31 23:57 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-09-29 13:33 - 2016-08-21 02:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-29 07:07 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-29 07:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-27 20:18 - 2016-08-21 01:46 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Packages
2017-09-24 15:58 - 2016-08-21 02:42 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\.minecraft
2017-09-22 23:40 - 2017-07-26 21:33 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1084774566-2120172311-3928770883-1001
2017-09-22 23:40 - 2016-08-21 01:49 - 000002388 _____ C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-22 23:40 - 2016-08-21 01:49 - 000000000 ___RD C:\Users\Eyob Melesse\OneDrive
2017-09-19 05:02 - 2016-08-21 20:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-17 19:59 - 2017-07-19 04:15 - 000000000 ____D C:\Program Files (x86)\Black Desert Online
2017-09-17 18:38 - 2016-10-07 13:11 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Downloaded Installations
2017-09-17 18:25 - 2016-11-18 03:24 - 000000000 ____D C:\Users\Eyob Melesse\AppData\LocalLow\Mozilla
2017-09-17 13:03 - 2016-08-21 11:48 - 000773672 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-09-17 12:48 - 2016-08-24 19:45 - 000000000 ____D C:\Users\Eyob Melesse\Documents\Games
2017-09-16 19:40 - 2017-06-03 16:41 - 000000000 ____D C:\Users\Eyob Melesse
2017-09-16 19:24 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-16 19:12 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-16 19:10 - 2016-08-21 01:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-16 19:09 - 2017-06-03 16:37 - 000390736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-16 19:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-16 19:06 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-16 19:06 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-16 01:13 - 2016-08-21 12:42 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\TS3Client
2017-09-16 01:12 - 2017-06-05 00:46 - 000000324 _____ C:\Users\Eyob Melesse\Documents\ClownfishVoiceChanger.ini
2017-09-16 01:12 - 2017-06-05 00:45 - 000000000 ____D C:\Program Files (x86)\ClownfishVoiceChanger
2017-09-16 01:11 - 2016-08-21 11:44 - 000001263 _____ C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-09-16 01:11 - 2016-08-21 11:44 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\TeamSpeak 3 Client
2017-09-15 23:11 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-15 17:26 - 2017-05-28 18:42 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-14 15:55 - 2016-09-04 08:36 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\MalwareRemoval
2017-09-13 22:08 - 2016-08-20 17:37 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-09-13 19:53 - 2016-08-21 05:02 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 19:53 - 2016-08-21 05:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 12:27 - 2016-08-21 11:04 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\uTorrent
2017-09-13 12:26 - 2017-06-07 14:36 - 000000000 ____D C:\Users\Eyob Melesse\AppData\LocalLow\uTorrent
2017-09-10 17:16 - 2016-09-03 00:51 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-08 19:00 - 2017-06-03 16:39 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-08 17:18 - 2016-08-25 22:02 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Ubisoft Game Launcher
2017-09-08 09:01 - 2016-09-04 11:29 - 000032512 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-09-08 09:00 - 2016-09-04 09:49 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-08 08:57 - 2016-09-04 09:48 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-08 08:51 - 2017-07-19 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert Online
2017-09-08 08:51 - 2017-07-17 21:16 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-09-08 08:51 - 2017-07-07 01:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-09-08 08:51 - 2017-05-28 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-09-08 08:51 - 2017-04-19 21:53 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-09-08 08:51 - 2016-09-04 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2017-09-07 22:05 - 2017-07-07 01:23 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2017-09-07 17:43 - 2017-06-03 16:39 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-07 17:43 - 2016-09-24 00:51 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-09-07 17:42 - 2017-06-16 17:55 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:56 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:56 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:56 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:56 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:56 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:56 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:56 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-07 17:42 - 2017-06-03 16:39 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-07 12:27 - 2017-02-10 19:29 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-09-06 00:37 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-09-05 10:07 - 2016-08-21 02:08 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-05 10:05 - 2017-06-03 20:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-05 10:03 - 2017-08-10 03:20 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-05 10:03 - 2017-08-10 03:18 - 000000000 ____D C:\Program Files (x86)\mbar
2017-09-05 09:40 - 2016-08-21 02:41 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-09-03 16:27 - 2017-05-28 18:55 - 000000000 ____D C:\Users\Eyob Melesse\Documents\Overwatch
2017-09-03 11:13 - 2016-08-20 17:22 - 000000000 ____D C:\Users\Eyob Melesse\Documents\BYOND
2017-09-03 01:12 - 2016-10-02 17:47 - 000038368 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys

==================== Files in the root of some directories =======

2017-02-16 23:02 - 2017-02-16 23:03 - 022803992 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-05-11 18:48 - 2017-05-11 18:49 - 000000240 _____ () C:\Users\Eyob Melesse\AppData\Roaming\My Profile.xml
2017-02-18 22:14 - 2017-02-18 22:27 - 000000600 _____ () C:\Users\Eyob Melesse\AppData\Local\PUTTY.RND
2017-07-31 23:04 - 2017-08-11 03:39 - 000007595 _____ () C:\Users\Eyob Melesse\AppData\Local\Resmon.ResmonCfg
2017-01-16 23:02 - 2016-11-23 09:37 - 000000570 _____ () C:\Users\Eyob Melesse\AppData\Local\TroubleshooterConfig.json
2017-03-08 17:02 - 2017-03-08 18:06 - 000000178 _____ () C:\Users\Eyob Melesse\AppData\Local\uts.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2017-09-30 17:57

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2017 01
Ran by Eyob Melesse (03-10-2017 19:48:14)
Running from C:\Users\Eyob Melesse\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-03 21:03:24)
Boot Mode: Normal
==========================================================

ADDITION.txt

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E86A84FD-EF05-40A6-8826-693E4DBB5D16}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{3C0FACBA-53B9-4FFF-BFB6-38366D7700EE}) (Version: 2.8.2.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASRock Restart to UEFI v1.0.5 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version: 1.0.5 - )
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.6 - Kakao Games Europe B.V.)
Blackboard Collaborate Launcher (HKLM-x32\...\{2F761D1D-370D-467D-B7B2-21232FC37DA4}) (Version: 1.6.3.0 - Blackboard)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueJ (HKLM-x32\...\{691272B9-70BF-4A5C-B764-65BA7E2E654E}) (Version: 4.0.1 - BlueJ Team)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
BYOND (HKLM-x32\...\BYOND) (Version: 511.1385 - BYOND)
calibre 64bit (HKLM\...\{F12B37DA-4B58-48B7-9557-F51E9D62C898}) (Version: 3.6.0 - Kovid Goyal)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CrystalDiskInfo 7.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version:  - IO Interactive)
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version:  - IO Interactive)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Network Connections 21.0.504.0 (HKLM\...\PROSetDX) (Version: 21.0.504.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{c6d89415-9575-4fe3-aa1b-2047bd4dd6cb}) (Version: 2.8.2.2 - Intel)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Killing Floor (HKLM\...\Steam App 1250) (Version:  - Tripwire Interactive)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Exploit version 1.10.1.24 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.1.24 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Payne 3 (HKLM\...\Steam App 204100) (Version:  - Rockstar Studios)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft RS Import (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Microsoft RS Import) (Version: 2.4.36.6 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Build Tools (HKLM-x32\...\{a9528995-e130-4501-ae19-bbfaddb779cc}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Nmap 7.60 (HKLM-x32\...\Nmap) (Version: 7.60 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Npcap 0.93 (HKLM-x32\...\NpcapInst) (Version: 0.93 - Nmap Project)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\OpenIV) (Version: 2.9.907 - .black/OpenIV Team)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PuTTY release 0.67 (HKLM-x32\...\PuTTY_is1) (Version: 0.67 - Simon Tatham)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Resanance (HKLM\...\{07BB6181-E1D0-4283-87D0-BE4819535A3C}) (Version: 2.1.3 - WasntAFairFight)
ROBLOX Player for Eyob Melesse (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
Romaco Timeout (HKLM-x32\...\{ADDD2D34-1945-4D89-9433-A34DF61E5AE9}) (Version: 3.1.4 - Romaco Canada)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.8.0 - ShareX Team)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version:  - The SKSE Team)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Spotify) (Version: 1.0.64.399.g4637b02a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Styx Shards of Darkness (HKLM-x32\...\Styx Shards of Darkness_is1) (Version:  - )
SuperF4 (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\SuperF4) (Version: 1.3 - Stefan Sundin)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
The Escapists 2 (HKLM-x32\...\The Escapists 2_is1) (Version:  - )
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
This War of Mine (HKLM\...\Steam App 282070) (Version:  - 11 bit studios)
TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
Tom Clancy's Splinter Cell Blacklist (HKLM\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version:  - The Creative Assembly)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Victoria II (HKLM\...\Steam App 42960) (Version:  - Paradox Development Studio)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1084774566-2120172311-3928770883-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-251AEC4769CA}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1084774566-2120172311-3928770883-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14C936AF-F6BB-43F6-A40F-6FD2554D9769} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {1F29C243-B65A-4277-8F61-C2B9D1BFD1E7} - System32\Tasks\AdobeAAMUpdater-1.0-EYOB-DESKTOP-Eyob Melesse => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {20EF7200-329D-4F5B-A130-4817C4F4E399} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {2F04F065-3B88-445A-AF4B-F65E4F4381B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {362BA24B-3E7B-43E8-84CB-0D9DF3CDF14F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {3A48027A-3699-4157-A817-8E93F20A05CC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {42B0141D-B1E3-45ED-9C3F-12F3ED4D5D54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {463D37A5-1BCB-4E94-AAB7-DDA8F191DB8F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-19] (Microsoft Corporation)
Task: {62170999-8F9E-4ED1-8E49-9D5DBDE5C537} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {76C4BDD9-0672-4E38-93EF-A46C113393CF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
Task: {8107E736-9457-4903-8FAF-B1E526575755} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {817BE026-EA47-4B0D-8293-693B2DB4C556} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {8305B809-E437-459F-8855-91F932FB2ACB} - System32\Tasks\Demons PDF Burner Enterprise x => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Demons PDF Burner Enterprise x\Demons PDF Burner Enterprise x.dll",iizfQuZyffJM <==== ATTENTION
Task: {91696D45-DC3F-42B1-AFDE-B29D0CF7998D} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
Task: {9386ADC0-49D9-4052-B1E2-8216613BCF9E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {95FB60AC-98DE-4CF5-9A6B-69773B5E96B0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {AEE46239-0E4C-4A0C-9C4A-DD420C607E68} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {B2DFBE62-98CF-4457-9B6D-736183E4A232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {BC2E69F6-71A1-4477-9BE9-6D4DB525D005} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {C529900D-73F0-49C6-9F4C-0C067B72BB4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {CA4D8A18-81C1-42FD-9ACF-65DAB4284613} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {DA079853-6FB8-46C8-B18E-822E1F820D7B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-28] (Adobe Systems Incorporated)
Task: {EDA5F9B3-6F2B-4A9E-B467-F643FB6D237B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
Task: {FE6AA279-37E4-4216-877F-8BDEBFC56C23} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb

==================== Loaded Modules (Whitelisted) ==============

2016-09-10 18:52 - 2017-08-18 00:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-25 10:57 - 2016-10-25 10:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-21 20:29 - 2017-09-19 05:02 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-17 18:42 - 2016-05-17 18:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-08-03 11:45 - 2016-08-03 11:45 - 000052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 003826176 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2017-04-07 19:30 - 2017-04-07 19:30 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-20 15:22 - 2017-10-02 19:06 - 071818864 _____ () C:\Users\Eyob Melesse\AppData\Roaming\Spotify\libcef.dll
2017-05-20 15:22 - 2017-10-02 19:06 - 002969200 _____ () C:\Users\Eyob Melesse\AppData\Roaming\Spotify\libglesv2.dll
2017-05-20 15:22 - 2017-10-02 19:06 - 000086640 _____ () C:\Users\Eyob Melesse\AppData\Roaming\Spotify\libegl.dll
2016-09-10 18:52 - 2017-08-18 00:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Eyob Melesse\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33068940.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33068940.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\sharepoint.com -> hxxps://ocpsfl-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-08-22 22:01 - 000020334 _____ C:\WINDOWS\system32\Drivers\etc\hosts

95.183.50.10 wiiu.titlekeys.com
95.183.50.10 3ds.titlekeys.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de

There are 547 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "Windscribe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E383535F-0A4F-4433-A72D-CC529FAC26B0}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{8DB06FCE-77F1-4F72-B3AD-19E0817E0CD8}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E36CB559-902C-4F58-AD54-0413CAA2F2BB}C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5B6FB490-1C41-4B55-B8E6-864F301EEBE3}C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AA67189-5CBE-49BA-89DE-4AE047F4B111}C:\users\eyob melesse\desktop\wiiu_usb_helper.exe] => (Allow) C:\users\eyob melesse\desktop\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{9F6DC747-9578-4D7F-B849-A8B72872C339}C:\users\eyob melesse\desktop\wiiu_usb_helper.exe] => (Allow) C:\users\eyob melesse\desktop\wiiu_usb_helper.exe
FirewallRules: [UDP Query User{DFF930BF-C0D6-4D24-9568-A7DEB89F7E65}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{DCED6299-1E40-469B-9916-3FFAB591B0B3}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{41E69AF1-074A-4B01-A143-F341320AAABA}C:\program files (x86)\byond\bin\dreamdaemon.exe] => (Allow) C:\program files (x86)\byond\bin\dreamdaemon.exe
FirewallRules: [TCP Query User{AE254266-ED94-4253-8842-481A0F576C5A}C:\program files (x86)\byond\bin\dreamdaemon.exe] => (Allow) C:\program files (x86)\byond\bin\dreamdaemon.exe
FirewallRules: [{3E0CB29C-3E27-411D-9190-9D315227627C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{66BB4450-5BD6-4782-8DC1-43AF10444A30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [UDP Query User{EAB3E325-3E3C-4D25-8115-95500336AA1A}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [TCP Query User{FC20D95D-6A33-4F00-938C-0C88E87D7346}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{688B8D07-69CE-4235-AFF8-FD8EB39B3E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{A2BECCE5-DC4B-48B1-908D-FE36B34BA5A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [UDP Query User{21EBC226-2706-4373-8EEB-E9289E6F8928}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [TCP Query User{46FE3DE2-9EAB-4683-B519-F1EFD1F5F800}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{98E65FC3-DE07-44EB-A99A-9F1552E33B45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{2E03CB0C-FFFD-45E7-A559-1164647052DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{6FFDCECA-FCF5-465B-932E-2A30DB06EA9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{5FBC7654-1AFB-40A0-AFEF-DFC81E8BFA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{11EEE8FF-DE36-44BD-B836-CC2033F4314A}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{7271173C-B526-4D0F-8983-8B5859D97C93}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{FD1E61DB-74C2-47E7-8DED-6842103C5AC1}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{C8896DD3-0959-4E97-B518-06B1CA35D6DD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{BB1BDC03-F9F1-4455-99D1-0401D4DE3BF6}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{ADE09A0C-E10B-4C6D-A7FE-2AACD366B151}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1D404A3D-6560-49FB-9967-4EA5ACDCC4BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{37DEF1FF-FBB6-4147-9E56-50D02E5E14BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{6A18C236-D573-48A1-92E2-34A4A4BEEEF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{4DC838A5-A019-49BE-A590-84FE79B23BD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{481A34EF-0105-49DD-8A29-7BAB87C0078A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{812DD9EA-41DC-432E-B8BD-FB962A8B919E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{40756AC2-6901-4AAA-B8C2-CDCFA5F0B9C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{1D19B1F5-206A-49E0-8E86-24916F90F972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{7881A146-A239-486E-8798-1D046E150260}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{2C9D015E-44F5-43AF-AEB8-1D9EF947B8F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{8852BE44-B6D9-42A6-949D-1BCAFCEBAEBE}C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [TCP Query User{A0A32A3F-15C2-47E1-B3FC-F2B53ECF7C18}C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{596BE240-7EC2-4996-869A-81CFC28662F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{D3D510DB-E881-4509-B35F-456DCE1FB807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{A05D1D40-D1EA-4DB4-814B-122B79E7EA32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{7340C089-941A-46A7-B179-4757A3EBD41E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{019518A3-5286-4728-8276-F974816DE861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{1AF01E8E-8884-4EBF-A469-7D8C0D1F00CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{36F5F811-373D-4AFD-A884-5E8F2196A66C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{CF023513-787F-4D43-943E-7EB88D58CACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{35B2FA33-2A21-4A67-8E7E-4DF529E29DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{3C2A2809-D17A-436D-9002-0E7225BF0032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{CB69A847-CC6A-4744-B748-81F30B4BDFCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0B4603A8-A96D-4008-9239-0294CB8EF791}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7FAB2AD2-111C-4178-A30F-FBBCD6485B45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5CC5DA87-1284-4EBA-A48A-9E3010924B5A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{93953DD3-F845-4A7A-AD35-6208851A8882}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{D5794A84-C0DB-491B-AA13-FDC2192625A6}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{D12F3AB9-ED14-4BF4-8082-1A5D4215DB68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0BAC5A9C-DF25-4F00-B67D-359C221B23CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [UDP Query User{9FA3A198-55C8-4549-95EE-ED978FF2EEC5}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{1A362E31-1AE4-4C75-B6DF-8584349B7CE5}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7AFB749A-A5BD-432F-A3C7-29F45E51A7E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{45219308-DDAC-42EE-A027-C4B2029C8F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [UDP Query User{FEEA91C5-0B9B-4B4C-A599-A1BB5A014302}C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [TCP Query User{E4C4CA05-D374-46A4-BCAD-2EDB4EDFDE16}C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [{9AB1ED5B-1E40-408B-A01D-E2F44F520C96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{860DB259-4A9E-4DD6-9EA1-62B3C4D2D8DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{381344D7-01DC-4CEC-87D1-E28DD0672C44}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [{362D100D-B610-490C-A535-9D3820BF3C61}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [{82AE6093-3ACD-41A9-8803-2B49D909D506}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [{68BF65F0-B1EB-4B10-87A4-BEA0AFBA2EFF}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [UDP Query User{756F1F22-6765-4BAC-9850-6CF8E7397843}C:\users\eyob melesse\desktop\starbound\win64\starbound.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound.exe
FirewallRules: [TCP Query User{967D21A3-8E2F-42BE-9439-007C734F95FA}C:\users\eyob melesse\desktop\starbound\win64\starbound.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound.exe
FirewallRules: [UDP Query User{EAF4BBB9-782D-4175-94B8-EF228325488B}C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe
FirewallRules: [TCP Query User{76E6BD96-A175-4561-AF35-5FA9FA27E913}C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe
FirewallRules: [{3C463490-102F-492A-B663-B3400E74FF92}] => (Allow) C:\Users\Eyob Melesse\Desktop\Heroes & Generals\live\hng.exe
FirewallRules: [{091338C9-FAEE-45E6-B20B-B8680DE86C5F}] => (Allow) C:\Users\Eyob Melesse\Desktop\Heroes & Generals\live\hng.exe
FirewallRules: [UDP Query User{931F4758-32E9-4E67-8F5C-7DFA9703ABBC}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{A7FC45D1-8A4A-446E-BBF1-A5B1672B2AC6}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0290A7AE-62DB-467F-8B40-0F619FD0A050}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{FD44872E-C275-4F81-86D5-9D6A5C6C7685}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{9ECB9CFF-3C5D-406F-8476-28A874D02900}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{CF39D91B-6FF5-4771-84F4-5F472AC3E430}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{169099CA-A0D1-405F-8E07-567F79B3FE3A}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{6D44A29B-7786-4910-B3ED-86057AB6BFCE}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{6955F966-799D-43E2-8B58-3791E81C7913}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{D3FEDE0D-0110-4EA6-B262-B12A04576C81}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{A2B72CA8-CF9E-4DCB-8FF2-5627EB01EE1B}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{ED229A58-EA6A-4ACD-9417-4D772A3C235A}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{617DDE3B-16E7-44D6-A182-3823DF1BBAB8}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [{0D784AD1-0A1A-4D8A-AA05-1AA388B41E45}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [UDP Query User{6D520C52-993E-4B0E-B833-1D90BABF9440}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [TCP Query User{78374A2C-C58E-4A79-8CA2-39F833854FFD}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [{F50D795E-C9F4-42CB-A5A4-2FE87F2BAA3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{2C09A412-0FA9-4762-AB98-91BE5A8A8EDF}C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe] => (Block) C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe
FirewallRules: [TCP Query User{D66C6AB5-5161-4C34-9960-CDB1545ECAEA}C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe] => (Block) C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe
FirewallRules: [{D47885B8-5DFA-4074-89A3-F0231029200D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{870A6D73-F4F8-4111-83CC-DBF872BBB54E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{37792C4B-3AA0-48DA-9629-C63F7E3DB2C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{7EFA60F2-D5E7-479B-B972-51B8B63483BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{CEAEE93C-A840-47B8-9052-08C63EFB2E94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{6D5C3531-6880-4A06-8359-CAF656F3568A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{AE6CA490-8593-4083-93D4-96131A5C856D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{A5068DC6-1F46-46E3-BD17-AEE6DAB7942E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [UDP Query User{1E64E349-B71A-4B06-901C-110321BBECA4}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [TCP Query User{01CBC976-DFA5-49D2-A5C9-40C2D2F38557}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{52A3C917-6AFF-4CE0-BC57-77606BF4E06F}C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [TCP Query User{1D83DB93-27BC-4683-BE3B-E6C51A7F9828}C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [UDP Query User{9B8BFA74-A9BC-4A68-9078-D82B8F0A2A43}C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [TCP Query User{AC26B9FF-D36E-45A0-A2D8-64E82306C884}C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{019E74B1-C6E8-4A1C-B330-2CF0EE2470C3}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{E6394A40-BE09-4F3A-9430-B62A9901FE91}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{84636135-81AD-40BD-9304-1B7C69ED9BC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7972478-D84D-4FF3-BB1B-B121ADD3FD1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17CB22BD-4438-4168-9C84-AFCC03C4C50B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B29CA33B-09F5-4E92-87C6-B292F0601663}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F1B7723E-A851-47D8-B9C2-2DFB006FABEC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F0189FB-F337-4EA1-9D53-803B8C2C164F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1275F9B2-5F3D-4FD7-8729-56BC078A6CB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{1042160E-F929-4810-AD04-7AA7A1701270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{F950F6EF-7E31-44E4-A1B9-674EC91501F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F991F16F-11C4-4378-8C64-2158C02D346B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [TCP Query User{9AB7C394-89D5-45D4-A3A9-EE13C398B9E0}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [UDP Query User{F3F5FD7E-4273-467E-B36C-30A19F7F375B}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [TCP Query User{F39333EA-F43A-49F9-80FE-39EFDEC768C5}C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{28458BE3-2330-499D-B4AB-8BCBF89AEBEE}C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{BF39351F-11EB-4AD9-BCCA-5644CB1A045D}] => (Allow) C:\Users\Eyob Melesse\Desktop\Don't Starve Together New\bin\dontstarve_steam.exe
FirewallRules: [{9AD9DA9D-04A9-4D55-BD9C-C96B6A4B6E26}] => (Allow) C:\Users\Eyob Melesse\Desktop\Don't Starve Together New\bin\dontstarve_steam.exe
FirewallRules: [{8A86BAAC-F48B-4F36-A5A1-90E9063CF31B}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{06469D59-5047-49B3-8A0C-E1FA3F312313}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D7254F3F-9791-439E-90FD-A3793A065DCF}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{544A17C7-642D-437C-9BFC-208FBA6283EB}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3C805F21-E4FA-4EA5-87C6-DE72ABDD5513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{93F10934-68C1-4277-A6C2-9F4CA238A737}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{B5B56147-8B44-45FD-9C27-238B20A06705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{30510DA0-F7EA-4CD3-BF18-D8E0CF906962}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{56D369C7-85D8-40FB-BFD6-D42199E1CE7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{223AB4FB-10BF-400E-A9A0-49B56FC7F4CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{7B44D69D-A004-40DB-9A21-F0E987063591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3DF88FF3-788C-4A62-98E2-11510BCFFE75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{25437533-5066-4D1E-9A68-06EF3154575F}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{61937581-A8EF-49CF-9ECA-BAF19F1F1BDD}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C2D535B-5ABD-4C3E-9686-E91DCB5B4B62}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA9B7AAC-4204-4B19-A36C-F6F7C0D54EB0}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{980E877E-98CE-4EEB-9DB6-F97D3D58E198}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C240FB7-AB61-4CCF-A29B-04D119C4A1E7}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8C181960-BDBA-4956-AA40-9FB1B49F8A3D}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{DC32334B-26CD-438B-8CF5-AB3CC3449578}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{D0AADE20-14ED-4907-895D-E3FCFD86CAC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{B9E73E5A-7647-4E43-AE8D-2B7D5D6106F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [TCP Query User{8839B142-D7AD-40B3-AC8F-0107DD81D1A8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B25B551B-3AEC-4768-A0EF-34102897D374}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{11039CA9-FD30-45CE-BD55-19657E59A8D5}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{2F71CA1C-A6CE-4FE8-A8AF-C0FFC950B0EE}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{916C1B9C-06EE-45A2-95CA-1549A8503B03}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{69FA34FB-E3D5-45D1-A253-264D05DE1928}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FC00D973-CB46-40FA-9256-DE6AA3EFB290}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6A9FEC62-98F6-4543-8BD4-9DF62ED715BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{169F90BE-CA03-43C5-A55C-73923907457D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{3C5FF36C-2686-4837-8224-BA2260D8E766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{5380B656-9D04-4553-8498-8C6D35C4481F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{814DA41F-4BF6-4B09-9074-388005325483}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [TCP Query User{118BF2F1-DF83-4539-A8E2-88F1EA9B743C}C:\users\eyob melesse\desktop\move or die\love\win\love.exe] => (Allow) C:\users\eyob melesse\desktop\move or die\love\win\love.exe
FirewallRules: [UDP Query User{4C860285-CEA7-44E1-AA4C-4C1A5516FE25}C:\users\eyob melesse\desktop\move or die\love\win\love.exe] => (Allow) C:\users\eyob melesse\desktop\move or die\love\win\love.exe
FirewallRules: [{79EACDC6-BBD7-4C08-BA66-4D22CD87B1B6}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [{4102E61D-B3E4-49F5-93A2-06581697350D}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [{8E001CFF-D9B3-44F1-916D-B3FFCD236CB6}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [{16C46408-9C5E-45E1-BF79-2479A64C9882}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [TCP Query User{669B4501-564A-4C04-87AC-02B342F52D5E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{FD63B02D-470C-43C4-839F-A3ECEE2C04ED}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{F384D003-6305-4E01-B329-B9705E9E9271}] => (Allow) C:\Program Files (x86)\salivated\agassi.exe
FirewallRules: [{2BA341F8-686A-49F7-BB80-2E329EEE8584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{726D1EB8-044D-4BB9-9361-DF93388ABD4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{414509D7-6182-4BBA-96A1-ED2CE9E4EE5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{CCFE4C72-9406-46B5-855F-998BACB72E47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{DEB0B384-4A9E-43A3-BC0E-B8DAE4E6EBA9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6F69B7C9-5ED9-4E73-A9B7-B4CD76558CF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{66950234-4D92-4174-B891-3CA6F43770D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E585C7E3-9F2F-47F6-B32C-01A0FB4BB9F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{A38E988D-DD8E-42DC-9085-0778F84AD5B1}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{864C5167-E084-4B70-890C-7063B2AA12CF}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{D58C8FC5-D1F6-482A-B9C3-3D51176190F7}C:\games\nba 2k17\nba2k17.exe] => (Allow) C:\games\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{49D17B33-EACA-49EC-8F11-4826F5B79E87}C:\games\nba 2k17\nba2k17.exe] => (Allow) C:\games\nba 2k17\nba2k17.exe
FirewallRules: [{B495642F-6CB0-40D6-9BBE-24FB5777E53B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{9CE0680A-D31A-431A-A6F4-47C358FB0152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{BB10EB2D-E8A1-436B-8EB4-60D8D30D0807}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EFA7D3A8-5DEE-47FD-BCE5-51F891CBF07D}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{E4C30877-F237-4568-92E4-89C92FCB5F17}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{A7462FD9-7B3D-42E5-B5F5-D3D490A6B332}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{C02DDBB3-958E-42A9-9C81-D58745F1303A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{674AC681-6AF4-41DB-83DF-8EFDB90D468E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{577B118E-F8AB-4AC6-84CC-2C3111C3BB2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8E3120E3-D40A-41FF-9836-5C443F4F9373}] => (Allow) C:\Users\Eyob Melesse\Downloads\bin\BlackDesert32.exe
FirewallRules: [{1263DF1D-92A1-44B5-AE54-520C42EC5133}] => (Allow) C:\Users\Eyob Melesse\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{840B4533-5C87-4725-835B-1E72473BF441}] => (Allow) C:\Users\Eyob Melesse\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{5CC86ADB-8967-4C8B-A404-5076ACF5813A}] => (Allow) C:\Users\Eyob Melesse\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{447FD021-7DCC-4D98-BA45-112088835972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{FCEA1768-1937-436E-BF65-466280361D15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{C31F2946-15B2-435C-AE0D-A596F8FD3E75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{16358B66-9CC9-4452-B59A-95AE03A71C6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [TCP Query User{37845A47-E14D-4A0C-8E3A-369E670B43AD}C:\program files (x86)\gamezbd launcher\gamezbdo.exe] => (Allow) C:\program files (x86)\gamezbd launcher\gamezbdo.exe
FirewallRules: [UDP Query User{D64FE380-2A43-4CDD-A01F-177ACBD17576}C:\program files (x86)\gamezbd launcher\gamezbdo.exe] => (Allow) C:\program files (x86)\gamezbd launcher\gamezbdo.exe
FirewallRules: [{0F9040EB-1B7F-40C9-9788-6523BD83F78D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7E143272-EC21-4075-AB76-DBC92E2C0D6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{59202214-BC7F-4F43-9596-844997A71D9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CAB79284-68C9-4678-AD02-D6D9539FDD46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4DC1AE7D-643E-4499-8384-BC7528351AE7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{36AA7AEA-CF2C-41B6-9191-B8A48330C6C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E1F204EA-B48A-462B-8F02-4B7A4CD57DBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1F0825EA-F864-40B6-95F2-4143E9E054EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BF689E79-3E84-4322-8045-5B7F7709EEEE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{4F4BDC9E-3179-4BA8-9047-5DA0FDB31BC2}C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe] => (Allow) C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe
FirewallRules: [UDP Query User{584A97CB-FCEC-4F0F-B3B4-F285A673D2FA}C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe] => (Allow) C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe
FirewallRules: [{26F92EA2-FD93-44C2-9D4B-9AE74492D043}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{864ECADE-D780-40C5-9CEA-FFF6E404D59C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{3026F245-7ED5-4AC9-B007-28ABB00938DB}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{C76D1E1B-06D2-4B14-BFB0-BAC876432512}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{CC6D5FE8-7941-45E8-A4C7-2B9630ADCBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{B8B45CC3-6055-47E5-B26C-39F7E8627D64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{E3699A74-6ABF-4915-B0F5-800B0FA233C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3AAD002F-F687-48D8-8CF9-3C3A42B13C13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E46CF48-C5F3-4DCA-94A0-E11D278E62CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5AB10F9B-AAD1-414E-B51C-9611903F5600}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{57DB80E8-A420-4846-A2AD-874C3E7DA381}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4EBD2C5C-4D30-44AA-8495-402615917ACB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{0D331FA7-8888-4549-85C0-D4F2559C1AE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9D69B3BD-DCC5-4FAB-B977-FDD5853B919F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4CC55DAD-061A-4868-968D-EF5CE12052E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{851E0061-8972-4FB5-8B62-098E53A750F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{2336AA58-B756-435B-AC93-D795318DFD60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{C0C54401-E190-44A7-97B4-1DBE1E80321B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{8DBDEB39-CFD7-44A8-B674-5C8C496E07B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{6F010FDB-9EAD-4252-A7B6-7C2266584CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{270BA2A6-44F8-4836-A93D-54C462673049}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe

==================== Restore Points =========================

16-09-2017 20:52:57 Scheduled Checkpoint
24-09-2017 14:17:21 Installed Minecraft
02-10-2017 20:21:27 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2017 09:20:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Romaco Timeout.exe, version: 3.1.4.0, time stamp: 0x50dff1bb
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x1fd4
Faulting application start time: 0x01d33be5cb2c235d
Faulting application path: C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d699a8e8-a0da-45cc-9021-5eaf0862d650
Faulting package full name:
Faulting package-relative application ID:

Error: (10/02/2017 09:20:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Romaco Timeout.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
   at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef)
   at System.Xml.XmlTextReaderImpl.ParseText()
   at System.Xml.XmlTextReaderImpl.ParseElementContent()
   at System.Xml.XmlTextReaderImpl.Skip()
   at System.Configuration.XmlUtil.StrictSkipToNextElement(System.Configuration.ExceptionAction)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil)
   at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
   at System.Configuration.SettingsBase.get_Item(System.String)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
   at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
   at Romaco_Timeout.Properties.Settings.get_isFirstRun()
   at Romaco_Timeout.App..ctor()
   at Romaco_Timeout.App.Main()

Error: (10/02/2017 09:04:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EYOB-DESKTOP)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/02/2017 07:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Romaco Timeout.exe, version: 3.1.4.0, time stamp: 0x50dff1bb
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x1e98
Faulting application start time: 0x01d33bd382a55b78
Faulting application path: C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d6cf02d9-e8b7-4427-bb3d-1565c77da129
Faulting package full name:
Faulting package-relative application ID:

Error: (10/02/2017 07:09:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Romaco Timeout.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
   at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef)
   at System.Xml.XmlTextReaderImpl.ParseText()
   at System.Xml.XmlTextReaderImpl.ParseElementContent()
   at System.Xml.XmlTextReaderImpl.Skip()
   at System.Configuration.XmlUtil.StrictSkipToNextElement(System.Configuration.ExceptionAction)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil)
   at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
   at System.Configuration.SettingsBase.get_Item(System.String)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
   at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
   at Romaco_Timeout.Properties.Settings.get_isFirstRun()
   at Romaco_Timeout.App..ctor()
   at Romaco_Timeout.App.Main()

Error: (10/02/2017 07:09:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Romaco Timeout.exe, version: 3.1.4.0, time stamp: 0x50dff1bb
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x638
Faulting application start time: 0x01d33bd377d872ff
Faulting application path: C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 51afb60f-d26b-4a20-898d-f65720987be9
Faulting package full name:
Faulting package-relative application ID:

Error: (10/02/2017 07:09:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Romaco Timeout.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
   at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef)
   at System.Xml.XmlTextReaderImpl.ParseText()
   at System.Xml.XmlTextReaderImpl.ParseElementContent()
   at System.Xml.XmlTextReaderImpl.Skip()
   at System.Configuration.XmlUtil.StrictSkipToNextElement(System.Configuration.ExceptionAction)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil)
   at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
   at System.Configuration.SettingsBase.get_Item(System.String)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
   at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
   at Romaco_Timeout.Properties.Settings.get_isFirstRun()
   at Romaco_Timeout.App..ctor()
   at Romaco_Timeout.App.Main()

Error: (10/02/2017 07:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Romaco Timeout.exe, version: 3.1.4.0, time stamp: 0x50dff1bb
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x978
Faulting application start time: 0x01d33bd37282b0a8
Faulting application path: C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3bc3f2d5-8059-4683-a2b2-05167d83fedc
Faulting package full name:
Faulting package-relative application ID:

Error: (10/02/2017 07:09:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Romaco Timeout.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
   at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef)
   at System.Xml.XmlTextReaderImpl.ParseText()
   at System.Xml.XmlTextReaderImpl.ParseElementContent()
   at System.Xml.XmlTextReaderImpl.Skip()
   at System.Configuration.XmlUtil.StrictSkipToNextElement(System.Configuration.ExceptionAction)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil)
   at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
   at System.Configuration.SettingsBase.get_Item(System.String)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
   at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
   at Romaco_Timeout.Properties.Settings.get_isFirstRun()
   at Romaco_Timeout.App..ctor()
   at Romaco_Timeout.App.Main()

Error: (10/02/2017 07:08:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: StartTileData.dll, version: 10.0.15063.608, time stamp: 0xbadf4aba
Exception code: 0xc0000409
Fault offset: 0x00000000000dd3da
Faulting process id: 0x1c74
Faulting application start time: 0x01d33bd2e6da1014
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\StartTileData.dll
Report Id: f6524ace-02c3-4804-ac63-bcb42d4e1785
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App


System errors:
=============
Error: (10/02/2017 09:18:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/02/2017 09:18:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:17:23 PM on ‎10/‎2/‎2017 was unexpected.

Error: (10/02/2017 09:18:15 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (10/02/2017 09:15:57 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/02/2017 09:15:51 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/02/2017 09:15:28 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/02/2017 09:15:12 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}

Error: (10/02/2017 09:15:12 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}

Error: (10/02/2017 09:15:10 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/02/2017 09:15:05 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
  Date: 2017-09-04 02:40:08.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:33:11.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:28:02.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:27:44.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:21:16.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:20:32.065
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:12:36.758
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-06-15 03:37:42.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-15 03:37:41.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-04 01:36:44.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 55%
Total physical RAM: 8126.66 MB
Available physical RAM: 3644.7 MB
Total Virtual: 16830.66 MB
Available Virtual: 12188.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1713.99 GB) (Free:1178.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7326B618)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1714 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.5 GB) - (Type=05)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 08 October 2017 - 07:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/659231 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 lemote

lemote
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 10 October 2017 - 04:16 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-10-2017

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{E86A84FD-EF05-40A6-8826-693E4DBB5D16}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{3C0FACBA-53B9-4FFF-BFB6-38366D7700EE}) (Version: 2.8.2.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASRock Restart to UEFI v1.0.5 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version: 1.0.5 - )
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.6 - Kakao Games Europe B.V.)
Blackboard Collaborate Launcher (HKLM-x32\...\{2F761D1D-370D-467D-B7B2-21232FC37DA4}) (Version: 1.6.3.0 - Blackboard)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueJ (HKLM-x32\...\{691272B9-70BF-4A5C-B764-65BA7E2E654E}) (Version: 4.0.1 - BlueJ Team)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
BYOND (HKLM-x32\...\BYOND) (Version: 511.1385 - BYOND)
calibre 64bit (HKLM\...\{F12B37DA-4B58-48B7-9557-F51E9D62C898}) (Version: 3.6.0 - Kovid Goyal)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CrystalDiskInfo 7.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version:  - IO Interactive)
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version:  - IO Interactive)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Network Connections 21.0.504.0 (HKLM\...\PROSetDX) (Version: 21.0.504.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{c6d89415-9575-4fe3-aa1b-2047bd4dd6cb}) (Version: 2.8.2.2 - Intel)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Killing Floor (HKLM\...\Steam App 1250) (Version:  - Tripwire Interactive)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Exploit version 1.10.1.24 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.1.24 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Payne 3 (HKLM\...\Steam App 204100) (Version:  - Rockstar Studios)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft RS Import (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Microsoft RS Import) (Version: 2.4.36.6 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Build Tools (HKLM-x32\...\{a9528995-e130-4501-ae19-bbfaddb779cc}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Nmap 7.60 (HKLM-x32\...\Nmap) (Version: 7.60 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Npcap 0.93 (HKLM-x32\...\NpcapInst) (Version: 0.93 - Nmap Project)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\OpenIV) (Version: 2.9.907 - .black/OpenIV Team)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PuTTY release 0.67 (HKLM-x32\...\PuTTY_is1) (Version: 0.67 - Simon Tatham)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Resanance (HKLM\...\{07BB6181-E1D0-4283-87D0-BE4819535A3C}) (Version: 2.1.3 - WasntAFairFight)
ROBLOX Player for Eyob Melesse (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
Romaco Timeout (HKLM-x32\...\{ADDD2D34-1945-4D89-9433-A34DF61E5AE9}) (Version: 3.1.4 - Romaco Canada)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.8.0 - ShareX Team)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version:  - The SKSE Team)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Spotify) (Version: 1.0.64.399.g4637b02a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Styx Shards of Darkness (HKLM-x32\...\Styx Shards of Darkness_is1) (Version:  - )
SuperF4 (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\SuperF4) (Version: 1.3 - Stefan Sundin)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
The Escapists 2 (HKLM-x32\...\The Escapists 2_is1) (Version:  - )
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
This War of Mine (HKLM\...\Steam App 282070) (Version:  - 11 bit studios)
TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
Tom Clancy's Splinter Cell Blacklist (HKLM\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version:  - The Creative Assembly)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Victoria II (HKLM\...\Steam App 42960) (Version:  - Paradox Development Studio)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.4.1 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.1 - The Wireshark developer community, hxxps://www.wireshark.org)
ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1084774566-2120172311-3928770883-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-251AEC4769CA}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1084774566-2120172311-3928770883-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14C936AF-F6BB-43F6-A40F-6FD2554D9769} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {1F29C243-B65A-4277-8F61-C2B9D1BFD1E7} - System32\Tasks\AdobeAAMUpdater-1.0-EYOB-DESKTOP-Eyob Melesse => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {20EF7200-329D-4F5B-A130-4817C4F4E399} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {2F04F065-3B88-445A-AF4B-F65E4F4381B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {362BA24B-3E7B-43E8-84CB-0D9DF3CDF14F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {3A48027A-3699-4157-A817-8E93F20A05CC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {42B0141D-B1E3-45ED-9C3F-12F3ED4D5D54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {463D37A5-1BCB-4E94-AAB7-DDA8F191DB8F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-19] (Microsoft Corporation)
Task: {62170999-8F9E-4ED1-8E49-9D5DBDE5C537} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {76C4BDD9-0672-4E38-93EF-A46C113393CF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
Task: {8107E736-9457-4903-8FAF-B1E526575755} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {817BE026-EA47-4B0D-8293-693B2DB4C556} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {8305B809-E437-459F-8855-91F932FB2ACB} - System32\Tasks\Demons PDF Burner Enterprise x => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Demons PDF Burner Enterprise x\Demons PDF Burner Enterprise x.dll",iizfQuZyffJM <==== ATTENTION
Task: {91696D45-DC3F-42B1-AFDE-B29D0CF7998D} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
Task: {9386ADC0-49D9-4052-B1E2-8216613BCF9E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {95FB60AC-98DE-4CF5-9A6B-69773B5E96B0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {AEE46239-0E4C-4A0C-9C4A-DD420C607E68} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {B2DFBE62-98CF-4457-9B6D-736183E4A232} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {BC2E69F6-71A1-4477-9BE9-6D4DB525D005} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {C529900D-73F0-49C6-9F4C-0C067B72BB4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {CA4D8A18-81C1-42FD-9ACF-65DAB4284613} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {D5EBF28C-A33D-4CBA-8355-0F457EE12498} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\WINDOWS\system32\compattelrunner.exe
Task: {DA079853-6FB8-46C8-B18E-822E1F820D7B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-28] (Adobe Systems Incorporated)
Task: {EDA5F9B3-6F2B-4A9E-B467-F643FB6D237B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
Task: {FE6AA279-37E4-4216-877F-8BDEBFC56C23} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GPemu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jhficiigpnhhaojldmanflihieepanbb

==================== Loaded Modules (Whitelisted) ==============

2017-06-03 16:39 - 2017-05-01 16:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-10 18:52 - 2017-08-18 00:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-25 10:57 - 2016-10-25 10:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-21 20:29 - 2017-09-19 05:02 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-17 18:42 - 2016-05-17 18:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-08-03 11:45 - 2016-08-03 11:45 - 000052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 003826176 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2017-04-07 19:30 - 2017-04-07 19:30 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2014-05-02 12:52 - 2014-05-02 12:52 - 000599040 _____ () C:\Program Files (x86)\Resanance\irrKlang.NET4.dll
2016-03-07 00:26 - 2016-03-07 00:26 - 000185344 _____ () C:\Program Files (x86)\Resanance\ikpflac.dll
2016-03-07 00:26 - 2016-03-07 00:26 - 000173056 _____ () C:\Program Files (x86)\Resanance\ikpmp3.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 003479680 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\LeagueClient.exe
2017-10-07 19:32 - 2017-10-07 19:32 - 001704576 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\LeagueClientUx.exe
2017-10-07 19:32 - 2017-10-07 19:32 - 001704576 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\LeagueClientUxRender.exe
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-20 15:22 - 2017-10-02 19:06 - 071818864 _____ () C:\Users\Eyob Melesse\AppData\Roaming\Spotify\libcef.dll
2017-05-20 15:22 - 2017-10-02 19:06 - 002969200 _____ () C:\Users\Eyob Melesse\AppData\Roaming\Spotify\libglesv2.dll
2017-05-20 15:22 - 2017-10-02 19:06 - 000086640 _____ () C:\Users\Eyob Melesse\AppData\Roaming\Spotify\libegl.dll
2016-09-10 18:52 - 2017-08-18 00:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-08-08 20:48 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Eyob Melesse\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-10 04:22 - 2017-08-10 04:22 - 001577976 _____ () \\?\C:\Users\Eyob Melesse\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2016-08-21 20:29 - 2017-09-19 05:01 - 008928968 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-08-08 20:48 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Eyob Melesse\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 20:48 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Eyob Melesse\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-10 04:22 - 2017-09-02 16:39 - 009622008 _____ () \\?\C:\Users\Eyob Melesse\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-10 04:22 - 2017-08-10 04:22 - 001440248 _____ () \\?\C:\Users\Eyob Melesse\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-10-03 20:14 - 2017-10-03 20:14 - 000148992 _____ () \\?\C:\Users\Eyob Melesse\AppData\Local\Temp\D371.tmp.node
2017-08-10 04:22 - 2017-08-10 04:22 - 002658296 _____ () \\?\C:\Users\Eyob Melesse\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-10 04:22 - 2017-08-10 04:22 - 002673656 _____ () \\?\C:\Users\Eyob Melesse\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2016-07-12 18:34 - 2016-07-12 18:34 - 000044936 _____ () C:\Program Files (x86)\TI Education\TI Connect CE\runtime\jre\bin\prism-d3d.dll
2016-07-12 18:34 - 2016-07-12 18:34 - 000159624 _____ () C:\Program Files (x86)\TI Education\TI Connect CE\runtime\jre\bin\glass.dll
2016-07-12 18:34 - 2016-07-12 18:34 - 000243080 _____ () C:\Program Files (x86)\TI Education\TI Connect CE\runtime\jre\bin\javafx-font.dll
2016-07-12 18:34 - 2016-07-12 18:34 - 000504200 _____ () C:\Program Files (x86)\TI Education\TI Connect CE\runtime\jre\bin\libxml2.dll
2016-07-12 18:33 - 2016-07-12 18:33 - 000164744 _____ () C:\Program Files (x86)\TI Education\TI Connect CE\runtime\jre\bin\libxslt.dll
2016-07-12 18:34 - 2016-07-12 18:34 - 011893128 _____ () C:\Program Files (x86)\TI Education\TI Connect CE\runtime\jre\bin\jfxwebkit.dll
2016-08-03 11:45 - 2016-08-03 11:45 - 000048304 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-08-20 14:22 - 2017-09-16 20:26 - 000656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-20 14:22 - 2017-09-16 20:26 - 002322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-20 14:22 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-20 14:22 - 2016-01-27 03:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-20 14:22 - 2016-01-27 03:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-20 14:22 - 2016-01-27 03:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-20 14:22 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-20 14:22 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-20 14:22 - 2016-01-27 03:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-20 14:22 - 2016-01-27 03:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-20 14:22 - 2017-09-16 20:26 - 000838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-20 14:22 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-13 19:18 - 2017-09-16 20:26 - 067304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-08-20 14:22 - 2017-09-16 20:26 - 000388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-08-20 14:22 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000108672 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\zlib.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000128640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\yaml.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 001386624 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000669824 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 001010304 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000525440 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000563840 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-riot-messaging-service\rcp-be-riot-messaging-service.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000673920 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000571008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000495744 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000632448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000539264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000619648 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000582272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000787072 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000483456 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-pre-end-of-game\rcp-be-lol-pre-end-of-game.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000566400 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000444544 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000537216 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000544896 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000496768 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000899712 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000694912 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-champions\rcp-be-lol-champions.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000496768 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000569984 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-loadouts\rcp-be-lol-loadouts.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000905344 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000580736 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000691328 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2017-10-07 19:35 - 2017-10-07 19:36 - 000518272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 001608320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 001483392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000776320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000577152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000493696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000518272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000920704 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000472704 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-kickout\rcp-be-lol-kickout.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000477312 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000479360 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000492160 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000536192 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000723072 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000522368 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000435328 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000808576 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000599168 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000624256 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000584320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000530560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000558720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000662656 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000715392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000785536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000530560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000577152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000690816 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000721536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000504960 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000487040 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000526976 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000546432 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000586368 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-personalized-offers\rcp-be-lol-personalized-offers.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000471680 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-user-experience\rcp-be-lol-user-experience.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000541824 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-simple-dialog-messages\rcp-be-lol-simple-dialog-messages.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000610944 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-highlights\rcp-be-lol-highlights.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000649856 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-honor-v2\rcp-be-lol-honor-v2.dll
2017-10-07 19:36 - 2017-10-07 19:36 - 000489088 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000539264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-entitlements\rcp-be-entitlements.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000667776 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-missions\rcp-be-lol-missions.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000584832 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-item-sets\rcp-be-lol-item-sets.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000466560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-las-toxicity\rcp-be-lol-las-toxicity.dll
2017-10-07 19:35 - 2017-10-07 19:35 - 000516224 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-geoinfo\rcp-be-lol-geoinfo.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 001090176 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-clash\rcp-be-lol-clash.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000486528 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-banners\rcp-be-lol-banners.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000526464 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\Plugins\rcp-be-lol-featured-modes\rcp-be-lol-featured-modes.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 055775872 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\libcef.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 001801344 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\libglesv2.dll
2017-10-07 19:32 - 2017-10-07 19:32 - 000022144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Eyob Melesse\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33068940.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33068940.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\sharepoint.com -> hxxps://ocpsfl-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-08-22 22:01 - 000020334 _____ C:\WINDOWS\system32\Drivers\etc\hosts

95.183.50.10 wiiu.titlekeys.com
95.183.50.10 3ds.titlekeys.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de

There are 547 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\StartupApproved\Run: => "Windscribe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E383535F-0A4F-4433-A72D-CC529FAC26B0}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{8DB06FCE-77F1-4F72-B3AD-19E0817E0CD8}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E36CB559-902C-4F58-AD54-0413CAA2F2BB}C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5B6FB490-1C41-4B55-B8E6-864F301EEBE3}C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eyob melesse\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AA67189-5CBE-49BA-89DE-4AE047F4B111}C:\users\eyob melesse\desktop\wiiu_usb_helper.exe] => (Allow) C:\users\eyob melesse\desktop\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{9F6DC747-9578-4D7F-B849-A8B72872C339}C:\users\eyob melesse\desktop\wiiu_usb_helper.exe] => (Allow) C:\users\eyob melesse\desktop\wiiu_usb_helper.exe
FirewallRules: [UDP Query User{DFF930BF-C0D6-4D24-9568-A7DEB89F7E65}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{DCED6299-1E40-469B-9916-3FFAB591B0B3}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{41E69AF1-074A-4B01-A143-F341320AAABA}C:\program files (x86)\byond\bin\dreamdaemon.exe] => (Allow) C:\program files (x86)\byond\bin\dreamdaemon.exe
FirewallRules: [TCP Query User{AE254266-ED94-4253-8842-481A0F576C5A}C:\program files (x86)\byond\bin\dreamdaemon.exe] => (Allow) C:\program files (x86)\byond\bin\dreamdaemon.exe
FirewallRules: [{3E0CB29C-3E27-411D-9190-9D315227627C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{66BB4450-5BD6-4782-8DC1-43AF10444A30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [UDP Query User{EAB3E325-3E3C-4D25-8115-95500336AA1A}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [TCP Query User{FC20D95D-6A33-4F00-938C-0C88E87D7346}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{688B8D07-69CE-4235-AFF8-FD8EB39B3E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [{A2BECCE5-DC4B-48B1-908D-FE36B34BA5A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TigerKnight_EW\frontend\bin\frontend.exe
FirewallRules: [UDP Query User{21EBC226-2706-4373-8EEB-E9289E6F8928}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [TCP Query User{46FE3DE2-9EAB-4683-B519-F1EFD1F5F800}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{98E65FC3-DE07-44EB-A99A-9F1552E33B45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{2E03CB0C-FFFD-45E7-A559-1164647052DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{6FFDCECA-FCF5-465B-932E-2A30DB06EA9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{5FBC7654-1AFB-40A0-AFEF-DFC81E8BFA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{11EEE8FF-DE36-44BD-B836-CC2033F4314A}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{7271173C-B526-4D0F-8983-8B5859D97C93}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{FD1E61DB-74C2-47E7-8DED-6842103C5AC1}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{C8896DD3-0959-4E97-B518-06B1CA35D6DD}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{BB1BDC03-F9F1-4455-99D1-0401D4DE3BF6}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{ADE09A0C-E10B-4C6D-A7FE-2AACD366B151}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1D404A3D-6560-49FB-9967-4EA5ACDCC4BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{37DEF1FF-FBB6-4147-9E56-50D02E5E14BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{6A18C236-D573-48A1-92E2-34A4A4BEEEF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{4DC838A5-A019-49BE-A590-84FE79B23BD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{481A34EF-0105-49DD-8A29-7BAB87C0078A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{812DD9EA-41DC-432E-B8BD-FB962A8B919E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{40756AC2-6901-4AAA-B8C2-CDCFA5F0B9C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{1D19B1F5-206A-49E0-8E86-24916F90F972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{7881A146-A239-486E-8798-1D046E150260}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{2C9D015E-44F5-43AF-AEB8-1D9EF947B8F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{8852BE44-B6D9-42A6-949D-1BCAFCEBAEBE}C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [TCP Query User{A0A32A3F-15C2-47E1-B3FC-F2B53ECF7C18}C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\eyob melesse\documents\games\astroneer.pre-alpha.v0.2.111.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{596BE240-7EC2-4996-869A-81CFC28662F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{D3D510DB-E881-4509-B35F-456DCE1FB807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{A05D1D40-D1EA-4DB4-814B-122B79E7EA32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{7340C089-941A-46A7-B179-4757A3EBD41E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{019518A3-5286-4728-8276-F974816DE861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{1AF01E8E-8884-4EBF-A469-7D8C0D1F00CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{36F5F811-373D-4AFD-A884-5E8F2196A66C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{CF023513-787F-4D43-943E-7EB88D58CACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{35B2FA33-2A21-4A67-8E7E-4DF529E29DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{3C2A2809-D17A-436D-9002-0E7225BF0032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{CB69A847-CC6A-4744-B748-81F30B4BDFCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0B4603A8-A96D-4008-9239-0294CB8EF791}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7FAB2AD2-111C-4178-A30F-FBBCD6485B45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5CC5DA87-1284-4EBA-A48A-9E3010924B5A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{93953DD3-F845-4A7A-AD35-6208851A8882}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{D5794A84-C0DB-491B-AA13-FDC2192625A6}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{D12F3AB9-ED14-4BF4-8082-1A5D4215DB68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0BAC5A9C-DF25-4F00-B67D-359C221B23CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [UDP Query User{9FA3A198-55C8-4549-95EE-ED978FF2EEC5}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{1A362E31-1AE4-4C75-B6DF-8584349B7CE5}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7AFB749A-A5BD-432F-A3C7-29F45E51A7E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{45219308-DDAC-42EE-A027-C4B2029C8F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [UDP Query User{FEEA91C5-0B9B-4B4C-A599-A1BB5A014302}C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [TCP Query User{E4C4CA05-D374-46A4-BCAD-2EDB4EDFDE16}C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\users\eyob melesse\desktop\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [{9AB1ED5B-1E40-408B-A01D-E2F44F520C96}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{860DB259-4A9E-4DD6-9EA1-62B3C4D2D8DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{381344D7-01DC-4CEC-87D1-E28DD0672C44}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [{362D100D-B610-490C-A535-9D3820BF3C61}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [{82AE6093-3ACD-41A9-8803-2B49D909D506}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [{68BF65F0-B1EB-4B10-87A4-BEA0AFBA2EFF}] => (Allow) C:\Users\Eyob Melesse\Desktop\Starbound\Starbound.exe
FirewallRules: [UDP Query User{756F1F22-6765-4BAC-9850-6CF8E7397843}C:\users\eyob melesse\desktop\starbound\win64\starbound.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound.exe
FirewallRules: [TCP Query User{967D21A3-8E2F-42BE-9439-007C734F95FA}C:\users\eyob melesse\desktop\starbound\win64\starbound.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound.exe
FirewallRules: [UDP Query User{EAF4BBB9-782D-4175-94B8-EF228325488B}C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe
FirewallRules: [TCP Query User{76E6BD96-A175-4561-AF35-5FA9FA27E913}C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe] => (Allow) C:\users\eyob melesse\desktop\starbound\win64\starbound_server.exe
FirewallRules: [{3C463490-102F-492A-B663-B3400E74FF92}] => (Allow) C:\Users\Eyob Melesse\Desktop\Heroes & Generals\live\hng.exe
FirewallRules: [{091338C9-FAEE-45E6-B20B-B8680DE86C5F}] => (Allow) C:\Users\Eyob Melesse\Desktop\Heroes & Generals\live\hng.exe
FirewallRules: [UDP Query User{931F4758-32E9-4E67-8F5C-7DFA9703ABBC}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{A7FC45D1-8A4A-446E-BBF1-A5B1672B2AC6}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0290A7AE-62DB-467F-8B40-0F619FD0A050}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{FD44872E-C275-4F81-86D5-9D6A5C6C7685}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{9ECB9CFF-3C5D-406F-8476-28A874D02900}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{CF39D91B-6FF5-4771-84F4-5F472AC3E430}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{169099CA-A0D1-405F-8E07-567F79B3FE3A}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{6D44A29B-7786-4910-B3ED-86057AB6BFCE}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{6955F966-799D-43E2-8B58-3791E81C7913}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{D3FEDE0D-0110-4EA6-B262-B12A04576C81}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{A2B72CA8-CF9E-4DCB-8FF2-5627EB01EE1B}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{ED229A58-EA6A-4ACD-9417-4D772A3C235A}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{617DDE3B-16E7-44D6-A182-3823DF1BBAB8}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [{0D784AD1-0A1A-4D8A-AA05-1AA388B41E45}] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [UDP Query User{6D520C52-993E-4B0E-B833-1D90BABF9440}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [TCP Query User{78374A2C-C58E-4A79-8CA2-39F833854FFD}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [{F50D795E-C9F4-42CB-A5A4-2FE87F2BAA3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{2C09A412-0FA9-4762-AB98-91BE5A8A8EDF}C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe] => (Block) C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe
FirewallRules: [TCP Query User{D66C6AB5-5161-4C34-9960-CDB1545ECAEA}C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe] => (Block) C:\users\eyob melesse\documents\games\teamspeak3-server_win64\ts3server.exe
FirewallRules: [{D47885B8-5DFA-4074-89A3-F0231029200D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{870A6D73-F4F8-4111-83CC-DBF872BBB54E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{37792C4B-3AA0-48DA-9629-C63F7E3DB2C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{7EFA60F2-D5E7-479B-B972-51B8B63483BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{CEAEE93C-A840-47B8-9052-08C63EFB2E94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{6D5C3531-6880-4A06-8359-CAF656F3568A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{AE6CA490-8593-4083-93D4-96131A5C856D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{A5068DC6-1F46-46E3-BD17-AEE6DAB7942E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [UDP Query User{1E64E349-B71A-4B06-901C-110321BBECA4}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [TCP Query User{01CBC976-DFA5-49D2-A5C9-40C2D2F38557}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{52A3C917-6AFF-4CE0-BC57-77606BF4E06F}C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [TCP Query User{1D83DB93-27BC-4683-BE3B-E6C51A7F9828}C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\eyob melesse\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [UDP Query User{9B8BFA74-A9BC-4A68-9078-D82B8F0A2A43}C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [TCP Query User{AC26B9FF-D36E-45A0-A2D8-64E82306C884}C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\eyob melesse\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{019E74B1-C6E8-4A1C-B330-2CF0EE2470C3}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{E6394A40-BE09-4F3A-9430-B62A9901FE91}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{84636135-81AD-40BD-9304-1B7C69ED9BC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7972478-D84D-4FF3-BB1B-B121ADD3FD1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17CB22BD-4438-4168-9C84-AFCC03C4C50B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B29CA33B-09F5-4E92-87C6-B292F0601663}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F1B7723E-A851-47D8-B9C2-2DFB006FABEC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F0189FB-F337-4EA1-9D53-803B8C2C164F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1275F9B2-5F3D-4FD7-8729-56BC078A6CB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{1042160E-F929-4810-AD04-7AA7A1701270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{F950F6EF-7E31-44E4-A1B9-674EC91501F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F991F16F-11C4-4378-8C64-2158C02D346B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [TCP Query User{9AB7C394-89D5-45D4-A3A9-EE13C398B9E0}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [UDP Query User{F3F5FD7E-4273-467E-B36C-30A19F7F375B}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe
FirewallRules: [TCP Query User{F39333EA-F43A-49F9-80FE-39EFDEC768C5}C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{28458BE3-2330-499D-B4AB-8BCBF89AEBEE}C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\users\eyob melesse\desktop\don't starve together new\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{BF39351F-11EB-4AD9-BCCA-5644CB1A045D}] => (Allow) C:\Users\Eyob Melesse\Desktop\Don't Starve Together New\bin\dontstarve_steam.exe
FirewallRules: [{9AD9DA9D-04A9-4D55-BD9C-C96B6A4B6E26}] => (Allow) C:\Users\Eyob Melesse\Desktop\Don't Starve Together New\bin\dontstarve_steam.exe
FirewallRules: [{8A86BAAC-F48B-4F36-A5A1-90E9063CF31B}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{06469D59-5047-49B3-8A0C-E1FA3F312313}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{D7254F3F-9791-439E-90FD-A3793A065DCF}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{544A17C7-642D-437C-9BFC-208FBA6283EB}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3C805F21-E4FA-4EA5-87C6-DE72ABDD5513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{93F10934-68C1-4277-A6C2-9F4CA238A737}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{B5B56147-8B44-45FD-9C27-238B20A06705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{30510DA0-F7EA-4CD3-BF18-D8E0CF906962}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{56D369C7-85D8-40FB-BFD6-D42199E1CE7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{223AB4FB-10BF-400E-A9A0-49B56FC7F4CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{7B44D69D-A004-40DB-9A21-F0E987063591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3DF88FF3-788C-4A62-98E2-11510BCFFE75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{25437533-5066-4D1E-9A68-06EF3154575F}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{61937581-A8EF-49CF-9ECA-BAF19F1F1BDD}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C2D535B-5ABD-4C3E-9686-E91DCB5B4B62}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BA9B7AAC-4204-4B19-A36C-F6F7C0D54EB0}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{980E877E-98CE-4EEB-9DB6-F97D3D58E198}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C240FB7-AB61-4CCF-A29B-04D119C4A1E7}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8C181960-BDBA-4956-AA40-9FB1B49F8A3D}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{DC32334B-26CD-438B-8CF5-AB3CC3449578}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{D0AADE20-14ED-4907-895D-E3FCFD86CAC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{B9E73E5A-7647-4E43-AE8D-2B7D5D6106F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [TCP Query User{8839B142-D7AD-40B3-AC8F-0107DD81D1A8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B25B551B-3AEC-4768-A0EF-34102897D374}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{11039CA9-FD30-45CE-BD55-19657E59A8D5}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{2F71CA1C-A6CE-4FE8-A8AF-C0FFC950B0EE}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{916C1B9C-06EE-45A2-95CA-1549A8503B03}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{69FA34FB-E3D5-45D1-A253-264D05DE1928}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FC00D973-CB46-40FA-9256-DE6AA3EFB290}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6A9FEC62-98F6-4543-8BD4-9DF62ED715BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{169F90BE-CA03-43C5-A55C-73923907457D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{3C5FF36C-2686-4837-8224-BA2260D8E766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{5380B656-9D04-4553-8498-8C6D35C4481F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{814DA41F-4BF6-4B09-9074-388005325483}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [TCP Query User{118BF2F1-DF83-4539-A8E2-88F1EA9B743C}C:\users\eyob melesse\desktop\move or die\love\win\love.exe] => (Allow) C:\users\eyob melesse\desktop\move or die\love\win\love.exe
FirewallRules: [UDP Query User{4C860285-CEA7-44E1-AA4C-4C1A5516FE25}C:\users\eyob melesse\desktop\move or die\love\win\love.exe] => (Allow) C:\users\eyob melesse\desktop\move or die\love\win\love.exe
FirewallRules: [{79EACDC6-BBD7-4C08-BA66-4D22CD87B1B6}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [{4102E61D-B3E4-49F5-93A2-06581697350D}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [{8E001CFF-D9B3-44F1-916D-B3FFCD236CB6}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [{16C46408-9C5E-45E1-BF79-2479A64C9882}] => (Allow) C:\Users\Eyob Melesse\Desktop\Move or Die\MoveOrDie.exe
FirewallRules: [TCP Query User{669B4501-564A-4C04-87AC-02B342F52D5E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{FD63B02D-470C-43C4-839F-A3ECEE2C04ED}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{F384D003-6305-4E01-B329-B9705E9E9271}] => (Allow) C:\Program Files (x86)\salivated\agassi.exe
FirewallRules: [{2BA341F8-686A-49F7-BB80-2E329EEE8584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{726D1EB8-044D-4BB9-9361-DF93388ABD4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{414509D7-6182-4BBA-96A1-ED2CE9E4EE5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{CCFE4C72-9406-46B5-855F-998BACB72E47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{DEB0B384-4A9E-43A3-BC0E-B8DAE4E6EBA9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6F69B7C9-5ED9-4E73-A9B7-B4CD76558CF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{66950234-4D92-4174-B891-3CA6F43770D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E585C7E3-9F2F-47F6-B32C-01A0FB4BB9F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{A38E988D-DD8E-42DC-9085-0778F84AD5B1}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{864C5167-E084-4B70-890C-7063B2AA12CF}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{D58C8FC5-D1F6-482A-B9C3-3D51176190F7}C:\games\nba 2k17\nba2k17.exe] => (Allow) C:\games\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{49D17B33-EACA-49EC-8F11-4826F5B79E87}C:\games\nba 2k17\nba2k17.exe] => (Allow) C:\games\nba 2k17\nba2k17.exe
FirewallRules: [{B495642F-6CB0-40D6-9BBE-24FB5777E53B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{9CE0680A-D31A-431A-A6F4-47C358FB0152}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{BB10EB2D-E8A1-436B-8EB4-60D8D30D0807}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EFA7D3A8-5DEE-47FD-BCE5-51F891CBF07D}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{E4C30877-F237-4568-92E4-89C92FCB5F17}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{A7462FD9-7B3D-42E5-B5F5-D3D490A6B332}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{C02DDBB3-958E-42A9-9C81-D58745F1303A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{674AC681-6AF4-41DB-83DF-8EFDB90D468E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{577B118E-F8AB-4AC6-84CC-2C3111C3BB2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8E3120E3-D40A-41FF-9836-5C443F4F9373}] => (Allow) C:\Users\Eyob Melesse\Downloads\bin\BlackDesert32.exe
FirewallRules: [{1263DF1D-92A1-44B5-AE54-520C42EC5133}] => (Allow) C:\Users\Eyob Melesse\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{840B4533-5C87-4725-835B-1E72473BF441}] => (Allow) C:\Users\Eyob Melesse\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{5CC86ADB-8967-4C8B-A404-5076ACF5813A}] => (Allow) C:\Users\Eyob Melesse\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{447FD021-7DCC-4D98-BA45-112088835972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{FCEA1768-1937-436E-BF65-466280361D15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{C31F2946-15B2-435C-AE0D-A596F8FD3E75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{16358B66-9CC9-4452-B59A-95AE03A71C6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [TCP Query User{37845A47-E14D-4A0C-8E3A-369E670B43AD}C:\program files (x86)\gamezbd launcher\gamezbdo.exe] => (Allow) C:\program files (x86)\gamezbd launcher\gamezbdo.exe
FirewallRules: [UDP Query User{D64FE380-2A43-4CDD-A01F-177ACBD17576}C:\program files (x86)\gamezbd launcher\gamezbdo.exe] => (Allow) C:\program files (x86)\gamezbd launcher\gamezbdo.exe
FirewallRules: [{0F9040EB-1B7F-40C9-9788-6523BD83F78D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7E143272-EC21-4075-AB76-DBC92E2C0D6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{59202214-BC7F-4F43-9596-844997A71D9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CAB79284-68C9-4678-AD02-D6D9539FDD46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4DC1AE7D-643E-4499-8384-BC7528351AE7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{36AA7AEA-CF2C-41B6-9191-B8A48330C6C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E1F204EA-B48A-462B-8F02-4B7A4CD57DBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1F0825EA-F864-40B6-95F2-4143E9E054EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BF689E79-3E84-4322-8045-5B7F7709EEEE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{4F4BDC9E-3179-4BA8-9047-5DA0FDB31BC2}C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe] => (Allow) C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe
FirewallRules: [UDP Query User{584A97CB-FCEC-4F0F-B3B4-F285A673D2FA}C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe] => (Allow) C:\users\eyob melesse\documents\games\the escapists 2\theescapists2.exe
FirewallRules: [{26F92EA2-FD93-44C2-9D4B-9AE74492D043}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{864ECADE-D780-40C5-9CEA-FFF6E404D59C}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{3026F245-7ED5-4AC9-B007-28ABB00938DB}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{C76D1E1B-06D2-4B14-BFB0-BAC876432512}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe
FirewallRules: [{CC6D5FE8-7941-45E8-A4C7-2B9630ADCBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{B8B45CC3-6055-47E5-B26C-39F7E8627D64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{E3699A74-6ABF-4915-B0F5-800B0FA233C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3AAD002F-F687-48D8-8CF9-3C3A42B13C13}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E46CF48-C5F3-4DCA-94A0-E11D278E62CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5AB10F9B-AAD1-414E-B51C-9611903F5600}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{57DB80E8-A420-4846-A2AD-874C3E7DA381}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{4EBD2C5C-4D30-44AA-8495-402615917ACB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{0D331FA7-8888-4549-85C0-D4F2559C1AE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{9D69B3BD-DCC5-4FAB-B977-FDD5853B919F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4CC55DAD-061A-4868-968D-EF5CE12052E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{851E0061-8972-4FB5-8B62-098E53A750F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{2336AA58-B756-435B-AC93-D795318DFD60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{C0C54401-E190-44A7-97B4-1DBE1E80321B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{8DBDEB39-CFD7-44A8-B674-5C8C496E07B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{6F010FDB-9EAD-4252-A7B6-7C2266584CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{270BA2A6-44F8-4836-A93D-54C462673049}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [TCP Query User{438366C3-F3F7-4FD8-BBC9-1352877FA9AA}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B6016003-5F7D-45BA-9183-4752E07885CE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1FD178EE-05DB-4FEF-8C5E-65C0ECCB05AE}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{848DD950-767E-48A6-996A-BEFE67323925}] => (Allow) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

24-09-2017 14:17:21 Installed Minecraft
02-10-2017 20:21:27 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2017 06:34:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Resanance.exe, version: 2.1.3.0, time stamp: 0x575cb2f6
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x2fc0
Faulting application start time: 0x01d33f025872ef27
Faulting application path: C:\Program Files (x86)\Resanance\Resanance.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6e6e6eea-a841-428d-b5ae-416ef0e75a10
Faulting package full name:
Faulting package-relative application ID:

Error: (10/08/2017 06:34:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Resanance.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.Windows.Window.DragMove()
   at LpeCHHxVDPADEFmsiVlNLHTolOZbb.‍‫‮​‍‎​‏‭‫‍‬‌‌‬‎​‍‏‫​‍‪‮(System.Windows.Input.MouseButtonEventArgs)
   at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
   at System.Windows.UIElement.OnMouseDownThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
   at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
   at System.Windows.Input.InputManager.ProcessStagingArea()
   at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
   at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
   at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
   at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at InOfpWNKhPnmFbKaHSeIZqCZigPD.‍‎‭​‌‎‎‫‭‍‮‌‮‭‫‮‭‌​‪​‎‬‮()

Error: (10/07/2017 07:31:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (10/03/2017 08:30:59 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2017 08:23:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (10/03/2017 08:23:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (10/02/2017 09:20:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Romaco Timeout.exe, version: 3.1.4.0, time stamp: 0x50dff1bb
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x1fd4
Faulting application start time: 0x01d33be5cb2c235d
Faulting application path: C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d699a8e8-a0da-45cc-9021-5eaf0862d650
Faulting package full name:
Faulting package-relative application ID:

Error: (10/02/2017 09:20:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Romaco Timeout.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
   at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef)
   at System.Xml.XmlTextReaderImpl.ParseText()
   at System.Xml.XmlTextReaderImpl.ParseElementContent()
   at System.Xml.XmlTextReaderImpl.Skip()
   at System.Configuration.XmlUtil.StrictSkipToNextElement(System.Configuration.ExceptionAction)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
   at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil)
   at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
   at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)

Exception Info: System.Configuration.ConfigurationErrorsException
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(System.String)
   at System.Configuration.SettingsBase.get_Item(System.String)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String)
   at System.Configuration.ApplicationSettingsBase.get_Item(System.String)
   at Romaco_Timeout.Properties.Settings.get_isFirstRun()
   at Romaco_Timeout.App..ctor()
   at Romaco_Timeout.App.Main()

Error: (10/02/2017 09:04:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EYOB-DESKTOP)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/02/2017 07:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Romaco Timeout.exe, version: 3.1.4.0, time stamp: 0x50dff1bb
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xe0434352
Fault offset: 0x0000000000069e08
Faulting process id: 0x1e98
Faulting application start time: 0x01d33bd382a55b78
Faulting application path: C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d6cf02d9-e8b7-4427-bb3d-1565c77da129
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/10/2017 02:21:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/04/2017 10:19:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/03/2017 08:35:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (10/02/2017 09:18:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/02/2017 09:18:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:17:23 PM on ‎10/‎2/‎2017 was unexpected.

Error: (10/02/2017 09:18:15 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (10/02/2017 09:15:57 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/02/2017 09:15:51 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/02/2017 09:15:28 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/02/2017 09:15:12 PM) (Source: DCOM) (EventID: 10005) (User: EYOB-DESKTOP)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}


CodeIntegrity:
===================================
  Date: 2017-09-04 02:40:08.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:33:11.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:28:02.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:27:44.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:21:16.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:20:32.065
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-04 02:12:36.758
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Eyob Melesse\Desktop\XENOS INJECTOR\BlackBoneDrv10.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-06-15 03:37:42.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-15 03:37:41.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-04 01:36:44.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 66%
Total physical RAM: 8126.66 MB
Available physical RAM: 2748.96 MB
Total Virtual: 16830.66 MB
Available Virtual: 8748.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1713.99 GB) (Free:1174.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7326B618)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1714 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.5 GB) - (Type=05)

==================== End of Addition.txt ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2017

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Discord Inc.) C:\Users\Eyob Melesse\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Eyob Melesse\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Eyob Melesse\AppData\Local\Discord\app-0.0.298\Discord.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Texas Instruments) C:\Program Files (x86)\TI Education\TI Connect CE\TI Connect CE.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe
(BitTorrent Inc.) C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Wasntafairfight) C:\Program Files (x86)\Resanance\Resanance.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\LeagueClient.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\LeagueClientUx.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\LeagueClientUxRender.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.98\deploy\LeagueClientUxRender.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Windows\System32\SystemPropertiesRemote.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480584 2017-07-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [130808 2017-07-17] (Intel)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2017-09-16] (Valve Corporation)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Spotify] => C:\Users\Eyob Melesse\AppData\Roaming\Spotify\Spotify.exe [20803184 2017-10-02] (Spotify Ltd)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe [3229160 2017-05-28] (Blizzard Entertainment)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Romaco Timeout] => C:\Program Files (x86)\Romaco Canada\Romaco Timeout\Romaco Timeout.exe [769536 2012-12-30] (Romaco Canada)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [Spotify Web Helper] => C:\Users\Eyob Melesse\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-02] (Spotify Ltd)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\Run: [uTorrent] => C:\Users\Eyob Melesse\AppData\Roaming\uTorrent\uTorrent.exe [1985984 2017-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Black Desert Online\DGCefBrowser.exe [3450240 2017-03-02] (Kakao Games Europe B.V.)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Black Desert Online\DGCefBrowser.exe [3450240 2017-03-02] (Kakao Games Europe B.V.)
HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [1269848 2017-02-28] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-08-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-08-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-08-25]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{4a369b14-d295-43fb-9e84-6df988d5c0ce}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4a369b14-d295-43fb-9e84-6df988d5c0ce}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{fea16690-f628-4ed7-8443-cb1b203c43bc}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-02-16] (LastPass)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-02-16] (LastPass)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-02-16] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-02-16] (LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ybzp7w2y.default
FF ProfilePath: C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default [2017-10-10]
FF Extension: (Test Pilot) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\@testpilot-addon.xpi [2017-10-05]
FF Extension: (MEGA) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\firefox@mega.co.nz.xpi [2017-10-06]
FF Extension: (Lazarus: Form Recovery) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\lazarus@interclue.com.xpi [2016-10-11]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\support@lastpass.com [2017-09-28]
FF Extension: (Suspend Tab) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\suspendtab@piro.sakura.ne.jp.xpi [2016-11-12]
FF Extension: (Wayback Machine) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\wayback_machine@mozilla.org.xpi [2017-02-28]
FF Extension: (Session Manager) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-09-14]
FF Extension: (Adblock Plus) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-01]
FF Extension: (Greasemonkey) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-10-07]
FF Extension: (YouTube Flash Video Player) - C:\Users\Eyob Melesse\AppData\Roaming\Mozilla\Firefox\Profiles\ybzp7w2y.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-10-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-13] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-02-16] (LastPass)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [No File]
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\Eyob Melesse\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-02-16] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)
FF Plugin HKU\S-1-5-21-1084774566-2120172311-3928770883-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-09-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll [2008-07-08] (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-12]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-21]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-21]
CHR Extension: (Session Manager) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-02-14]
CHR Extension: (iCloud) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2017-01-30]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-21]
CHR Extension: (Green Assistant) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bncccjepkagemgfhbeknoggaadchfcfb [2017-08-07]
CHR Extension: (Adblock Plus) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-08-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Pandora) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2017-01-30]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-12]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-31]
CHR Extension: (Music Player for Google Drive) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2017-01-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-01-30]
CHR Extension: (Matthew Bauer) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhficiigpnhhaojldmanflihieepanbb [2017-04-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-28]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-01-30]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2017-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (No Name) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Eyob Melesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1084774566-2120172311-3928770883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bncccjepkagemgfhbeknoggaadchfcfb] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-06-06] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-07-17] (Intel)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-09] (EasyAntiCheat Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-07-18] (Malwarebytes Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-14] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [542672 2016-05-10] (Intel Corporation)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77432 2017-07-18] ()
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2017-09-08] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-31] (REALiX™)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2017-03-18] (Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81736 2017-07-27] (Insecure.Com LLC.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (USBPcap)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [38368 2017-09-03] (Wellbia.com Co., Ltd.)
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-08 11:25 - 2017-10-08 11:25 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\Shadow of War
2017-10-08 09:53 - 2017-10-10 17:12 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\uTorrent
2017-10-08 09:53 - 2017-10-08 09:53 - 000000903 _____ C:\Users\Eyob Melesse\Desktop\µTorrent.lnk
2017-10-08 09:52 - 2017-10-08 09:52 - 002849376 _____ (BitTorrent Inc.) C:\Users\Eyob Melesse\Downloads\uTorrent.exe
2017-10-07 19:36 - 2017-10-07 19:36 - 000000000 ____D C:\Users\Eyob Melesse\Documents\League of Legends
2017-10-07 19:31 - 2017-10-07 19:31 - 000000741 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-10-07 19:31 - 2017-10-07 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-10-07 19:30 - 2017-10-07 19:30 - 000000000 ____D C:\Riot Games
2017-10-07 19:29 - 2017-10-07 19:29 - 091914528 _____ (Riot Games, Inc) C:\Users\Eyob Melesse\Downloads\League of Legends installer NA.exe
2017-10-04 17:21 - 2015-08-18 21:55 - 000001240 _____ C:\Users\Eyob Melesse\Desktop\LINES.8xp
2017-10-04 17:19 - 2017-10-04 17:19 - 000001371 _____ C:\Users\Eyob Melesse\Desktop\LINEINTERSECTIONS.zip
2017-10-04 17:17 - 2015-06-09 14:22 - 000000589 _____ C:\Users\Eyob Melesse\Desktop\QUAD.8xp
2017-10-04 17:15 - 2017-10-04 17:15 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\Quadratic Solver
2017-10-04 17:15 - 2016-11-24 13:32 - 000003346 _____ C:\Users\Eyob Melesse\Desktop\GEOMETRY.8xp
2017-10-04 17:15 - 2016-06-13 18:34 - 000000226 _____ C:\Users\Eyob Melesse\Desktop\MIDPOINT.8xp
2017-10-04 17:15 - 2016-02-18 19:26 - 000000278 _____ C:\Users\Eyob Melesse\Desktop\ASEC.8xp
2017-10-04 17:15 - 2016-02-07 18:02 - 000000963 _____ C:\Users\Eyob Melesse\Desktop\Readme.txt
2017-10-04 17:15 - 2016-02-07 17:52 - 000001326 _____ C:\Users\Eyob Melesse\Desktop\Right Triangle Solver v1.0.8xp
2017-10-04 17:15 - 2015-09-18 16:46 - 000000847 _____ C:\Users\Eyob Melesse\Desktop\Calc2 v1.0.8xp
2017-10-04 17:15 - 2015-05-07 06:32 - 000000274 _____ C:\Users\Eyob Melesse\Desktop\ARC84C.8xp
2017-10-04 17:14 - 2017-10-04 17:14 - 000001494 _____ C:\Users\Eyob Melesse\Desktop\RightTriangleSolver.zip
2017-10-04 17:14 - 2017-10-04 17:14 - 000000987 _____ C:\Users\Eyob Melesse\Desktop\QuadraticSolver.zip
2017-10-04 17:14 - 2017-10-04 17:14 - 000000752 _____ C:\Users\Eyob Melesse\Desktop\SectorArea.zip
2017-10-04 17:13 - 2017-10-04 17:13 - 000013986 _____ C:\Users\Eyob Melesse\Desktop\ARC84C.zip
2017-10-04 17:13 - 2017-10-04 17:13 - 000007386 _____ C:\Users\Eyob Melesse\Desktop\Geometry2.zip
2017-10-04 17:13 - 2017-10-04 17:13 - 000001801 _____ C:\Users\Eyob Melesse\Desktop\Calc2.zip
2017-10-04 17:12 - 2017-10-04 17:12 - 000000574 _____ C:\Users\Eyob Melesse\Desktop\MIDPOINT.zip
2017-10-04 17:08 - 2017-10-04 17:08 - 000001681 _____ C:\Users\Eyob Melesse\Downloads\CIRCLE.zip
2017-10-03 20:38 - 2017-10-03 20:38 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\Wireshark
2017-10-03 20:30 - 2017-10-03 20:30 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-10-03 20:23 - 2017-10-03 20:23 - 000000000 ____D C:\Program Files\USBPcap
2017-10-03 20:22 - 2017-10-03 20:30 - 000000000 ____D C:\Program Files\Wireshark
2017-10-03 20:21 - 2017-10-03 20:21 - 059132608 _____ (Wireshark development team) C:\Users\Eyob Melesse\Downloads\Wireshark-win64-2.4.1.exe
2017-10-03 19:48 - 2017-10-03 19:48 - 000097060 _____ C:\Users\Eyob Melesse\Desktop\Addition.txt
2017-10-03 19:47 - 2017-10-10 17:13 - 000032089 _____ C:\Users\Eyob Melesse\Desktop\FRST.txt
2017-10-03 19:47 - 2017-10-10 17:13 - 000000000 ____D C:\FRST
2017-10-03 19:42 - 2017-10-10 17:13 - 002401792 _____ (Farbar) C:\Users\Eyob Melesse\Desktop\FRST64.exe
2017-10-02 21:54 - 2017-10-02 21:55 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-02 21:54 - 2017-10-02 21:54 - 006654960 _____ (AVAST Software) C:\Users\Eyob Melesse\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2017-10-02 21:04 - 2017-10-02 21:17 - 000245616 _____ C:\WINDOWS\ntbtlog.txt
2017-10-02 21:04 - 2017-10-02 21:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-10-01 17:40 - 2017-10-03 19:47 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\Anki2
2017-09-30 10:53 - 2017-09-30 10:53 - 028953739 _____ C:\Users\Eyob Melesse\Downloads\anki-2.0.47.exe
2017-09-30 10:53 - 2017-09-30 10:53 - 000000788 _____ C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2017-09-30 10:53 - 2017-09-30 10:53 - 000000758 _____ C:\Users\Eyob Melesse\Desktop\Anki.lnk
2017-09-30 10:53 - 2017-09-30 10:53 - 000000000 ____D C:\Program Files (x86)\Anki
2017-09-28 15:45 - 2017-09-28 15:45 - 031641600 _____ C:\Users\Eyob Melesse\Downloads\EpicInstaller-6.3.0.msi
2017-09-28 15:40 - 2017-09-28 15:40 - 000000000 ___RD C:\Sandbox
2017-09-24 16:51 - 2017-09-24 16:51 - 000001500 _____ C:\Users\Eyob Melesse\Downloads\algebra2slover.zip
2017-09-24 14:20 - 2017-09-24 15:58 - 000001292 _____ C:\Users\Eyob Melesse\Desktop\nativelog.txt
2017-09-24 14:19 - 2017-09-24 14:19 - 014379150 _____ C:\Users\Eyob Melesse\Downloads\Wurst-Client-v6.12.1-MC1.12-OF.jar
2017-09-24 14:17 - 2017-09-24 14:18 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-09-24 14:17 - 2017-09-24 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-09-24 14:16 - 2017-09-24 14:16 - 002314240 _____ C:\Users\Eyob Melesse\Downloads\MinecraftInstaller.msi
2017-09-17 19:04 - 2017-09-17 19:04 - 000305173 _____ C:\Users\Eyob Melesse\Downloads\Macros-Effects-1.zip
2017-09-17 19:04 - 2017-09-17 19:04 - 000043396 _____ C:\Users\Eyob Melesse\Downloads\PUBG-Macros-3.zip
2017-09-17 18:43 - 2017-09-17 18:43 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Romaco_Canada
2017-09-17 18:39 - 2017-09-17 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Romaco Canada
2017-09-17 18:39 - 2017-09-17 18:39 - 000000000 ____D C:\Program Files (x86)\Romaco Canada
2017-09-17 18:38 - 2017-09-17 18:38 - 002564758 _____ (Romaco Canada) C:\Users\Eyob Melesse\Downloads\Romaco Timeout 3.1.4.0 Installer.exe
2017-09-17 18:36 - 2017-09-17 18:37 - 000000000 ____D C:\ProgramData\Cold Turkey
2017-09-17 18:36 - 2017-09-17 18:36 - 000000000 ____D C:\Program Files\WinPcap
2017-09-17 18:34 - 2017-09-17 18:34 - 008839536 _____ (Cold Turkey Software Inc. ) C:\Users\Eyob Melesse\Downloads\Cold_Turkey_Installer.exe
2017-09-17 18:29 - 2017-09-17 15:58 - 000001063 _____ C:\Users\Eyob Melesse\Desktop\Settings_v0.ini
2017-09-17 13:01 - 2017-09-17 01:21 - 000141561 _____ C:\Users\Eyob Melesse\Desktop\110AD00901001001.profjce
2017-09-16 20:28 - 2017-09-16 20:28 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\SteamCrack
2017-09-16 20:28 - 2017-09-16 20:28 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\cache
2017-09-16 01:11 - 2017-09-16 01:11 - 078071056 _____ (TeamSpeak Systems GmbH) C:\Users\Eyob Melesse\Downloads\TeamSpeak3-Client-win64-3.1.6.exe
2017-09-16 01:11 - 2017-09-16 01:11 - 000001305 _____ C:\Users\Eyob Melesse\Desktop\TeamSpeak 3 Client.lnk
2017-09-15 23:05 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-15 23:05 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-15 23:05 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-15 23:05 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-15 23:05 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-15 23:05 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-15 23:05 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-15 23:05 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-15 23:05 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-15 23:05 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-15 23:05 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-15 23:05 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-15 23:05 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-15 23:05 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-15 23:05 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-15 23:05 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-15 23:05 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-15 23:05 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-15 23:05 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-15 23:05 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-15 23:05 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-15 23:05 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-15 23:05 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-15 23:05 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-15 23:05 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-15 23:05 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-15 23:05 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-15 23:05 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-15 23:05 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-15 23:05 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-15 23:05 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-15 23:05 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-15 23:05 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-15 23:05 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-15 23:05 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-15 23:05 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-15 23:05 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-15 23:05 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-15 23:05 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-15 23:05 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-15 23:05 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-15 23:05 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-15 23:05 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-15 23:05 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-15 23:05 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-15 23:05 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-15 23:05 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-15 23:05 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-15 23:05 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-15 23:05 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-15 23:05 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-15 23:05 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-15 23:05 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-15 23:05 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-15 23:05 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-15 23:05 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-15 23:05 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-15 23:05 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-15 23:05 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-15 23:05 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-15 23:05 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-15 23:05 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-15 23:05 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-15 23:05 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-15 23:05 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-15 23:05 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-15 23:05 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-15 23:05 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-15 23:05 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-15 23:05 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-15 23:04 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-15 23:04 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-15 23:04 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-15 23:04 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-15 23:04 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-15 23:04 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-15 23:04 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-15 23:04 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-15 23:04 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-15 23:04 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-15 23:04 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-15 23:04 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-15 23:04 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-15 23:04 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-15 23:04 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-15 23:04 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-15 23:04 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-15 23:04 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-15 23:04 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-15 23:04 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-15 23:04 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-15 23:04 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-15 23:04 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-15 23:04 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-15 23:04 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-15 23:04 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-15 23:04 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-15 23:04 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-15 23:04 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-15 23:04 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-15 23:04 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-15 23:04 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-15 23:04 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-15 23:04 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-15 23:04 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-15 23:04 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-15 23:04 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-15 23:04 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-15 23:04 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-15 23:04 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-15 23:04 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-15 23:04 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-15 23:04 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-15 23:04 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-15 23:04 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-15 23:04 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-15 23:04 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-15 23:04 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-15 23:04 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-15 23:04 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-15 23:04 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-15 23:04 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-15 23:04 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-15 23:04 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-15 23:04 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-15 23:04 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-15 23:04 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-15 23:04 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-15 23:04 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-15 23:04 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-15 23:04 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-15 23:04 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-15 23:04 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-15 23:04 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-15 23:04 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-15 23:04 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-15 23:04 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-15 23:04 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-15 23:04 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-15 23:04 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-15 23:04 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-15 23:04 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-15 23:04 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-15 23:04 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-15 23:04 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-15 23:04 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-14 22:42 - 2017-09-14 22:42 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\EasyAntiCheat
2017-09-14 15:44 - 2017-10-06 15:44 - 000001688 _____ C:\WINDOWS\Sandboxie.ini
2017-09-14 15:43 - 2017-09-14 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-09-14 15:42 - 2017-09-14 15:42 - 008981640 _____ (Sandboxie Holdings, LLC) C:\Users\Eyob Melesse\Downloads\SandboxieInstall.exe
2017-09-14 15:42 - 2017-09-14 15:42 - 000000000 ____D C:\Program Files\Sandboxie
2017-09-14 15:41 - 2017-09-14 15:42 - 000141758 _____ C:\TDSSKiller.3.1.0.15_14.09.2017_15.41.09_log.txt
2017-09-14 15:40 - 2017-09-14 15:40 - 000000366 _____ C:\TDSSKiller.3.1.0.11_14.09.2017_15.40.46_log.txt
2017-09-13 14:58 - 2017-09-13 15:32 - 000146616 _____ C:\Users\Eyob Melesse\Downloads\dual-enrollment-application.pdf
2017-09-12 18:06 - 2017-09-12 18:06 - 000000000 ____D C:\Users\Eyob Melesse\Documents\Electronic Arts
2017-09-12 13:09 - 2017-09-12 13:09 - 000138430 _____ C:\Users\Eyob Melesse\Downloads\The.Sims.4.Deluxe.Edition.v1.25.136.1020.Incl.All.DLCs.&.Add-ons.MULTI17-Repack.torrent
2017-09-12 12:56 - 2017-09-12 12:56 - 000057892 _____ C:\Users\Eyob Melesse\Downloads\Dragon.Ball.Xenoverse.2-CODEX.torrent
2017-09-11 21:21 - 2017-09-11 21:21 - 001467904 _____ () C:\Users\Eyob Melesse\Downloads\Loadlibrayy.exe
2017-09-11 21:21 - 2017-09-11 21:21 - 000044032 _____ C:\Users\Eyob Melesse\Downloads\TslGame_BATTLEGROUNDS.dll
2017-09-11 21:21 - 2017-09-11 21:21 - 000020768 _____ C:\Users\Eyob Melesse\Downloads\System.Runtime.CompilerServices.Unsafe.dll
2017-09-11 21:21 - 2017-09-11 21:21 - 000007229 _____ C:\Users\Eyob Melesse\Downloads\System.Runtime.CompilerServices.Unsafe.xml
2017-09-11 21:20 - 2017-09-11 21:21 - 000108032 _____ C:\Users\Eyob Melesse\Downloads\Loadlibrayy.pdb
2017-09-11 21:20 - 2017-09-11 21:20 - 000000186 _____ C:\Users\Eyob Melesse\Downloads\Loadlibrayy.exe.config
2017-09-10 19:34 - 2017-09-10 19:53 - 001112398 _____ C:\TDSSKiller.3.1.0.15_10.09.2017_19.34.01_log.txt
2017-09-10 19:31 - 2017-09-10 19:31 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-09-10 19:27 - 2017-09-10 19:31 - 000283528 _____ C:\TDSSKiller.3.1.0.15_10.09.2017_19.27.09_log.txt
2017-09-10 19:27 - 2017-09-10 19:27 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Eyob Melesse\Downloads\tdsskiller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 16:52 - 2017-06-03 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-10 16:49 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-10 16:49 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-10 14:24 - 2016-08-20 19:26 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Adobe
2017-10-10 14:23 - 2017-06-03 16:39 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-10 14:21 - 2017-05-20 15:22 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\Spotify
2017-10-10 14:20 - 2017-05-20 15:23 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Spotify
2017-10-08 18:35 - 2016-08-21 13:18 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\CrashDumps
2017-10-08 18:34 - 2017-09-02 20:29 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\Soundboard
2017-10-08 11:45 - 2016-08-21 02:42 - 000000000 ____D C:\Users\Eyob Melesse\Documents\ShareX
2017-10-08 11:36 - 2016-08-21 02:39 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-08 09:53 - 2017-06-07 14:36 - 000000000 ____D C:\Users\Eyob Melesse\AppData\LocalLow\uTorrent
2017-10-07 21:33 - 2016-11-18 03:24 - 000000000 ____D C:\Users\Eyob Melesse\AppData\LocalLow\Mozilla
2017-10-07 20:11 - 2017-07-31 23:57 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-10-04 18:54 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-04 14:14 - 2016-08-24 19:45 - 000000000 ____D C:\Users\Eyob Melesse\Documents\Games
2017-10-02 21:43 - 2016-09-03 16:24 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-02 21:39 - 2016-09-03 21:56 - 000000000 ____D C:\AdwCleaner
2017-10-02 21:25 - 2017-06-03 16:53 - 001664528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-02 21:20 - 2017-05-28 18:39 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-10-02 21:18 - 2017-06-03 16:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-02 21:03 - 2017-03-18 07:40 - 114032640 _____ C:\WINDOWS\system32\config\BBI
2017-10-02 19:10 - 2017-08-13 17:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-02 19:10 - 2016-08-21 11:46 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\discord
2017-10-02 19:10 - 2016-08-21 02:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-02 19:07 - 2017-05-28 18:40 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Battle.net
2017-09-29 13:33 - 2016-08-21 02:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-27 20:18 - 2016-08-21 01:46 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Packages
2017-09-24 15:58 - 2016-08-21 02:42 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\.minecraft
2017-09-22 23:40 - 2017-07-26 21:33 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1084774566-2120172311-3928770883-1001
2017-09-22 23:40 - 2016-08-21 01:49 - 000002388 _____ C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-22 23:40 - 2016-08-21 01:49 - 000000000 ___RD C:\Users\Eyob Melesse\OneDrive
2017-09-19 05:02 - 2016-08-21 20:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-17 19:59 - 2017-07-19 04:15 - 000000000 ____D C:\Program Files (x86)\Black Desert Online
2017-09-17 18:38 - 2016-10-07 13:11 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\Downloaded Installations
2017-09-17 13:03 - 2016-08-21 11:48 - 000773672 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-09-16 19:40 - 2017-06-03 16:41 - 000000000 ____D C:\Users\Eyob Melesse
2017-09-16 19:24 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-16 19:10 - 2016-08-21 01:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-16 19:09 - 2017-06-03 16:37 - 000390736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-16 19:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-16 19:06 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-16 19:06 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-16 19:06 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-16 01:13 - 2016-08-21 12:42 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Roaming\TS3Client
2017-09-16 01:12 - 2017-06-05 00:46 - 000000324 _____ C:\Users\Eyob Melesse\Documents\ClownfishVoiceChanger.ini
2017-09-16 01:12 - 2017-06-05 00:45 - 000000000 ____D C:\Program Files (x86)\ClownfishVoiceChanger
2017-09-16 01:11 - 2016-08-21 11:44 - 000001263 _____ C:\Users\Eyob Melesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-09-16 01:11 - 2016-08-21 11:44 - 000000000 ____D C:\Users\Eyob Melesse\AppData\Local\TeamSpeak 3 Client
2017-09-15 23:11 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-15 17:26 - 2017-05-28 18:42 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-14 15:55 - 2016-09-04 08:36 - 000000000 ____D C:\Users\Eyob Melesse\Desktop\MalwareRemoval
2017-09-13 22:08 - 2016-08-20 17:37 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-09-13 19:53 - 2016-08-21 05:02 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 19:53 - 2016-08-21 05:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-11 22:25 - 2017-09-04 02:17 - 000046400 _____ (CPUID) C:\WINDOWS\system32\Drivers\cpuz141.sys
2017-09-10 17:16 - 2016-09-03 00:51 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

==================== Files in the root of some directories =======

2017-02-16 23:02 - 2017-02-16 23:03 - 022803992 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-05-11 18:48 - 2017-05-11 18:49 - 000000240 _____ () C:\Users\Eyob Melesse\AppData\Roaming\My Profile.xml
2017-02-18 22:14 - 2017-02-18 22:27 - 000000600 _____ () C:\Users\Eyob Melesse\AppData\Local\PUTTY.RND
2017-07-31 23:04 - 2017-08-11 03:39 - 000007595 _____ () C:\Users\Eyob Melesse\AppData\Local\Resmon.ResmonCfg
2017-01-16 23:02 - 2016-11-23 09:37 - 000000570 _____ () C:\Users\Eyob Melesse\AppData\Local\TroubleshooterConfig.json
2017-03-08 17:02 - 2017-03-08 18:06 - 000000178 _____ () C:\Users\Eyob Melesse\AppData\Local\uts.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2017-10-10 17:04

==================== End of FRST.txt ============================



#4 lemote

lemote
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 10 October 2017 - 04:18 PM

Also, I do have my original Windows installation disk!



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:07 AM

Posted 11 October 2017 - 09:44 AM

Greetings lemote and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ckfiles.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:07 AM

Posted 14 October 2017 - 07:29 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:07 AM

Posted 16 October 2017 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users