Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on my PC is not letting me enter safe mode, reset pc, or download update


  • This topic is locked This topic is locked
15 replies to this topic

#1 trebor2828

trebor2828

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 10 March 2018 - 05:05 AM

A few months ago my pc starting acting up after downloading a game. Ever since then I'm not able to download any new updates, this includes drivers for new hardware. It will not allow me to boot in safe mode. I can't enter advanced boot options. Help!



BC AdBot (Login to Remove)

 


#2 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 10 March 2018 - 10:12 PM

Hello,

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. Please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

To start out with, could you please follow the instructions in step 6 of this thread, and then copy and paste the logs that FRST generates into this thread?

Sincerely,
Sasschary



#3 trebor2828

trebor2828
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 11 March 2018 - 05:11 AM

This is the copy of the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.03.2018
Ran by Trebor (administrator) on TREBOR (11-03-2018 05:07:34)
Running from C:\Users\Trebor\Downloads
Loaded Profiles: Trebor (Available Profiles: Trebor)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\mshgmcrsrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Discord Inc.) C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Discord Inc.) C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes) C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Trebor\AppData\Local\unilwph\unilwph.exe
() C:\Users\Trebor\AppData\Local\unilwph\wmicrsx.exe
() C:\Users\Trebor\AppData\Local\unilwph\wmicrsx.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(BitTorrent Inc.) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Trebor\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(BitTorrent Inc.) C:\Users\Trebor\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Users\Trebor\AppData\Local\unilwph\wmicrsx.exe
() C:\Users\Trebor\AppData\Local\unilwph\wmicrsx.exe
(Microsoft Corporation) C:\Program Files\rempl\remsh.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.724_none_9e8a868b2d8a538d\TiWorker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Trebor\AppData\Local\unilwph\wmicrsx.exe
() C:\Users\Trebor\AppData\Local\unilwph\wmicrsx.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-23] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [MyComGames] => C:\Users\Trebor\AppData\Local\MyComGames\MyComGames.exe [6086544 2017-12-15] (MY.COM B.V.)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Discord] => C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Spotify] => C:\Users\Trebor\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-07] (Spotify Ltd)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Spotify Web Helper] => C:\Users\Trebor\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-07] (Spotify Ltd)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [uTorrent] => C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe [2148024 2018-03-10] (BitTorrent Inc.)
Startup: C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-06-23] ()
Startup: C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frantic.jar [2017-10-07] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll => No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0343dcae-6a9d-11e7-b606-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1ca96965-5dd1-490a-9ed9-fbcf1c4b6b91}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2efa6445-8a53-496f-a026-dfa0071f558c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2efa6445-8a53-496f-a026-dfa0071f558c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3142acad-21fb-4075-afa0-46357a211af1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b2c85dfb-dc46-45ad-9d36-d162c06f6fc5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c3c5d389-a623-42ce-936d-70c82f1b9f4d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c3c5d389-a623-42ce-936d-70c82f1b9f4d}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-3035021999-202699363-1705453404-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3035021999-202699363-1705453404-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-31] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-31] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3035021999-202699363-1705453404-1002: @my.com/Games -> C:\Users\Trebor\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
FF Plugin HKU\S-1-5-21-3035021999-202699363-1705453404-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://google.com/"
CHR Profile: C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default [2018-03-11]
CHR Extension: (Google Drive) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (YouTube) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Adblock Plus) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
CHR Extension: (Abstract Blue) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2016-06-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\hzcgu <==== ATTENTION (Rootkit!)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-17] ()
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-07] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 ClickToRunSvc; "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"
S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
S2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" [X]
S2 VMnetDHCP; C:\WINDOWS\SysWOW64\vmnetdhcp.exe [X]
S2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [X]
S2 VMware NAT Service; C:\WINDOWS\SysWOW64\vmnat.exe [X]
S3 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml"
S2 WinTabService; "C:\WINDOWS\System32\Drivers\WTSRV.EXE" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 AtiDCM; C:\AMD\Radeon-Software-Adrenalin-18.2.2-MinimalSetup-180212_web\Bin64\atdcm64a.sys [51104 2016-07-11] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-26] (C-MEDIA)
S3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [123384 2016-03-03] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-25] (Malwarebytes)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R1 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S2 hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys [X]
S3 PTSimBus; \SystemRoot\System32\drivers\PTSimBus.sys [X]
S0 vmci; System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [X]
S2 vmx86; \??\C:\WINDOWS\system32\drivers\vmx86.sys [X]
S0 vsock; system32\drivers\vsock.sys [X]
S2 vstor2-mntapi20-shared; SysWOW64\drivers\vstor2-mntapi20-shared.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-11 05:07 - 2018-03-11 05:08 - 000022869 _____ C:\Users\Trebor\Downloads\FRST.txt
2018-03-11 05:07 - 2018-03-11 05:07 - 000000000 ____D C:\FRST
2018-03-11 05:06 - 2018-03-11 05:06 - 002403328 _____ (Farbar) C:\Users\Trebor\Downloads\FRST64.exe
2018-03-11 05:06 - 2018-03-11 05:06 - 001763328 _____ (Farbar) C:\Users\Trebor\Downloads\FRST.exe
2018-03-10 04:54 - 2018-03-10 04:56 - 000000000 ____D C:\Users\Trebor\Downloads\Windows 10 Pro v.1511 En-us x64 July2016 Pre-Activated-=TEAM OS=-
2018-03-10 04:53 - 2018-03-10 04:53 - 003114288 _____ (BitTorrent Inc.) C:\Users\Trebor\Downloads\uTorrent (2).exe
2018-03-10 04:41 - 2018-03-10 04:41 - 000115536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atampswz.sys
2018-03-09 22:35 - 2018-02-18 06:32 - 000026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-03-09 22:35 - 2018-02-18 05:56 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-03-09 22:35 - 2018-02-18 05:54 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-03-09 22:35 - 2018-02-18 05:49 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-09 22:35 - 2018-02-18 05:49 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-03-09 22:35 - 2018-02-18 05:49 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-03-09 22:35 - 2018-02-18 05:48 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-09 22:35 - 2018-02-18 05:48 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-03-09 22:35 - 2018-02-18 05:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-03-09 22:35 - 2018-02-18 05:47 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-03-09 22:35 - 2018-02-18 05:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-03-09 22:35 - 2018-02-18 05:46 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-09 22:35 - 2018-02-18 05:45 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2018-03-09 22:35 - 2018-02-18 05:44 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-09 22:35 - 2018-02-18 05:41 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-03-09 22:35 - 2018-02-18 05:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-09 22:35 - 2018-02-18 05:39 - 002449920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-03-09 22:35 - 2018-02-18 05:38 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-03-09 22:35 - 2018-02-18 05:36 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-03-09 22:35 - 2018-02-09 23:35 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-03-09 22:35 - 2018-02-09 23:30 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-03-09 06:37 - 2018-03-09 06:37 - 001861696 _____ (Oracle Corporation) C:\Users\Trebor\Downloads\JavaSetup8u161.exe
2018-03-09 06:35 - 2018-03-09 06:35 - 002235770 _____ C:\Users\Trebor\Downloads\Patch.txt
2018-03-09 06:34 - 2018-03-09 06:34 - 000000221 _____ C:\Users\Trebor\Desktop\Borderlands 2.url
2018-03-09 06:32 - 2018-03-09 06:32 - 000000040 _____ C:\Users\Trebor\Downloads\FilterTool.options
2018-03-09 06:31 - 2018-03-09 06:32 - 013310286 _____ C:\Users\Trebor\Downloads\FilterTool.jar
2018-03-07 22:12 - 2018-03-07 22:12 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech (3).exe
2018-03-07 21:51 - 2018-03-07 21:51 - 000000000 ____D C:\Users\Trebor\Documents\FeedbackHub
2018-03-07 21:49 - 2018-03-07 21:49 - 000000000 ____D C:\Users\Trebor\AppData\Local\ElevatedDiagnostics
2018-03-07 21:40 - 2018-03-07 21:40 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech (2).exe
2018-03-07 21:22 - 2018-03-07 21:22 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech (1).exe
2018-03-07 18:50 - 2018-03-07 18:50 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-06 16:09 - 2018-03-10 04:38 - 000000000 ____D C:\ProgramData\LogiShrd
2018-03-06 16:07 - 2018-03-06 16:08 - 000000000 ____D C:\Users\Trebor\AppData\Local\Logitech
2018-03-06 16:00 - 2018-03-10 04:39 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2018-03-06 15:53 - 2018-03-06 15:53 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech.exe
2018-03-06 15:53 - 2018-03-06 15:53 - 005020280 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\G910Update_92.3.22.exe
2018-03-06 15:53 - 2018-03-06 15:53 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Logitech
2018-03-06 15:53 - 2018-03-06 15:53 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Logishrd
2018-03-06 00:50 - 2018-03-11 04:39 - 000000802 _____ C:\Users\Trebor\Desktop\Windows 10 Update Assistant.lnk
2018-03-06 00:44 - 2018-03-06 00:44 - 005160120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-03 01:12 - 2018-03-03 01:12 - 005603499 _____ (UserBenchmark.com) C:\Users\Trebor\Downloads\UserBenchMark.exe
2018-03-02 01:49 - 2018-03-02 01:49 - 000001198 _____ C:\Users\Trebor\Documents\cc_20180302_004913.reg
2018-03-02 01:47 - 2018-03-02 01:47 - 000022810 _____ C:\Users\Trebor\Documents\cc_20180302_004756.reg
2018-03-02 01:45 - 2018-03-02 01:45 - 000408500 _____ C:\Users\Trebor\Documents\cc_20180302_004527.reg
2018-03-02 01:37 - 2018-03-02 01:37 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-02 01:37 - 2018-03-02 01:37 - 000002854 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-03-02 01:37 - 2018-03-02 01:37 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-02 01:37 - 2018-03-02 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-02 01:37 - 2018-03-02 01:37 - 000000000 ____D C:\Program Files\CCleaner
2018-03-02 01:36 - 2018-03-02 01:36 - 011217568 _____ (Piriform Ltd) C:\Users\Trebor\Downloads\ccsetup540.exe
2018-02-28 01:57 - 2018-03-06 04:26 - 000047096 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2018-02-28 01:56 - 2018-02-28 18:18 - 000000000 ____D C:\Users\Trebor\Documents\Black Desert
2018-02-27 04:39 - 2018-03-06 04:43 - 000000000 ____D C:\Program Files (x86)\Black Desert Online
2018-02-27 04:39 - 2018-02-28 16:30 - 000000000 ____D C:\Users\Trebor\AppData\Local\BlackDesertOnline
2018-02-27 04:39 - 2018-02-27 04:39 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Online.lnk
2018-02-27 04:39 - 2018-02-27 04:39 - 000002080 _____ C:\Users\Public\Desktop\Black Desert Online.lnk
2018-02-27 04:39 - 2018-02-27 04:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert Online
2018-02-27 04:37 - 2018-02-27 04:38 - 051930432 _____ (Kakao Games Europe B.V.) C:\Users\Trebor\Downloads\BlackDesertOnlineSetup_20170726_1022.exe
2018-02-27 04:16 - 2018-02-27 04:16 - 004182688 _____ (Husdawg, LLC) C:\Users\Trebor\Downloads\Detection (1).exe
2018-02-26 01:18 - 2018-02-26 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2018-02-26 01:13 - 2018-02-26 01:14 - 316554208 _____ (AMD Inc.) C:\Users\Trebor\Downloads\whql-win10-catalyst-15.7.1-oct30.exe
2018-02-26 01:01 - 2018-02-26 01:01 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-02-26 01:01 - 2018-02-26 01:01 - 000003074 _____ C:\WINDOWS\System32\Tasks\StartDVR
2018-02-26 01:01 - 2018-02-26 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-02-26 00:57 - 2018-02-26 00:57 - 000000000 ____D C:\Users\Trebor\AppData\LocalLow\AMD
2018-02-25 06:01 - 2018-02-25 06:02 - 015328616 _____ (Microsoft Corporation) C:\Users\Trebor\Downloads\VC_redist.x64.exe
2018-02-25 05:41 - 2018-02-25 05:56 - 000000000 ____D C:\ProgramData\iolo
2018-02-25 05:41 - 2018-02-25 05:41 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-25 05:41 - 2018-02-25 05:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-25 05:41 - 2017-11-01 09:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-25 05:40 - 2018-02-25 05:40 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Trebor\Downloads\mbar-1.10.3.1001 (2).exe
2018-02-25 05:32 - 2018-02-25 05:32 - 000000000 ____D C:\Users\Trebor\Documents\Visual Studio 2012
2018-02-25 04:58 - 2018-02-25 04:58 - 018617536 _____ (Microsoft Corporation) C:\Users\Trebor\Downloads\MediaCreationTool.exe
2018-02-25 04:58 - 2018-02-25 04:58 - 000000000 ___HD C:\$Windows.~WS
2018-02-25 04:58 - 2018-02-25 04:58 - 000000000 ____D C:\$WINDOWS.~BT
2018-02-25 01:37 - 2018-02-25 01:37 - 012522300 _____ C:\Users\Trebor\Downloads\NA1-2726494975.rofl
2018-02-23 23:30 - 2018-03-11 04:39 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-02-23 23:30 - 2018-03-11 04:39 - 000000000 ____D C:\Windows10Upgrade
2018-02-19 22:05 - 2018-02-19 22:05 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2018-02-19 22:05 - 2018-02-19 22:05 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2018-02-18 01:28 - 2018-02-18 01:28 - 000257536 _____ C:\Users\Trebor\Downloads\50_lashes.aaf
2018-02-17 19:52 - 2018-02-17 19:52 - 000000000 ____D C:\ProgramData\LHService
2018-02-17 19:50 - 2018-02-17 19:50 - 000000000 ____D C:\ProgramData\LockHunter
2018-02-17 19:48 - 2018-02-17 19:48 - 003133480 _____ (Crystal Rich Ltd ) C:\Users\Trebor\Downloads\lockhuntersetup_3-2-3.exe
2018-02-17 19:48 - 2018-02-17 19:48 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\LockHunter
2018-02-17 19:48 - 2018-02-17 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-02-17 19:48 - 2018-02-17 19:48 - 000000000 ____D C:\Program Files\LockHunter
2018-02-17 19:45 - 2018-02-17 19:46 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Trebor\Downloads\Itunes.com
2018-02-17 19:30 - 2018-02-17 19:30 - 041044912 _____ (AMD Inc.) C:\Users\Trebor\Downloads\radeon-software-adrenalin-18.2.2-minimalsetup-180212_web (1).exe
2018-02-17 19:29 - 2018-02-17 19:30 - 209077904 _____ (AMD Inc.) C:\Users\Trebor\Downloads\non-whql-win10-32bit-radeon-software-crimson-relive-16.2.1-sep20.exe
2018-02-17 19:14 - 2018-02-17 19:14 - 041044912 _____ (AMD Inc.) C:\Users\Trebor\Downloads\radeon-software-adrenalin-18.2.2-minimalsetup-180212_web.exe
2018-02-17 19:14 - 2018-02-17 19:14 - 000000000 ____D C:\Users\Trebor\AppData\Local\RadeonInstaller
2018-02-16 18:08 - 2018-01-18 02:05 - 000108584 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-02-15 22:48 - 2018-02-15 22:48 - 000000000 _____ C:\Users\Trebor\Desktop\OU Gold Week 4 notes.txt
2018-02-11 23:27 - 2018-02-11 23:27 - 000000804 _____ C:\Users\Trebor\Desktop\OU Info.txt
2018-02-11 04:06 - 2018-02-28 19:14 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\PlaysTV
2018-02-11 04:06 - 2018-02-11 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2018-02-10 20:15 - 2018-02-10 20:16 - 116708576 _____ C:\Users\Trebor\Downloads\playstv-1.27.5-r125535-release.exe
2018-02-10 20:13 - 2018-02-10 20:13 - 000077504 _____ C:\Users\Trebor\Downloads\playstv_installer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-11 05:09 - 2017-10-13 19:31 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\uTorrent
2018-03-11 05:05 - 2017-07-16 21:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-11 03:00 - 2016-03-24 12:09 - 000000000 ____D C:\Users\Trebor\AppData\Local\Adobe
2018-03-11 01:00 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2018-03-10 22:30 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-10 13:34 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-10 13:34 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-10 07:04 - 2017-11-26 16:33 - 000000000 ____D C:\Users\Trebor\AppData\LocalLow\uTorrent
2018-03-10 05:41 - 2017-09-14 04:40 - 000000000 ____D C:\Users\Trebor\AppData\Local\unilwph
2018-03-10 04:49 - 2017-07-16 21:11 - 010403964 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-10 04:48 - 2017-07-16 21:12 - 000000000 ____D C:\Users\Trebor
2018-03-10 04:43 - 2017-09-14 15:39 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2018-03-10 04:43 - 2017-07-16 21:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-10 04:43 - 2016-09-12 02:48 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-03-10 04:43 - 2013-12-15 00:38 - 000000025 ___SH C:\WINDOWS\SysWOW64\ReadTag.ini
2018-03-10 04:42 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-10 04:41 - 2017-07-16 21:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-10 04:41 - 2017-03-18 06:40 - 020709376 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-10 04:40 - 2017-08-13 00:01 - 000000000 ____D C:\Users\Trebor\AppData\Local\SKIDROW
2018-03-10 04:40 - 2017-08-13 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2018-03-10 04:40 - 2017-08-12 23:53 - 000000000 ____D C:\Program Files (x86)\R.G. Mechanics
2018-03-10 04:40 - 2016-03-29 00:43 - 000000000 ____D C:\Users\Trebor\Documents\My Games
2018-03-10 04:32 - 2016-03-24 12:12 - 000000000 ____D C:\Users\Trebor\AppData\Local\Spotify
2018-03-10 04:27 - 2016-03-24 12:12 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Spotify
2018-03-10 04:22 - 2016-03-24 12:12 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-10 04:21 - 2016-05-28 21:40 - 000000000 ____D C:\Users\Trebor\AppData\Local\Battle.net
2018-03-09 06:30 - 2016-05-28 21:40 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-03-09 00:58 - 2016-05-30 16:50 - 000000045 _____ C:\Users\Trebor\jagex_cl_oldschool_LIVE.dat
2018-03-09 00:01 - 2018-01-12 15:06 - 000000000 ____D C:\Program Files\rempl
2018-03-08 06:19 - 2016-05-28 21:38 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-07 18:43 - 2017-02-11 11:03 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\discord
2018-03-02 01:43 - 2016-07-03 22:48 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Ventrilo
2018-03-02 01:41 - 2018-01-08 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-03-02 01:41 - 2017-09-14 05:37 - 000000000 ____D C:\Users\Trebor\Desktop\Text Files
2018-03-02 01:41 - 2017-09-14 04:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-02 01:41 - 2017-07-07 07:15 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-02 01:41 - 2016-07-13 01:50 - 000000000 ____D C:\Users\Trebor\Desktop\Games
2018-03-02 01:28 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-02 01:15 - 2017-12-28 01:07 - 000000044 _____ C:\Users\Trebor\Desktop\New accounts.txt
2018-02-28 19:14 - 2017-07-25 16:47 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\audacity
2018-02-27 04:39 - 2013-12-13 05:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-27 00:45 - 2017-07-16 21:44 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-26 04:35 - 2016-08-07 23:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 01:25 - 2016-05-29 12:37 - 000000000 ____D C:\AMD
2018-02-26 01:18 - 2017-07-16 21:10 - 000000000 ____D C:\Program Files\AMD
2018-02-26 01:17 - 2017-07-16 21:11 - 000000000 ____D C:\Program Files (x86)\AMD
2018-02-25 07:09 - 2017-07-16 21:10 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-25 05:52 - 2017-12-04 02:35 - 000000000 ____D C:\Users\Trebor\Desktop\Adobe Premiere Pro Auto-Save
2018-02-25 05:46 - 2017-09-14 06:28 - 000000000 ____D C:\AdwCleaner
2018-02-25 05:41 - 2017-12-22 00:46 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-25 05:41 - 2017-10-08 21:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-23 18:48 - 2017-10-18 18:30 - 000000000 ____D C:\Users\Trebor\AppData\Local\UnrealEngine
2018-02-22 23:01 - 2016-03-24 12:09 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-22 23:01 - 2016-03-24 12:09 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-20 05:29 - 2017-02-15 09:32 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\obs-studio
2018-02-17 19:17 - 2016-08-28 17:59 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-17 19:11 - 2016-12-11 20:33 - 000000000 ____D C:\Program Files (x86)\Diablo II
2018-02-17 19:10 - 2017-11-01 23:11 - 000003640 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-17 19:09 - 2016-08-02 01:39 - 000000000 ____D C:\GOG Games
2018-02-17 19:09 - 2016-06-23 09:46 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-02-17 14:53 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2018-02-14 01:29 - 2016-03-28 05:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 01:26 - 2017-10-11 10:09 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 01:26 - 2016-03-28 05:52 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-11 04:06 - 2016-08-28 18:00 - 000000000 ____D C:\Program Files (x86)\Raptr Inc
 
==================== Files in the root of some directories =======
 
2017-10-17 01:49 - 2017-10-17 01:50 - 000000034 _____ () C:\Users\Trebor\jagex_runescape_preferences.dat
2016-06-01 01:12 - 2016-06-01 01:12 - 000000034 ____H () C:\Users\Trebor\system32log.dat
2017-10-07 17:39 - 2017-10-07 17:39 - 000000030 _____ () C:\Users\Trebor\AppData\Roaming\.runescape_cache.dat
2017-05-12 13:08 - 2017-05-12 13:08 - 325407814 _____ () C:\Users\Trebor\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-05-12 13:08 - 2017-05-12 13:08 - 000003630 _____ () C:\Users\Trebor\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd
2016-03-24 11:59 - 2016-06-29 02:42 - 000063428 _____ () C:\Users\Trebor\AppData\Local\BTServer.log
 
Some files in TEMP:
====================
2018-03-06 04:26 - 2018-03-06 04:26 - 000000045 _____ () C:\Users\Trebor\AppData\Local\Temp\5b8820cfcb94b32e98455a955d292f21.dll
2018-03-06 04:25 - 2018-03-06 04:25 - 000000180 _____ () C:\Users\Trebor\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-03 00:54
 
==================== End of FRST.txt ============================


#4 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 11 March 2018 - 10:29 AM

Hi, trebor28282,

 

FRST should also have generated a file called Addition.txt. Could you please post that, too?

 

Sasschary



#5 trebor2828

trebor2828
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 12 March 2018 - 05:05 AM

This is Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.03.2018
Ran by Trebor (11-03-2018 05:09:40)
Running from C:\Users\Trebor\Downloads
Windows 10 Home Version 1703 15063.786 (X64) (2017-07-17 02:55:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3035021999-202699363-1705453404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3035021999-202699363-1705453404-503 - Limited - Disabled)
Guest (S-1-5-21-3035021999-202699363-1705453404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3035021999-202699363-1705453404-1004 - Limited - Enabled)
Trebor (S-1-5-21-3035021999-202699363-1705453404-1002 - Administrator - Enabled) => C:\Users\Trebor
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{06BBCA29-E177-44BB-901E-BA318CF064FD}) (Version: 20.15.6362.54439 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.15.6362.54439 - Alcor Micro Corp.)
AMD Catalyst Install Manager (HKLM\...\{257BDED4-E0CC-0F32-CDEB-2960FCB9DE51}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.07 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.00.05 - ASUSTeK Computer Inc.)
ASUS Manager - Recovery (HKLM-x32\...\{CF4A14CB-C4CB-4241-B659-7C58517515CF}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.01.03 - ASUSTeK Computer Inc.)
ASUS Manager - USB Lock (HKLM-x32\...\{1931C916-6CB8-4E4D-8561-EA20C426AE19}) (Version: 2.00.10 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.05.03 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM\...\{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG) Hidden
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 0.0.1845494127.36512880 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
Blend for Visual Studio 2012 (HKLM-x32\...\{57F20F04-014D-453F-B6A3-AE9485C4DFAB}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (HKLM-x32\...\{532DBCC8-9468-435C-AEF6-30B7F50735A2}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4428 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Discord (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Discord) (Version: 0.0.300 - Discord Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{372D17F6-A54E-4A01-B264-1314890FFE61}) (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{818FF838-5FCD-4FCB-AE39-4F725EBCE2A1}) (Version: 1.1.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Galería de fotos (HKLM-x32\...\{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Ghost Mouse Auto Clicker 4.0.1 (HKLM-x32\...\{62D023F4-CFDF-4E49-9DAA-52DFF37E6C73}_is1) (Version:  - AMAC Ltd.)
Google Chrome (HKLM-x32\...\{8B441F7D-FAE4-3F66-BB1D-430B2F76423B}) (Version: 64.0.3282.186 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.2.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HydraVision (HKLM-x32\...\{EF87D495-F5A0-2C40-ECFA-6D6D1C992A74}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LocalESPC (HKLM-x32\...\{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}) (Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}) (Version: 8.59.25584 - Microsoft) Hidden
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker 2017 Premium Update (HKLM\...\{CE069D82-AEA1-460B-A695-BBB2622466E6}) (Version: 24.0.2.46 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (HKLM\...\{7C0E97DB-B7FF-4248-BA47-4718D1D104A6}) (Version: 24.0.1.34 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (HKLM-x32\...\MX.{7C0E97DB-B7FF-4248-BA47-4718D1D104A6}) (Version: 24.0.1.34 - MAGIX Software GmbH)
MAGIX Music Maker Trial Live Pads (HKLM\...\{DFE0E43F-300E-42DA-B937-BF3AA9D298B9}) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Trial Soundpools (HKLM\...\{8AFD5CCB-BA23-4EDE-8F9B-943DAF52A9EB}) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM\...\{EFFCCA53-B476-44A7-A34F-40FCD0B1DCD6}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{EFFCCA53-B476-44A7-A34F-40FCD0B1DCD6}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{F25C8769-16B6-4B19-BB0B-76F213829AC6}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\MyComGames) (Version: 3.183 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.52.1903.1 - Hi-Rez Studios)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.5-r125535-release - Plays.tv, LLC)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}) (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7035 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - REALTEK Semiconductor Corp.)
Remote Desktop assistant (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\b948d155e8353e01) (Version: 1.0.0.102 - Remote Desktop assistant)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.16.3600.1 - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{BF492E7F-BD3F-4F33-932A-1DD0891968B0}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{E1D7CB46-BAE9-4D58-99C4-582332B1755A}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-6) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (HKLM-x32\...\{0BCC836F-0B28-4090-B58A-64883BAA3B2F}) (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (HKLM-x32\...\{148878BD-A2A5-4CF1-A103-2BA632F41953}) (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3035021999-202699363-1705453404-1002_Classes\CLSID\{d5f8c80f-c82d-4929-82d9-92ed10270df4}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0761E8EA-DDA9-4BF9-8B99-56F6CC57E0A6} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-09-18] (ASUSTeK Computer Inc.)
Task: {0769C5D7-97A3-4412-81FB-0AD09BB3FFBF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {09F98701-53E7-4BA7-AC9F-FDE679F6A909} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {10C39FE7-2460-4BD5-919D-C0861C727107} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11E09520-2EA4-4F8C-8FFD-D4F14EE35A97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-24] (Google Inc.)
Task: {1892BDCA-D74D-4112-A8E2-AA44845AB3D7} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1C361899-6F63-4CE8-94BF-6B003D4048BB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1E4D9AAD-914F-485D-8E02-4CEA76ADB38C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {265655C7-A475-4760-B25B-4D4A87EC32CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {32F4621B-FDEC-475B-A394-758F8584F580} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {412B0BBD-21CF-4CB1-A2BD-B2F04BED165F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {41925B9A-AD5B-4896-81D5-F455DEAA2C01} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {48E02540-72D9-4EE7-8D7B-4829B4A81AE9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4CB6CECC-E6E5-4116-8DEB-6766AA98F2B6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {50E5DB14-0D77-4464-B34E-3FCA47C96388} - System32\Tasks\{1B4EBCAB-F3EA-42EF-B166-AAE10A264118} => C:\WINDOWS\system32\pcalua.exe -a K:\PLAYD2.EXE -d K:\
Task: {551D10B6-D3E7-499B-A47A-EE7F4CFDAB6B} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2013-08-05] (ASUSTeK)
Task: {72775D6C-4706-40AC-819C-7EE819E45ABB} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {7331B020-DA05-4CC1-AA93-5B75DE6F577A} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {7A12F95F-7FCF-4587-8E09-11F8FCA4E29A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7CD79B27-F032-4AAF-9CF3-CE01ACDBA815} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-24] (Google Inc.)
Task: {85AD9B80-322A-4D07-BD3C-BB49A8EFF5D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {889F0537-183F-45B5-914F-AC911F0767A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {94809588-318F-44C5-92C4-82550B77B633} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {9BD5D8AC-833E-452D-8F97-512BD3C11358} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-treborharmon@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {9C5BC3B3-BC25-4263-8880-BE6BA1C78A24} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-08-08] ()
Task: {A1E58EB4-0670-47A0-87A3-A9D371611E17} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-02-19] (Advanced Micro Devices, Inc.)
Task: {A77D7EEA-B85A-4DD0-A2F2-071592CA6B65} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {AF300150-CC00-4AF6-91E3-A7E77E37272F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B619B803-3DD2-4FE2-BF00-402F08C32216} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-02-19] (Advanced Micro Devices, Inc.)
Task: {C7569882-1DAE-4BB9-BE89-49386F846EBA} - System32\Tasks\{CA99DE93-D822-43C9-AA88-2B84268DF5D9} => C:\WINDOWS\system32\pcalua.exe -a I:\SETUP.EXE -d I:\
Task: {CD3A0701-F514-41EE-B2E6-44DAA7E31ACB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D3A9D4F5-821C-4B98-A587-A85A961527F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E1109198-71BD-4281-8AB5-2680F1C26F60} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {E4DBA48C-CCDF-4718-9F77-078E759A813E} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.) <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-09-15 18:13 - 2014-09-15 18:13 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-12-15 00:30 - 2013-08-08 13:00 - 000207160 _____ () C:\Windows\SysWOW64\AsHookDevice.exe
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-24 18:20 - 2016-09-24 18:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-12-13 06:28 - 2012-04-24 05:43 - 000390632 ____R () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-15 00:29 - 2013-08-08 20:33 - 001114768 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 001899008 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000758272 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2013-12-15 00:28 - 2013-08-28 10:24 - 000920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-08-04 01:25 - 2015-08-04 01:25 - 000102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-28 19:01 - 2018-02-28 19:01 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-22 23:01 - 2018-02-21 22:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-22 23:01 - 2018-02-21 22:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2017-09-11 14:47 - 2017-09-11 14:47 - 000914944 _____ () C:\Users\Trebor\AppData\Local\unilwph\unilwph.exe
2017-08-20 12:38 - 2017-08-20 12:38 - 001087488 _____ () C:\Users\Trebor\AppData\Local\unilwph\wmicrsx.exe
2017-10-10 11:33 - 2017-10-10 11:33 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 08:22 - 2017-09-26 08:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 000477696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-03-01 17:56 - 2018-03-01 17:57 - 059575808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 14:33 - 2017-10-03 14:34 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-10 02:01 - 2018-02-10 02:01 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 003741184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-13 20:17 - 2017-12-13 20:17 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 015986688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 003592704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 003231232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-05 03:15 - 2018-02-05 03:20 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-02-10 02:01 - 2018-02-10 02:01 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 000628736 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-01 17:56 - 2018-03-01 17:57 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\SKU.dll
2017-12-12 15:22 - 2017-12-12 15:22 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-12-12 15:22 - 2017-12-12 15:22 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-12-12 15:22 - 2017-12-12 15:22 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2013-12-15 00:28 - 2018-03-10 04:45 - 000035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-12-15 00:28 - 2010-06-28 21:58 - 000104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-01-08 23:57 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2016-03-23 11:04 - 2016-03-23 11:04 - 000091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 000224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 000200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2018-01-08 23:57 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-08 23:57 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 11:58 - 2018-01-26 00:40 - 009817080 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 11:58 - 2018-02-01 00:55 - 001508344 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 11:58 - 2018-01-09 11:58 - 000513016 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 11:58 - 2018-01-09 11:58 - 002662904 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 11:58 - 2018-02-01 00:55 - 001518072 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-02-15 18:07 - 2018-02-15 18:07 - 001910264 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-02-15 18:07 - 2018-02-15 18:07 - 000422392 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-02-15 18:07 - 2018-02-15 18:07 - 000145400 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-01-09 11:59 - 2018-03-10 04:26 - 002749944 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\Trebor\AppData\Local\unilwph\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Trebor\AppData\Local\unilwph\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Trebor\AppData\Local\unilwph\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Trebor\AppData\Local\unilwph\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvkkbjlj.sys:changelist [3790]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\peurlmyr.sys:changelist [2466]
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Trebor\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\star_art_sky_night_people_silhouette_98142_1920x1080.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "GamecomSound"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "AutoMoparscape.lnk"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "frantic.jar"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "MyComGames"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{8F0651C3-8BF8-4257-AC2E-6E9BC4A30785}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{51DA1489-18E3-44F3-9AB7-932D440D0F2E}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{79858DD1-4017-476B-9291-0DF05A98F098}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe
FirewallRules: [TCP Query User{C0F546F2-3FDD-4E05-ACBB-64CA2F0AF811}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe
FirewallRules: [{C3E63614-9E22-41AE-B43E-AFB850F3E567}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{2B67BB1A-A357-4C4A-B2CF-61FA59F2DDF5}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [UDP Query User{724C4D3F-3C3A-4E2F-9597-B3222F0BC747}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe
FirewallRules: [TCP Query User{0F4A9AEA-BDEB-40D5-B44D-E6040DADC2F0}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe
FirewallRules: [UDP Query User{5CAA4B01-CA10-44B3-BEEE-A09406F4E1B5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{908E560D-45EE-485D-8A67-9DB6E6793256}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1BD71806-2811-493E-B4DC-C66885CE7914}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C70EA4EF-571D-4B87-82F9-AD46E6CD1757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0935FCB1-1072-449C-95CA-B10F34893A29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D27C66A-1627-456B-BA31-DE9A3F93EF16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8729FE3B-81BC-43EE-BA06-50AB1F9E2A0E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{FF29388E-17CC-4272-9843-5391EC56C0EA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{D2D7E15C-9D86-414B-A800-D44079C0B4DD}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{01860123-129A-4671-8567-E4C91CF1A6F9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{3BAC5700-2B3A-4B64-BC45-45E2E6479B25}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{9E5F0FA6-854F-4DDA-9100-6B47345993D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{C58FD6A6-1073-4380-82D2-6DBA30D5DE2B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{61073685-B266-4898-ABAD-3CAFF24F58E3}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [TCP Query User{0346C284-7CA8-4AE9-95AA-D87B8AB4BC8C}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [{10661419-BD16-48D9-89CB-D438F7813A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{869862DC-1F78-4744-BF27-0637553100DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{34665D80-7B27-49BF-A1A3-07EB1C2CE151}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{DDDF43C4-9FD9-41D0-90DC-6FA851B422DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{02B9A24B-B22C-4537-BEA1-CCB1B6E8AE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{2EFA5491-466D-48D9-B073-4D6BA650FAEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{CDF6B68E-B1E3-4990-92CA-5FC6F81E01D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2AD3A8A6-E4D5-424E-AEA8-016A593E0A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{74566B63-173C-4E02-93AE-4D6AC44F0FCA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A04801D4-4F79-47C9-BEA2-896C5D964751}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{32EB4D50-E96A-4AED-AD23-F901F533F92F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{76C7B864-9225-4BA8-BC12-FCC4B453473C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EEE17881-AEFC-4B22-BEF8-1464BBBB89C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EDA64D72-F123-474E-B80B-3C2C0C411A36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{9EF6D615-D7D4-45DC-A223-2446121E7953}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [TCP Query User{D9C04A0B-403D-4F9B-A16D-1F3B1B2D4474}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [{5561633B-0E3A-422E-95A2-D8F869DEAF81}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{65BCD0CD-85B7-49F1-BE32-0D8E383020E4}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{289212A9-2DB6-4D50-A06F-149FA16A36AF}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{2D2888D2-5567-4859-8228-A59C161C4D09}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [UDP Query User{379E94D8-75F9-404B-BA36-2363698B1B25}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [TCP Query User{D99B3761-2753-4091-B9F5-DCC4709D2E15}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [UDP Query User{F75FEBEE-628B-46F2-A72A-36FF985007D8}C:\users\trebor\desktop\p5\p5.exe] => (Allow) C:\users\trebor\desktop\p5\p5.exe
FirewallRules: [TCP Query User{54991C5D-78EF-4CB0-8985-F6F3D2377B0D}C:\users\trebor\desktop\p5\p5.exe] => (Allow) C:\users\trebor\desktop\p5\p5.exe
FirewallRules: [UDP Query User{F411E835-AC55-4F97-8077-6A61A04D3133}C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe] => (Allow) C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe
FirewallRules: [TCP Query User{0F08E3D0-C751-4983-A78B-623266E61F37}C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe] => (Allow) C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe
FirewallRules: [UDP Query User{F1C1B441-0907-48EC-B550-40ED727D80C2}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe
FirewallRules: [TCP Query User{64ED7FB2-A0BE-4507-92BD-003D26154A50}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe
FirewallRules: [{59CC986C-E1E8-4D4B-9E11-DD16C2B9AF90}] => (Allow) LPort=8317
FirewallRules: [{A84C6C47-0C63-4E4B-BB56-56932E3DF80B}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe
FirewallRules: [{401DBDC2-5519-4A14-8E57-14DEC374BFC4}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe
FirewallRules: [{99FD2FDA-5DB6-4474-8B43-A9C1F968331D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe
FirewallRules: [{1295A446-B042-4B1D-B508-181EBC5CB565}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe
FirewallRules: [{AACDE48A-EE1E-44EE-A419-28234043D142}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{74618083-EE95-47B3-B8A3-DF2F08B91B3B}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [UDP Query User{087E392E-249D-4B2B-8651-C2F8F5084A66}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [TCP Query User{317B68A0-1078-4122-A9A9-FE878EDE66E1}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [UDP Query User{9122A659-12B9-4D78-BC7D-B5DDCD441E44}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{650D02A1-396C-4D2C-B2D3-919563E51647}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{011DE440-42C4-49BA-B9EA-82714E36EF0F}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{E08DD7CF-3967-43F5-AF7F-1C37E96CFD5B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{669EBA8D-903A-488A-9BCA-0A0303F89DD9}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{1A8DCAF1-5148-42F0-93AA-4BB0782C745C}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CE9DA0DC-DADD-4FD5-A1E3-C0E90C9C530A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{12EDACFE-C25C-4068-85F9-548A740A5217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{90753508-F636-4645-B9D1-04F2B981302E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{3CE44318-A0E5-4B44-8799-DDD5A9F2DD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{7A591A37-4557-4A1F-A3C9-0D29B741D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{B459200E-473A-4D35-9970-FFE1503061DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [UDP Query User{5E614CFF-A8D8-43C6-B462-D471E42E526E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2ECCB791-9E2E-4F52-95A5-BCE8767762A4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B823013F-000D-4B45-A1F5-A39D8FB28F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{0B23772D-A040-4C08-8FA5-CB945007A9D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [UDP Query User{EFF7AC0C-6179-4E1A-9EF5-B2040F0C9538}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F45DCA14-A8AB-4367-A50C-40479230D2A5}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1E5A841D-E821-43FB-9994-C135D171E521}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B768A115-548D-44A5-801C-99B154ABE9A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33448037-AE0B-4028-A39A-B1EB78184CC7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAA0F04F-5374-4210-A3E8-104C1C3574F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2FA7AB95-70B6-4BBB-A961-8E6BA4BC17D1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D2121486-0622-4C1A-855F-0674764CC109}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C224A02-3F18-4E99-BA79-0D3515F33889}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{43E316E2-60DC-431F-ABBA-2D6DCFD5D87F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A3FB3932-7C8E-46C6-AF50-6E64025D05D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{ACEC2385-DFB3-4E94-B716-D197ECFBE943}] => (Allow) LPort=1900
FirewallRules: [{806D9519-C5EC-4457-A59A-C0137A357FC2}] => (Allow) LPort=2869
FirewallRules: [{D0254EB0-F93F-448E-8957-7309C1112C7F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EACA5854-B89E-464B-BFA4-AE6DE1CB939E}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9FE632B7-421E-4A02-97AF-6B62BE177663}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5C65962A-B94B-4E25-8408-6DA260ED3432}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{27FEBA5D-2FF8-4400-AAFE-0ED148C4345F}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{9F3BEB23-6129-4747-B421-AF195801FFF9}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{3D70D653-71F1-4146-B6ED-1671A12A0223}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{8244E444-CBFF-41DE-938E-EB0CDD438105}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{FBA02154-E1AA-4782-A3AD-102DC6E5C541}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolution.exe
FirewallRules: [{32FD2B02-CFA6-4D70-95DF-0080E6D4D4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolution.exe
FirewallRules: [{1B674E1C-5F50-4D29-AB19-25188B27FB1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolutionModEditor.exe
FirewallRules: [{9080083E-B0EE-4C07-A197-7BAAA3FC23A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolutionModEditor.exe
FirewallRules: [{F81B8147-0605-4D85-A4E9-8EC3DA6FC645}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DCFAA3A-B37D-4384-9205-38F031B43C23}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22F44E02-F9F7-4F57-8772-CD44B0B6AB42}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FC29A47A-2165-4986-B51C-142F3282B445}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4C80913-41BF-430A-94E9-CEA56D7D726A}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{623734BB-2BDF-49AE-889F-10443B3F74E9}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E9BA140A-C472-4ECD-A49B-11D8A722784D}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [UDP Query User{C258D135-842B-4903-8921-2B1135F75C3E}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [TCP Query User{C07F53C3-546C-4BB9-875C-38456BBD445D}C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{C4954C15-8654-406F-B01F-38A67FEB33F0}C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{8C5CFA53-6C48-4687-8508-9AF0E5E53CEB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{AD1FD3B4-3461-4B8D-B4E0-9F28892A8ACE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{684A5E95-B4BA-463E-9131-F832903E6EF7}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe
FirewallRules: [UDP Query User{DC0F0428-E11F-433F-8B80-B90E46312D8D}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe
FirewallRules: [{1EF4B2E3-5C5D-4DF4-95FF-2F60E89D6A33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{DC5DCCBC-2361-4717-B523-98A3F4A27781}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [TCP Query User{68C2DD9B-B077-49A8-8080-8D51FB38351A}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{7308A23E-1F3D-4DA4-8684-5F3D1DF1858E}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe
FirewallRules: [{D4DDDF2B-6C1F-4E94-9DDC-37563005FFFC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7A5017EF-6D54-4D07-8D8A-F7A225C7A7E3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7861BACC-C91C-40A2-A537-29242786F832}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{269E427B-11AD-4D2F-AC87-B780442AD753}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7FD52C56-7CCD-4681-9ED6-96678032AC71}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5E14815C-0E8A-4B5E-B47C-613C756E85B6}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{3D9FA8EC-1CB8-4AB5-9764-54727D0FEBE5}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{6FDE3C41-9AE9-418E-9CBD-92B37D431567}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{F15EE7A5-3E00-4A35-BBB5-BA4A43504718}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{657591F7-1E05-4582-A6D6-031C0BA049E6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{60B6F9E3-C7E7-42C7-BD70-9023A3BE6A4F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{BB652096-4188-4E5A-8FED-51080C2814E6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{B3B92D19-4B15-48ED-9EE3-5340B8B0581F}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [UDP Query User{05824476-AD58-4B65-A5F8-2B65FEC6A16D}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [TCP Query User{595FAADE-DA3B-49C1-A7C2-6F0131ADD5B4}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [UDP Query User{3073B1F7-022F-4BD4-8A6C-61C35583FB81}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [{E1D8DCA5-7820-44C7-A4FF-D65938301F64}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CA9C12FA-699D-4DA6-BD67-D202420195E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1C97999E-1F9B-4029-B105-0ACFCD94BAE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0BC0689F-8CE8-4032-9D39-9824859C471C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{819814F6-6FE2-4467-9BAB-8F147D1170B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{6BC29DAE-99F3-4D95-8DFE-D777DBB24122}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{119C89A9-193B-4338-BFF6-387E8F870E15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04BE5346-F72E-4961-95F8-6B13BE42DD50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7925FC44-B61E-4B64-AF17-002874AB8E41}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B483D05A-35F0-4DE6-814F-56468DA63205}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{F729AA28-C323-4750-BEBE-776BF8D04705}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3E0686AA-9317-46AB-BBDB-52D7C6AA4364}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{09FEA43C-37D8-444E-ADDB-19B0C6D3F29D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{13018868-B825-4312-BF81-78564282C294}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{46BAAB94-9103-4D21-8B2C-9D26026BF315}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{3FA951E3-E521-4C44-B131-2BBBB5E24CAD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{38EDD920-0372-469F-9295-FD25B5522B65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe
FirewallRules: [{E9BA8F10-E70B-41D8-9BD4-2F66231F157D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe
FirewallRules: [{D8D5C8DE-39D1-432C-9CFC-B5B957B99B66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{04A3C79C-310B-491A-B7B5-CF6F6023F4B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [TCP Query User{54C44AA4-3C95-4A75-B82F-367CE67ABA81}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{1FFACB2B-8DD8-4295-AB21-321EBD614C71}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{2616E624-D0D8-4359-A409-9AE8D235634F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{DD4E8B4D-552D-4EFF-B1C1-B2E6AD28F1DD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{7925C72C-9C88-4CBF-A47F-907F54E6872F}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [UDP Query User{10CE76FD-F806-42B6-A7BD-288266398153}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
 
==================== Restore Points =========================
 
07-03-2018 21:23:05 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
10-03-2018 22:28:36 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
Name: VMware VMCI Host Device
Description: VMware VMCI Host Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: vmci
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2018 02:23:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/11/2018 02:23:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/10/2018 01:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/10/2018 01:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/10/2018 01:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/10/2018 01:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/10/2018 04:46:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RadeonSettings.exe, version: 10.1.2.1703, time stamp: 0x5a8b7db9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x19f8
Faulting application start time: 0x01d3b854a9b8edf8
Faulting application path: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Faulting module path: unknown
Report Id: 100d5fe3-a6e1-4959-90d2-cc925f57058e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/10/2018 04:45:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
 
System errors:
=============
Error: (03/11/2018 03:54:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Feature update to Windows 10, version 1709.
 
Error: (03/11/2018 03:10:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.263.438.0).
 
Error: (03/10/2018 06:53:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Feature update to Windows 10, version 1709.
 
Error: (03/10/2018 06:53:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.263.421.0).
 
Error: (03/10/2018 05:24:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Feature update to Windows 10, version 1709.
 
Error: (03/10/2018 04:56:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.263.421.0).
 
Error: (03/10/2018 04:52:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (03/10/2018 04:49:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
 
Windows Defender:
===================================
Date: 2017-10-19 00:47:20.495
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4B2FEECD-409D-4D41-88EE-525F0DFC0191}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-19 00:13:35.822
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {008DB5D1-ECA0-4634-B798-93CD8107EEE2}
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2017-10-19 00:07:44.222
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A30DFFFA-EC65-4932-8D1F-3A5EFCCCBCC7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-08 15:51:21.395
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EA8FE8B8-9E8D-4B5B-A36D-919FFD90A6D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-03 14:18:46.458
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2FAD43BB-C9E6-4E72-856E-E1AA6F842F5F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-16 01:45:50.468
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.798.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2017-10-16 01:45:50.467
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2017-10-13 15:13:12.324
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.725.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2017-10-07 17:15:14.556
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.451.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2017-09-25 13:39:06.303
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.251.1412.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14104.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
CodeIntegrity:
===================================
 
Date: 2018-02-28 19:00:47.152
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:59:01.240
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:59:01.237
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:59:01.234
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:58:59.112
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:55:43.987
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:55:43.983
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:55:43.980
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8300 Eight-Core Processor 
Percentage of memory in use: 54%
Total physical RAM: 12203.47 MB
Available physical RAM: 5493.84 MB
Total Virtual: 14059.47 MB
Available Virtual: 4435.11 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1849.08 GB) (Free:1274.23 GB) NTFS
Drive i: () (Fixed) (Total:223.56 GB) (Free:207.14 GB) exFAT
Drive j: (w_10_pro_x64) (CDROM) (Total:3.15 GB) (Free:0 GB) UDF
 
\\?\Volume{d2b1454e-cdc3-4eaf-8bc5-ef232bdcce5a}\ (Windows RE tools) (Fixed) (Total:0.78 GB) (Free:0.54 GB) NTFS
\\?\Volume{3d75ccdf-bada-4792-be2b-349b0be5730b}\ (Recovery image) (Fixed) (Total:12.78 GB) (Free:3.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0E12EE9D)
 
Partition: GPT.
 
========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 68A3BF33)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 12 March 2018 - 10:29 PM

Hi trebor2828,

It looks like your copy of Windows may not be activated properly.

Looking at the logs you have posted, it appears as if there may be something wrong with the activation of Windows on your computer. Do you either own a valid license key for Windows or buy a new computer that came with Windows installed? If yes, then please continue with the instructions below.

  • Right click on your start menu. Then, click Command Prompt (Admin).
  • If a User Account Control dialog box opens, click Yes to allow the command prompt to run.
  • A command line should open. Type the following command into the command line, then press Enter.
    slmgr /dlv
  • A dialog box should open. Do not close this yet. If the command prompt shows an error, please check that you typed the command correctly.
  • Please take a screenshot of the dialog box using this tutorial.
  • After you have taken the screenshot, you may close the slmgr dialog box and the command prompt.
  • Finally, please attach the screenshot to your next reply.

In your next reply, please include the following:

  • Screenshot of slmgr /dlv output

sasschary



#7 trebor2828

trebor2828
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 13 March 2018 - 12:18 AM

I decided to use Gyazo to take a screen shot. If you need me to take it the traditional way i will. 

 

https://gyazo.com/213d94a97ff7165367674f7fc622cea0



#8 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 13 March 2018 - 03:15 PM

Hi trebor2828,

Using Gyazo works fine. It looks like I was mistaken, and your copy of Windows has been properly activated. Now we may continue.

It looks like you have some P2P software installed on your computer.

P2P programs have a high risk of bringing infection. Stay away from them if it all possible, especially if you are downloading illegal software/music/movies/etc. Not only are these areas very large targets for malware authors, they are also what they say in the name: Illegal. Please remove this software before continuing.

It looks like you may have some illegal software installed on your computer.

Installing illegal programs brings a high risk of bringing infection. I ask that you remove any pirated software before continuing. Please also be aware that some of the tools we use may remove cracked files, which could leave pirated software in an unstable and crash-prone state.

Let's run a scan using CKScanner.

Please run this scan only once unless I tell you to repeat the scan.

  • Please download CKScanner from here and save it to your desktop.
  • On your desktop, right click CKScanner.exe and click Run as Administrator.
  • If a User Account Control dialog box appears, click Yes to allow CKScanner to run.
  • In the CKScanner window, click Search for Files.
  • CKScanner will scan your computer. After the scan is complete, please click Save List to File.
  • CKScanner should show a dialog box saying the file saved correctly.
  • On your desktop, there should be a file called CKFiles.txt. Please double-click the file to open it in Notepad, then copy and paste it into your next reply.

In your next reply, please include the following:

  • CKFiles.txt

sasschary



#9 trebor2828

trebor2828
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 13 March 2018 - 08:23 PM

This is the .txt

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\de_de\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\de_de\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\de_de\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\es_es\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\es_es\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\es_es\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\fr_fr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\fr_fr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\fr_fr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\it_it\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\it_it\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\it_it\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ja_jp\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ja_jp\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ja_jp\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ko_kr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ko_kr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ko_kr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\pt_br\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\pt_br\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\pt_br\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ru_ru\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ru_ru\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ru_ru\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\program files (x86)\hi-rez studios\hirezgames\smite\battlegame\cookedpc\characters\npcs\npc_ward_firecracker.upk
c:\program files (x86)\hi-rez studios\hirezgames\smite\battlegame\cookedpc\sounds\aud_npc_ward_firecracker.upk
c:\users\trebor\downloads\burning fireplace with crackling fire sounds (full hd).mp4
c:\users\trebor\downloads\magix music maker 2017 premium 24.0.2.46 + crack [sadeempc].zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\readme.txt
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\set-up.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\setup.xml
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\ccm\ccm.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\ccm\ccm.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\ccm\ccm.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\core\pdapp.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\core\pdapp.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\core\pdapp.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\d6\d6.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\d6\d6.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\d6\d6.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\decore\decore.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\decore\decore.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\decore\decore.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\dwa\dwa.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\dwa\dwa.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\dwa\dwa.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\ipc\ipc.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\ipc\ipc.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\ipc\ipc.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\lwa\lwa.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\lwa\lwa.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\lwa\lwa.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\p6\p6.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\p6\p6.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\p6\p6.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\p7\p7.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\p7\p7.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\p7\p7.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\uwa\uwa.pima
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\uwa\uwa.pimx
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\packages\uwa\uwa.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\media_db.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\setup.xml
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrecommended_x64-mul\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrecommended_x64-mul\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrecommended_x64-mul\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrecommended_x64-mul\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrecommended_x64-mul\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrequired_x64-mul\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrequired_x64-mul\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrequired_x64-mul\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrequired_x64-mul\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobefontsrequired_x64-mul\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9alltrial\assets1_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9alltrial\assets1_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9alltrial\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9alltrial\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9alltrial\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9alltrial\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9alltrial\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9de_delanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9de_delanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9de_delanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9de_delanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9de_delanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9en_uslanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9en_uslanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9en_uslanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9en_uslanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9en_uslanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9es_eslanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9es_eslanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9es_eslanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9es_eslanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9es_eslanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9fr_frlanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9fr_frlanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9fr_frlanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9fr_frlanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9fr_frlanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9it_itlanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9it_itlanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9it_itlanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9it_itlanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9it_itlanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ja_jplanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ja_jplanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ja_jplanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ja_jplanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ja_jplanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ko_krlanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ko_krlanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ko_krlanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ko_krlanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ko_krlanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9pt_brlanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9pt_brlanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9pt_brlanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9pt_brlanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9pt_brlanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ru_rulanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ru_rulanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ru_rulanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ru_rulanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9ru_rulanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9zh_cnlanguagepack\assets2_1.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9zh_cnlanguagepack\assets2_1.zip
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9zh_cnlanguagepack\install.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9zh_cnlanguagepack\install.sig
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\adobepremierepro9zh_cnlanguagepack\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2005 redist (x64)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2005 redist (x64)\vcredist_x64.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2005 redist (x86)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2005 redist (x86)\vcredist_x86.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2008 redist (x64)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2008 redist (x64)\vcredist_x64.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2008 redist (x86)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2008 redist (x86)\vcredist_x86.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2010 redist (x64)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2010 redist (x64)\vcredist_x64.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2010 redist (x86)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2010 redist (x86)\vcredist_x86.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2012 redist (x64)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2012 redist (x64)\vcredist_x64.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2012 redist (x86)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2012 redist (x86)\vcredist_x86.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2013 redist (x64)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2013 redist (x64)\vcredist_x64.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2013 redist (x86)\media_db.db
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\payloads\microsoft vc 2013 redist (x86)\vcredist_x86.exe
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\adobepim.dll
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\setup.xml
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\updaterinventory.dll
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\cs_cz\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\da_dk\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\de_de\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\en_ae\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\en_gb\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\en_il\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\en_us\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\en_xm\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\es_es\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\es_la\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\es_mx\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\es_na\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\fi_fi\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\fr_ca\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\fr_fr\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\fr_ma\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\fr_xm\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\hu_hu\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\it_it\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\ja_jp\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\ko_kr\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\nb_no\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\nl_nl\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\pl_pl\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\pt_br\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\ru_ru\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\sv_se\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\tr_tr\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\uk_ua\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\zh_cn\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\adobe premiere pro cc 2015\resources\dictionary\zh_tw\stringtable.zdct
c:\users\trebor\downloads\adobe premiere pro cc 2015 v9.0 + crack\crack\amtlib.dll
scanner sequence 3.ZZ.11.XCNAGZ
 ----- EOF ----- 


#10 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 14 March 2018 - 11:26 AM

Hi trebor2828,

It looks like there is still some pirated software on your system.

It seems to me that there is still some pirated software on your computer. BleepingComputer does not condone the use of piracy, and so, if we are to continue the malware removal process, this software must first be removed. Please remove the following software, along with any other illegal software you may have on your system, including any files used to crack the software.

  • Adobe Premiere Pro

Let's run a scan using FRST.

Now we need to use FRST to run a scan.

  • From your desktop, right click FRST and click Run as Administrator
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, put a check in the box called Addition.txt under Optional Scan. Then, click Scan and wait for the scan to be run.
  • After the scan has been completed, FRST should create and open a file called FRST.txt in Notepad. Please copy and paste that file into your next reply.

In your next reply, please include the following:

  • FRST.txt
  • Addition.txt

sasschary



#11 trebor2828

trebor2828
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 14 March 2018 - 11:46 PM

I removed the Pirated software

 

this is FRST,txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Trebor (administrator) on TREBOR (14-03-2018 23:43:45)
Running from C:\Users\Trebor\Downloads
Loaded Profiles: Trebor (Available Profiles: Trebor)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\mshgmcrsrv.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\LeagueClient.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\LeagueClientUx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\LeagueClientUxRender.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\LeagueClientUxRender.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Discord Inc.) C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Discord Inc.) C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BitTorrent Inc.) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
(Discord Inc.) C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(BitTorrent Inc.) C:\Users\Trebor\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(BitTorrent Inc.) C:\Users\Trebor\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\SwReporter\26.144.201\software_reporter_tool.exe
(Google) C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\SwReporter\26.144.201\software_reporter_tool.exe
(Google) C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\SwReporter\26.144.201\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-23] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [MyComGames] => C:\Users\Trebor\AppData\Local\MyComGames\MyComGames.exe [6086544 2017-12-15] (MY.COM B.V.)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Discord] => C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Spotify] => C:\Users\Trebor\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-07] (Spotify Ltd)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [Spotify Web Helper] => C:\Users\Trebor\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-07] (Spotify Ltd)
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Run: [uTorrent] => C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe [2148024 2018-03-10] (BitTorrent Inc.)
Startup: C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-06-23] ()
Startup: C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frantic.jar [2017-10-07] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll => No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0343dcae-6a9d-11e7-b606-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1ca96965-5dd1-490a-9ed9-fbcf1c4b6b91}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2efa6445-8a53-496f-a026-dfa0071f558c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2efa6445-8a53-496f-a026-dfa0071f558c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3142acad-21fb-4075-afa0-46357a211af1}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b2c85dfb-dc46-45ad-9d36-d162c06f6fc5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c3c5d389-a623-42ce-936d-70c82f1b9f4d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c3c5d389-a623-42ce-936d-70c82f1b9f4d}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-3035021999-202699363-1705453404-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3035021999-202699363-1705453404-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-31] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-31] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3035021999-202699363-1705453404-1002: @my.com/Games -> C:\Users\Trebor\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
FF Plugin HKU\S-1-5-21-3035021999-202699363-1705453404-1002: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://google.com/"
CHR Profile: C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default [2018-03-14]
CHR Extension: (Google Drive) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (YouTube) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Adblock Plus) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
CHR Extension: (Abstract Blue) - C:\Users\Trebor\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2016-06-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\hzcgu <==== ATTENTION (Rootkit!)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-17] ()
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-06-07] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-12-12] (Copyright © 2017 Plays.tv, LLC)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 ClickToRunSvc; "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"
S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
S2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" [X]
S2 VMnetDHCP; C:\WINDOWS\SysWOW64\vmnetdhcp.exe [X]
S2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [X]
S2 VMware NAT Service; C:\WINDOWS\SysWOW64\vmnat.exe [X]
S3 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml"
S2 WinTabService; "C:\WINDOWS\System32\Drivers\WTSRV.EXE" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-26] (C-MEDIA)
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [123384 2016-03-03] (Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-25] (Malwarebytes)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R1 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S2 hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys [X]
S3 PTSimBus; \SystemRoot\System32\drivers\PTSimBus.sys [X]
S0 vmci; System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [X]
S2 vmx86; \??\C:\WINDOWS\system32\drivers\vmx86.sys [X]
S0 vsock; system32\drivers\vsock.sys [X]
S2 vstor2-mntapi20-shared; SysWOW64\drivers\vstor2-mntapi20-shared.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-14 23:39 - 2018-03-14 23:39 - 000000000 ____D C:\Users\Trebor\AppData\LocalLow\AMD
2018-03-14 17:40 - 2018-03-14 17:40 - 000115536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atauxadh.sys
2018-03-13 20:22 - 2018-03-13 20:22 - 000025210 _____ C:\Users\Trebor\Desktop\ckfiles.txt
2018-03-13 20:16 - 2018-03-13 20:16 - 000468480 _____ () C:\Users\Trebor\Desktop\CKScanner.exe
2018-03-12 22:33 - 2018-03-12 22:33 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-03-12 22:33 - 2018-03-12 22:33 - 000003074 _____ C:\WINDOWS\System32\Tasks\StartDVR
2018-03-12 22:33 - 2018-03-12 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-03-12 05:05 - 2018-03-14 23:43 - 000000000 ____D C:\Users\Trebor\Downloads\FRST-OlderVersion
2018-03-11 05:09 - 2018-03-11 05:11 - 000096067 _____ C:\Users\Trebor\Downloads\Addition.txt
2018-03-11 05:07 - 2018-03-14 23:44 - 000021800 _____ C:\Users\Trebor\Downloads\FRST.txt
2018-03-11 05:07 - 2018-03-14 23:43 - 000000000 ____D C:\FRST
2018-03-11 05:06 - 2018-03-14 23:43 - 002403328 _____ (Farbar) C:\Users\Trebor\Downloads\FRST64.exe
2018-03-10 04:54 - 2018-03-10 04:56 - 000000000 ____D C:\Users\Trebor\Downloads\Windows 10 Pro v.1511 En-us x64 July2016 Pre-Activated-=TEAM OS=-
2018-03-10 04:53 - 2018-03-10 04:53 - 003114288 _____ (BitTorrent Inc.) C:\Users\Trebor\Downloads\uTorrent (2).exe
2018-03-09 22:35 - 2018-02-18 06:32 - 000026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-03-09 22:35 - 2018-02-18 05:56 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-03-09 22:35 - 2018-02-18 05:54 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-03-09 22:35 - 2018-02-18 05:49 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-09 22:35 - 2018-02-18 05:49 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-03-09 22:35 - 2018-02-18 05:49 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-03-09 22:35 - 2018-02-18 05:48 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-09 22:35 - 2018-02-18 05:48 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-03-09 22:35 - 2018-02-18 05:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-03-09 22:35 - 2018-02-18 05:47 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-03-09 22:35 - 2018-02-18 05:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-03-09 22:35 - 2018-02-18 05:46 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-09 22:35 - 2018-02-18 05:45 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2018-03-09 22:35 - 2018-02-18 05:44 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-09 22:35 - 2018-02-18 05:41 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-03-09 22:35 - 2018-02-18 05:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-09 22:35 - 2018-02-18 05:39 - 002449920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-03-09 22:35 - 2018-02-18 05:38 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-03-09 22:35 - 2018-02-18 05:36 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-03-09 22:35 - 2018-02-09 23:35 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-03-09 22:35 - 2018-02-09 23:30 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-03-09 06:37 - 2018-03-09 06:37 - 001861696 _____ (Oracle Corporation) C:\Users\Trebor\Downloads\JavaSetup8u161.exe
2018-03-09 06:35 - 2018-03-09 06:35 - 002235770 _____ C:\Users\Trebor\Downloads\Patch.txt
2018-03-09 06:34 - 2018-03-09 06:34 - 000000221 _____ C:\Users\Trebor\Desktop\Borderlands 2.url
2018-03-09 06:32 - 2018-03-09 06:32 - 000000040 _____ C:\Users\Trebor\Downloads\FilterTool.options
2018-03-09 06:31 - 2018-03-09 06:32 - 013310286 _____ C:\Users\Trebor\Downloads\FilterTool.jar
2018-03-07 22:12 - 2018-03-07 22:12 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech (3).exe
2018-03-07 21:51 - 2018-03-07 21:51 - 000000000 ____D C:\Users\Trebor\Documents\FeedbackHub
2018-03-07 21:49 - 2018-03-07 21:49 - 000000000 ____D C:\Users\Trebor\AppData\Local\ElevatedDiagnostics
2018-03-07 21:40 - 2018-03-07 21:40 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech (2).exe
2018-03-07 21:22 - 2018-03-07 21:22 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech (1).exe
2018-03-07 18:50 - 2018-03-07 18:50 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-06 16:09 - 2018-03-10 04:38 - 000000000 ____D C:\ProgramData\LogiShrd
2018-03-06 16:07 - 2018-03-06 16:08 - 000000000 ____D C:\Users\Trebor\AppData\Local\Logitech
2018-03-06 16:00 - 2018-03-10 04:39 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2018-03-06 15:53 - 2018-03-06 15:53 - 120137512 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\LGS_8.96.88_x64_Logitech.exe
2018-03-06 15:53 - 2018-03-06 15:53 - 005020280 _____ (Logitech Inc.) C:\Users\Trebor\Downloads\G910Update_92.3.22.exe
2018-03-06 15:53 - 2018-03-06 15:53 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Logitech
2018-03-06 15:53 - 2018-03-06 15:53 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Logishrd
2018-03-06 00:50 - 2018-03-14 15:33 - 000000802 _____ C:\Users\Trebor\Desktop\Windows 10 Update Assistant.lnk
2018-03-06 00:44 - 2018-03-14 17:41 - 005160120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-03 01:12 - 2018-03-03 01:12 - 005603499 _____ (UserBenchmark.com) C:\Users\Trebor\Downloads\UserBenchMark.exe
2018-03-02 01:49 - 2018-03-02 01:49 - 000001198 _____ C:\Users\Trebor\Documents\cc_20180302_004913.reg
2018-03-02 01:47 - 2018-03-02 01:47 - 000022810 _____ C:\Users\Trebor\Documents\cc_20180302_004756.reg
2018-03-02 01:45 - 2018-03-02 01:45 - 000408500 _____ C:\Users\Trebor\Documents\cc_20180302_004527.reg
2018-03-02 01:37 - 2018-03-02 01:37 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-02 01:37 - 2018-03-02 01:37 - 000002854 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-03-02 01:37 - 2018-03-02 01:37 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-02 01:37 - 2018-03-02 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-02 01:37 - 2018-03-02 01:37 - 000000000 ____D C:\Program Files\CCleaner
2018-03-02 01:36 - 2018-03-02 01:36 - 011217568 _____ (Piriform Ltd) C:\Users\Trebor\Downloads\ccsetup540.exe
2018-02-28 01:57 - 2018-03-06 04:26 - 000047096 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2018-02-28 01:56 - 2018-02-28 18:18 - 000000000 ____D C:\Users\Trebor\Documents\Black Desert
2018-02-27 04:39 - 2018-03-06 04:43 - 000000000 ____D C:\Program Files (x86)\Black Desert Online
2018-02-27 04:39 - 2018-02-28 16:30 - 000000000 ____D C:\Users\Trebor\AppData\Local\BlackDesertOnline
2018-02-27 04:39 - 2018-02-27 04:39 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Online.lnk
2018-02-27 04:39 - 2018-02-27 04:39 - 000002080 _____ C:\Users\Public\Desktop\Black Desert Online.lnk
2018-02-27 04:39 - 2018-02-27 04:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert Online
2018-02-27 04:37 - 2018-02-27 04:38 - 051930432 _____ (Kakao Games Europe B.V.) C:\Users\Trebor\Downloads\BlackDesertOnlineSetup_20170726_1022.exe
2018-02-27 04:16 - 2018-02-27 04:16 - 004182688 _____ (Husdawg, LLC) C:\Users\Trebor\Downloads\Detection (1).exe
2018-02-26 01:13 - 2018-02-26 01:14 - 316554208 _____ (AMD Inc.) C:\Users\Trebor\Downloads\whql-win10-catalyst-15.7.1-oct30.exe
2018-02-25 06:01 - 2018-02-25 06:02 - 015328616 _____ (Microsoft Corporation) C:\Users\Trebor\Downloads\VC_redist.x64.exe
2018-02-25 05:41 - 2018-02-25 05:56 - 000000000 ____D C:\ProgramData\iolo
2018-02-25 05:41 - 2018-02-25 05:41 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-25 05:41 - 2018-02-25 05:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-25 05:41 - 2017-11-01 09:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-25 05:40 - 2018-02-25 05:40 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Trebor\Downloads\mbar-1.10.3.1001 (2).exe
2018-02-25 05:32 - 2018-02-25 05:32 - 000000000 ____D C:\Users\Trebor\Documents\Visual Studio 2012
2018-02-25 04:58 - 2018-02-25 04:58 - 018617536 _____ (Microsoft Corporation) C:\Users\Trebor\Downloads\MediaCreationTool.exe
2018-02-25 04:58 - 2018-02-25 04:58 - 000000000 ___HD C:\$Windows.~WS
2018-02-25 04:58 - 2018-02-25 04:58 - 000000000 ____D C:\$WINDOWS.~BT
2018-02-25 01:37 - 2018-02-25 01:37 - 012522300 _____ C:\Users\Trebor\Downloads\NA1-2726494975.rofl
2018-02-23 23:30 - 2018-03-14 15:33 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-02-23 23:30 - 2018-03-14 15:33 - 000000000 ____D C:\Windows10Upgrade
2018-02-18 01:28 - 2018-02-18 01:28 - 000257536 _____ C:\Users\Trebor\Downloads\50_lashes.aaf
2018-02-17 19:52 - 2018-02-17 19:52 - 000000000 ____D C:\ProgramData\LHService
2018-02-17 19:50 - 2018-02-17 19:50 - 000000000 ____D C:\ProgramData\LockHunter
2018-02-17 19:48 - 2018-02-17 19:48 - 003133480 _____ (Crystal Rich Ltd ) C:\Users\Trebor\Downloads\lockhuntersetup_3-2-3.exe
2018-02-17 19:48 - 2018-02-17 19:48 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\LockHunter
2018-02-17 19:48 - 2018-02-17 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-02-17 19:48 - 2018-02-17 19:48 - 000000000 ____D C:\Program Files\LockHunter
2018-02-17 19:45 - 2018-02-17 19:46 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Trebor\Downloads\Itunes.com
2018-02-17 19:30 - 2018-02-17 19:30 - 041044912 _____ (AMD Inc.) C:\Users\Trebor\Downloads\radeon-software-adrenalin-18.2.2-minimalsetup-180212_web (1).exe
2018-02-17 19:29 - 2018-02-17 19:30 - 209077904 _____ (AMD Inc.) C:\Users\Trebor\Downloads\non-whql-win10-32bit-radeon-software-crimson-relive-16.2.1-sep20.exe
2018-02-17 19:14 - 2018-02-17 19:14 - 041044912 _____ (AMD Inc.) C:\Users\Trebor\Downloads\radeon-software-adrenalin-18.2.2-minimalsetup-180212_web.exe
2018-02-17 19:14 - 2018-02-17 19:14 - 000000000 ____D C:\Users\Trebor\AppData\Local\RadeonInstaller
2018-02-16 18:08 - 2018-01-18 02:05 - 000108584 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-02-15 22:48 - 2018-02-15 22:48 - 000000000 _____ C:\Users\Trebor\Desktop\OU Gold Week 4 notes.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-14 23:43 - 2016-03-28 05:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 23:42 - 2017-10-13 19:31 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\uTorrent
2018-03-14 23:42 - 2016-03-24 11:59 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Adobe
2018-03-14 23:40 - 2017-11-26 16:33 - 000000000 ____D C:\Users\Trebor\AppData\LocalLow\uTorrent
2018-03-14 23:40 - 2017-07-16 21:12 - 000000000 ____D C:\Users\Trebor
2018-03-14 23:39 - 2017-07-16 21:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-14 18:11 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 17:47 - 2017-07-16 21:11 - 010440064 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-14 17:41 - 2017-07-16 21:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-14 17:41 - 2016-09-12 02:48 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-03-14 17:41 - 2013-12-15 00:38 - 000000025 ___SH C:\WINDOWS\SysWOW64\ReadTag.ini
2018-03-14 17:40 - 2017-09-14 15:39 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2018-03-14 17:40 - 2017-07-16 21:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-14 17:40 - 2017-03-18 06:40 - 020447232 _____ C:\WINDOWS\system32\config\HARDWARE
2018-03-14 17:40 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-14 17:39 - 2016-03-24 12:12 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-14 04:12 - 2017-10-11 10:09 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 04:12 - 2016-03-28 05:52 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 02:00 - 2016-03-24 12:09 - 000000000 ____D C:\Users\Trebor\AppData\Local\Adobe
2018-03-14 00:00 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2018-03-13 21:41 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-13 00:12 - 2016-05-30 16:50 - 000000045 _____ C:\Users\Trebor\jagex_cl_oldschool_LIVE.dat
2018-03-12 22:33 - 2017-07-16 21:11 - 000000000 ____D C:\Program Files (x86)\AMD
2018-03-12 22:32 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-12 22:27 - 2017-02-11 11:03 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\discord
2018-03-12 22:13 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2018-03-10 05:41 - 2017-09-14 04:40 - 000000000 ____D C:\Users\Trebor\AppData\Local\unilwph
2018-03-10 04:40 - 2017-08-13 00:01 - 000000000 ____D C:\Users\Trebor\AppData\Local\SKIDROW
2018-03-10 04:40 - 2017-08-13 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2018-03-10 04:40 - 2017-08-12 23:53 - 000000000 ____D C:\Program Files (x86)\R.G. Mechanics
2018-03-10 04:40 - 2016-03-29 00:43 - 000000000 ____D C:\Users\Trebor\Documents\My Games
2018-03-10 04:32 - 2016-03-24 12:12 - 000000000 ____D C:\Users\Trebor\AppData\Local\Spotify
2018-03-10 04:27 - 2016-03-24 12:12 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Spotify
2018-03-10 04:21 - 2016-05-28 21:40 - 000000000 ____D C:\Users\Trebor\AppData\Local\Battle.net
2018-03-09 06:30 - 2016-05-28 21:40 - 000000000 ____D C:\Program Files (x86)\Overwatch
2018-03-09 00:01 - 2018-01-12 15:06 - 000000000 ____D C:\Program Files\rempl
2018-03-08 06:19 - 2016-05-28 21:38 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-02 15:25 - 2017-03-18 16:06 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 15:25 - 2017-03-18 16:06 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 01:43 - 2016-07-03 22:48 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\Ventrilo
2018-03-02 01:41 - 2018-01-08 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-03-02 01:41 - 2017-09-14 05:37 - 000000000 ____D C:\Users\Trebor\Desktop\Text Files
2018-03-02 01:41 - 2017-09-14 04:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-02 01:41 - 2017-07-07 07:15 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-02 01:41 - 2016-07-13 01:50 - 000000000 ____D C:\Users\Trebor\Desktop\Games
2018-03-02 01:28 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-02 01:15 - 2017-12-28 01:07 - 000000044 _____ C:\Users\Trebor\Desktop\New accounts.txt
2018-02-28 19:14 - 2018-02-11 04:06 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\PlaysTV
2018-02-28 19:14 - 2017-07-25 16:47 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\audacity
2018-02-27 04:39 - 2013-12-13 05:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-27 00:45 - 2017-07-16 21:44 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-26 04:35 - 2016-08-07 23:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 01:25 - 2016-05-29 12:37 - 000000000 ____D C:\AMD
2018-02-26 01:18 - 2017-07-16 21:10 - 000000000 ____D C:\Program Files\AMD
2018-02-25 07:09 - 2017-07-16 21:10 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-25 05:52 - 2017-12-04 02:35 - 000000000 ____D C:\Users\Trebor\Desktop\Adobe Premiere Pro Auto-Save
2018-02-25 05:46 - 2017-09-14 06:28 - 000000000 ____D C:\AdwCleaner
2018-02-25 05:41 - 2017-12-22 00:46 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-25 05:41 - 2017-10-08 21:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-23 18:48 - 2017-10-18 18:30 - 000000000 ____D C:\Users\Trebor\AppData\Local\UnrealEngine
2018-02-22 23:01 - 2016-03-24 12:09 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-22 23:01 - 2016-03-24 12:09 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-20 05:29 - 2017-02-15 09:32 - 000000000 ____D C:\Users\Trebor\AppData\Roaming\obs-studio
2018-02-17 19:17 - 2016-08-28 17:59 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-17 19:11 - 2016-12-11 20:33 - 000000000 ____D C:\Program Files (x86)\Diablo II
2018-02-17 19:10 - 2017-11-01 23:11 - 000003640 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-17 19:09 - 2016-08-02 01:39 - 000000000 ____D C:\GOG Games
2018-02-17 19:09 - 2016-06-23 09:46 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
 
==================== Files in the root of some directories =======
 
2017-10-17 01:49 - 2017-10-17 01:50 - 000000034 _____ () C:\Users\Trebor\jagex_runescape_preferences.dat
2016-06-01 01:12 - 2016-06-01 01:12 - 000000034 ____H () C:\Users\Trebor\system32log.dat
2017-10-07 17:39 - 2017-10-07 17:39 - 000000030 _____ () C:\Users\Trebor\AppData\Roaming\.runescape_cache.dat
2017-05-12 13:08 - 2017-05-12 13:08 - 325407814 _____ () C:\Users\Trebor\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-05-12 13:08 - 2017-05-12 13:08 - 000003630 _____ () C:\Users\Trebor\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd
2016-03-24 11:59 - 2016-06-29 02:42 - 000063428 _____ () C:\Users\Trebor\AppData\Local\BTServer.log
 
Some files in TEMP:
====================
2018-03-06 04:26 - 2018-03-06 04:26 - 000000045 _____ () C:\Users\Trebor\AppData\Local\Temp\5b8820cfcb94b32e98455a955d292f21.dll
2018-03-06 04:25 - 2018-03-06 04:25 - 000000180 _____ () C:\Users\Trebor\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2018-03-12 22:28 - 2018-03-12 22:29 - 334098976 _____ (AMD Inc.) C:\Users\Trebor\AppData\Local\Temp\tmp941C.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-12 22:11
 
==================== End of FRST.txt ============================

This is Addition.txt 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Trebor (14-03-2018 23:45:00)
Running from C:\Users\Trebor\Downloads
Windows 10 Home Version 1703 15063.786 (X64) (2017-07-17 02:55:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3035021999-202699363-1705453404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3035021999-202699363-1705453404-503 - Limited - Disabled)
Guest (S-1-5-21-3035021999-202699363-1705453404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3035021999-202699363-1705453404-1004 - Limited - Enabled)
Trebor (S-1-5-21-3035021999-202699363-1705453404-1002 - Administrator - Enabled) => C:\Users\Trebor
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{06BBCA29-E177-44BB-901E-BA318CF064FD}) (Version: 20.15.6362.54439 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.15.6362.54439 - Alcor Micro Corp.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.07 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.00.05 - ASUSTeK Computer Inc.)
ASUS Manager - Recovery (HKLM-x32\...\{CF4A14CB-C4CB-4241-B659-7C58517515CF}) (Version: 2.00.08 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.01.03 - ASUSTeK Computer Inc.)
ASUS Manager - USB Lock (HKLM-x32\...\{1931C916-6CB8-4E4D-8561-EA20C426AE19}) (Version: 2.00.10 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.05.03 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM\...\{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG) Hidden
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 0.0.1845494127.36512880 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
Blend for Visual Studio 2012 (HKLM-x32\...\{57F20F04-014D-453F-B6A3-AE9485C4DFAB}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (HKLM-x32\...\{532DBCC8-9468-435C-AEF6-30B7F50735A2}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4428 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Discord (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Discord) (Version: 0.0.300 - Discord Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{372D17F6-A54E-4A01-B264-1314890FFE61}) (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{818FF838-5FCD-4FCB-AE39-4F725EBCE2A1}) (Version: 1.1.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Galería de fotos (HKLM-x32\...\{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Ghost Mouse Auto Clicker 4.0.1 (HKLM-x32\...\{62D023F4-CFDF-4E49-9DAA-52DFF37E6C73}_is1) (Version:  - AMAC Ltd.)
Google Chrome (HKLM-x32\...\{8B441F7D-FAE4-3F66-BB1D-430B2F76423B}) (Version: 64.0.3282.186 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.2.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HydraVision (HKLM-x32\...\{EF87D495-F5A0-2C40-ECFA-6D6D1C992A74}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LocalESPC (HKLM-x32\...\{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}) (Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}) (Version: 8.59.25584 - Microsoft) Hidden
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker 2017 Premium Update (HKLM\...\{CE069D82-AEA1-460B-A695-BBB2622466E6}) (Version: 24.0.2.46 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (HKLM\...\{7C0E97DB-B7FF-4248-BA47-4718D1D104A6}) (Version: 24.0.1.34 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (HKLM-x32\...\MX.{7C0E97DB-B7FF-4248-BA47-4718D1D104A6}) (Version: 24.0.1.34 - MAGIX Software GmbH)
MAGIX Music Maker Trial Live Pads (HKLM\...\{DFE0E43F-300E-42DA-B937-BF3AA9D298B9}) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Trial Soundpools (HKLM\...\{8AFD5CCB-BA23-4EDE-8F9B-943DAF52A9EB}) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM\...\{EFFCCA53-B476-44A7-A34F-40FCD0B1DCD6}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{EFFCCA53-B476-44A7-A34F-40FCD0B1DCD6}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{F25C8769-16B6-4B19-BB0B-76F213829AC6}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My.com Game Center (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\MyComGames) (Version: 3.183 - My.com B.V.)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.52.1903.1 - Hi-Rez Studios)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.5-r125535-release - Plays.tv, LLC)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}) (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7035 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - REALTEK Semiconductor Corp.)
Remote Desktop assistant (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\b948d155e8353e01) (Version: 1.0.0.102 - Remote Desktop assistant)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.16.3600.1 - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{BF492E7F-BD3F-4F33-932A-1DD0891968B0}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{E1D7CB46-BAE9-4D58-99C4-582332B1755A}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-6) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-7) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WCF Data Services 5.0 (for OData v3) Primary Components (HKLM-x32\...\{0BCC836F-0B28-4090-B58A-64883BAA3B2F}) (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (HKLM-x32\...\{148878BD-A2A5-4CF1-A103-2BA632F41953}) (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3035021999-202699363-1705453404-1002_Classes\CLSID\{d5f8c80f-c82d-4929-82d9-92ed10270df4}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0761E8EA-DDA9-4BF9-8B99-56F6CC57E0A6} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-09-18] (ASUSTeK Computer Inc.)
Task: {0769C5D7-97A3-4412-81FB-0AD09BB3FFBF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {09F98701-53E7-4BA7-AC9F-FDE679F6A909} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {10C39FE7-2460-4BD5-919D-C0861C727107} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11E09520-2EA4-4F8C-8FFD-D4F14EE35A97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-24] (Google Inc.)
Task: {1892BDCA-D74D-4112-A8E2-AA44845AB3D7} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1C361899-6F63-4CE8-94BF-6B003D4048BB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1E4D9AAD-914F-485D-8E02-4CEA76ADB38C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {265655C7-A475-4760-B25B-4D4A87EC32CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {32F4621B-FDEC-475B-A394-758F8584F580} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {412B0BBD-21CF-4CB1-A2BD-B2F04BED165F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {41925B9A-AD5B-4896-81D5-F455DEAA2C01} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {48E02540-72D9-4EE7-8D7B-4829B4A81AE9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4CB6CECC-E6E5-4116-8DEB-6766AA98F2B6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {50E5DB14-0D77-4464-B34E-3FCA47C96388} - System32\Tasks\{1B4EBCAB-F3EA-42EF-B166-AAE10A264118} => C:\WINDOWS\system32\pcalua.exe -a K:\PLAYD2.EXE -d K:\
Task: {551D10B6-D3E7-499B-A47A-EE7F4CFDAB6B} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2013-08-05] (ASUSTeK)
Task: {72775D6C-4706-40AC-819C-7EE819E45ABB} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {7331B020-DA05-4CC1-AA93-5B75DE6F577A} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {7A12F95F-7FCF-4587-8E09-11F8FCA4E29A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7CD79B27-F032-4AAF-9CF3-CE01ACDBA815} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-24] (Google Inc.)
Task: {85AD9B80-322A-4D07-BD3C-BB49A8EFF5D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {889F0537-183F-45B5-914F-AC911F0767A1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {94809588-318F-44C5-92C4-82550B77B633} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {9C5BC3B3-BC25-4263-8880-BE6BA1C78A24} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-08-08] ()
Task: {A77D7EEA-B85A-4DD0-A2F2-071592CA6B65} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {AF300150-CC00-4AF6-91E3-A7E77E37272F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B84AAB5A-B887-4B77-8689-BDF5E5C9C7FB} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {C7569882-1DAE-4BB9-BE89-49386F846EBA} - System32\Tasks\{CA99DE93-D822-43C9-AA88-2B84268DF5D9} => C:\WINDOWS\system32\pcalua.exe -a I:\SETUP.EXE -d I:\
Task: {CD3A0701-F514-41EE-B2E6-44DAA7E31ACB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D3A9D4F5-821C-4B98-A587-A85A961527F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E1109198-71BD-4281-8AB5-2680F1C26F60} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {E4DBA48C-CCDF-4718-9F77-078E759A813E} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.) <==== ATTENTION
Task: {FE3992BE-1CCF-49E8-9C0D-401D29836E76} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-15 00:30 - 2013-08-08 13:00 - 000207160 _____ () C:\Windows\SysWOW64\AsHookDevice.exe
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-12-13 06:28 - 2012-04-24 05:43 - 000390632 ____R () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-09-24 18:20 - 2016-09-24 18:21 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-12-15 00:28 - 2013-08-28 10:24 - 000920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-12-15 00:29 - 2013-08-08 20:33 - 001114768 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-28 19:01 - 2018-02-28 19:01 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-02-28 19:01 - 2018-02-28 19:01 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 003460736 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\LeagueClient.exe
2018-03-07 19:20 - 2018-03-07 19:20 - 001720448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\LeagueClientUx.exe
2018-02-22 23:01 - 2018-02-21 22:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-22 23:01 - 2018-02-21 22:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000892032 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\LeagueClientUxRender.exe
2017-07-04 03:27 - 2017-07-04 03:27 - 000190208 _____ () C:\Program Files (x86)\ClownfishVoiceChanger\ClownfshAPO64.dll
2017-12-12 15:22 - 2017-12-12 15:22 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-12-12 15:22 - 2017-12-12 15:22 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-12-12 15:22 - 2017-12-12 15:22 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-12-12 15:22 - 2017-12-12 15:22 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2013-12-15 00:28 - 2018-03-14 17:43 - 000035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-12-15 00:28 - 2010-06-28 21:58 - 000104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000108672 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\zlib.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000128640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\yaml.dll
2018-03-07 19:20 - 2018-02-22 17:37 - 001353856 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000625792 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000999552 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000522368 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000520832 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-riot-messaging-service\rcp-be-riot-messaging-service.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000668800 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000571008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000451200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000615040 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000539264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000583296 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000582272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000760448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000479360 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-pre-end-of-game\rcp-be-lol-pre-end-of-game.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000768128 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000444544 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000498816 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000544896 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000496768 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000799872 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000644224 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-champions\rcp-be-lol-champions.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000446592 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000670336 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000501888 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-inventory\rcp-be-lol-inventory.dll
2018-03-07 19:20 - 2018-02-22 17:37 - 000548992 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-loadouts\rcp-be-lol-loadouts.dll
2018-03-07 19:20 - 2018-02-22 17:37 - 000869504 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000567424 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000643200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000518272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 001577088 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 001547904 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000746112 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000605824 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000493696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000518272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000919168 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000472704 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-kickout\rcp-be-lol-kickout.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000436352 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000479360 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2018-03-07 19:20 - 2018-02-22 17:37 - 000439936 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000663168 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000522368 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000435328 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000806016 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000594560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000568960 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000584320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000530560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000558720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000642176 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000715392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000785536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000530560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000574080 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000504960 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000487040 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000545920 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000546432 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000484992 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-purchase-widget\rcp-be-lol-purchase-widget.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000538752 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-personalized-offers\rcp-be-lol-personalized-offers.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000469632 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-user-experience\rcp-be-lol-user-experience.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000542848 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-simple-dialog-messages\rcp-be-lol-simple-dialog-messages.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000610944 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-highlights\rcp-be-lol-highlights.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000622720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-honor-v2\rcp-be-lol-honor-v2.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000465024 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2018-03-07 19:20 - 2018-02-22 17:37 - 000488576 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-entitlements\rcp-be-entitlements.dll
2018-03-07 19:20 - 2018-02-10 03:38 - 000630912 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-missions\rcp-be-lol-missions.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000584832 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-item-sets\rcp-be-lol-item-sets.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000500352 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-email-verification\rcp-be-lol-email-verification.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000466560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-las-toxicity\rcp-be-lol-las-toxicity.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000512128 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-geoinfo\rcp-be-lol-geoinfo.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000466560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-content-targeting\rcp-be-lol-content-targeting.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 001162880 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-clash\rcp-be-lol-clash.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000661120 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000528000 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-banners\rcp-be-lol-banners.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000744576 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-voice-chat\rcp-be-voice-chat.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000617600 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-premade-voice\rcp-be-lol-premade-voice.dll
2018-03-07 19:20 - 2018-01-27 00:19 - 000532096 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-featured-modes\rcp-be-lol-featured-modes.dll
2018-03-07 19:20 - 2018-01-27 00:24 - 000451712 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-payments\rcp-be-payments.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000719488 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-perks\rcp-be-lol-perks.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000453248 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-discord-rp\rcp-be-lol-discord-rp.dll
2018-03-07 19:20 - 2018-02-07 06:17 - 000530560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\Plugins\rcp-be-lol-account-verification\rcp-be-lol-account-verification.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 055775872 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\libcef.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 001801344 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\libglesv2.dll
2018-03-07 19:20 - 2018-03-07 19:20 - 000022144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.129\deploy\libegl.dll
2018-01-08 23:57 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-08 23:57 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-08 23:57 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Trebor\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 11:58 - 2018-03-14 23:40 - 009634296 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 11:58 - 2018-02-01 00:55 - 001508344 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 11:58 - 2018-01-09 11:58 - 000513016 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 11:58 - 2018-01-09 11:58 - 002662904 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 11:58 - 2018-03-14 23:40 - 001517560 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-02-15 18:07 - 2018-02-15 18:07 - 001910264 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-02-15 18:07 - 2018-02-15 18:07 - 000422392 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-02-15 18:07 - 2018-02-15 18:07 - 000145400 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-01-09 11:59 - 2018-03-10 04:26 - 002749944 _____ () \\?\C:\Users\Trebor\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2016-03-23 11:04 - 2016-03-23 11:04 - 000091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 000200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2016-03-23 11:02 - 2016-03-23 11:02 - 000224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvkkbjlj.sys:changelist [3790]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\peurlmyr.sys:changelist [2466]
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Trebor\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\star_art_sky_night_people_silhouette_98142_1920x1080.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "GamecomSound"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "AutoMoparscape.lnk"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\StartupFolder: => "frantic.jar"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3035021999-202699363-1705453404-1002\...\StartupApproved\Run: => "MyComGames"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{8F0651C3-8BF8-4257-AC2E-6E9BC4A30785}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{51DA1489-18E3-44F3-9AB7-932D440D0F2E}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{79858DD1-4017-476B-9291-0DF05A98F098}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe
FirewallRules: [TCP Query User{C0F546F2-3FDD-4E05-ACBB-64CA2F0AF811}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43804.exe
FirewallRules: [{C3E63614-9E22-41AE-B43E-AFB850F3E567}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{2B67BB1A-A357-4C4A-B2CF-61FA59F2DDF5}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [UDP Query User{724C4D3F-3C3A-4E2F-9597-B3222F0BC747}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe
FirewallRules: [TCP Query User{0F4A9AEA-BDEB-40D5-B44D-E6040DADC2F0}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43580.exe
FirewallRules: [UDP Query User{5CAA4B01-CA10-44B3-BEEE-A09406F4E1B5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{908E560D-45EE-485D-8A67-9DB6E6793256}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1BD71806-2811-493E-B4DC-C66885CE7914}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C70EA4EF-571D-4B87-82F9-AD46E6CD1757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0935FCB1-1072-449C-95CA-B10F34893A29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D27C66A-1627-456B-BA31-DE9A3F93EF16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8729FE3B-81BC-43EE-BA06-50AB1F9E2A0E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{FF29388E-17CC-4272-9843-5391EC56C0EA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{D2D7E15C-9D86-414B-A800-D44079C0B4DD}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{01860123-129A-4671-8567-E4C91CF1A6F9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{3BAC5700-2B3A-4B64-BC45-45E2E6479B25}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{9E5F0FA6-854F-4DDA-9100-6B47345993D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{C58FD6A6-1073-4380-82D2-6DBA30D5DE2B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{61073685-B266-4898-ABAD-3CAFF24F58E3}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [TCP Query User{0346C284-7CA8-4AE9-95AA-D87B8AB4BC8C}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [{10661419-BD16-48D9-89CB-D438F7813A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{869862DC-1F78-4744-BF27-0637553100DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{34665D80-7B27-49BF-A1A3-07EB1C2CE151}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{DDDF43C4-9FD9-41D0-90DC-6FA851B422DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{02B9A24B-B22C-4537-BEA1-CCB1B6E8AE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{2EFA5491-466D-48D9-B073-4D6BA650FAEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{CDF6B68E-B1E3-4990-92CA-5FC6F81E01D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2AD3A8A6-E4D5-424E-AEA8-016A593E0A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{74566B63-173C-4E02-93AE-4D6AC44F0FCA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A04801D4-4F79-47C9-BEA2-896C5D964751}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{32EB4D50-E96A-4AED-AD23-F901F533F92F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{76C7B864-9225-4BA8-BC12-FCC4B453473C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EEE17881-AEFC-4B22-BEF8-1464BBBB89C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EDA64D72-F123-474E-B80B-3C2C0C411A36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{9EF6D615-D7D4-45DC-A223-2446121E7953}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [TCP Query User{D9C04A0B-403D-4F9B-A16D-1F3B1B2D4474}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [{5561633B-0E3A-422E-95A2-D8F869DEAF81}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{65BCD0CD-85B7-49F1-BE32-0D8E383020E4}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{289212A9-2DB6-4D50-A06F-149FA16A36AF}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{2D2888D2-5567-4859-8228-A59C161C4D09}] => (Allow) C:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [UDP Query User{379E94D8-75F9-404B-BA36-2363698B1B25}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [TCP Query User{D99B3761-2753-4091-B9F5-DCC4709D2E15}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [UDP Query User{F75FEBEE-628B-46F2-A72A-36FF985007D8}C:\users\trebor\desktop\p5\p5.exe] => (Allow) C:\users\trebor\desktop\p5\p5.exe
FirewallRules: [TCP Query User{54991C5D-78EF-4CB0-8985-F6F3D2377B0D}C:\users\trebor\desktop\p5\p5.exe] => (Allow) C:\users\trebor\desktop\p5\p5.exe
FirewallRules: [UDP Query User{F411E835-AC55-4F97-8077-6A61A04D3133}C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe] => (Allow) C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe
FirewallRules: [TCP Query User{0F08E3D0-C751-4983-A78B-623266E61F37}C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe] => (Allow) C:\users\trebor\appdata\local\temp\rar$exa0.189\p5.exe
FirewallRules: [UDP Query User{F1C1B441-0907-48EC-B550-40ED727D80C2}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe
FirewallRules: [TCP Query User{64ED7FB2-A0BE-4507-92BD-003D26154A50}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42923.exe
FirewallRules: [{59CC986C-E1E8-4D4B-9E11-DD16C2B9AF90}] => (Allow) LPort=8317
FirewallRules: [{A84C6C47-0C63-4E4B-BB56-56932E3DF80B}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe
FirewallRules: [{401DBDC2-5519-4A14-8E57-14DEC374BFC4}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe
FirewallRules: [{99FD2FDA-5DB6-4474-8B43-A9C1F968331D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe
FirewallRules: [{1295A446-B042-4B1D-B508-181EBC5CB565}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe
FirewallRules: [{AACDE48A-EE1E-44EE-A419-28234043D142}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{74618083-EE95-47B3-B8A3-DF2F08B91B3B}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [UDP Query User{087E392E-249D-4B2B-8651-C2F8F5084A66}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [TCP Query User{317B68A0-1078-4122-A9A9-FE878EDE66E1}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [UDP Query User{9122A659-12B9-4D78-BC7D-B5DDCD441E44}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{650D02A1-396C-4D2C-B2D3-919563E51647}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Block) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{011DE440-42C4-49BA-B9EA-82714E36EF0F}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{E08DD7CF-3967-43F5-AF7F-1C37E96CFD5B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{669EBA8D-903A-488A-9BCA-0A0303F89DD9}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{1A8DCAF1-5148-42F0-93AA-4BB0782C745C}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CE9DA0DC-DADD-4FD5-A1E3-C0E90C9C530A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{12EDACFE-C25C-4068-85F9-548A740A5217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{90753508-F636-4645-B9D1-04F2B981302E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{3CE44318-A0E5-4B44-8799-DDD5A9F2DD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{7A591A37-4557-4A1F-A3C9-0D29B741D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{B459200E-473A-4D35-9970-FFE1503061DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [UDP Query User{5E614CFF-A8D8-43C6-B462-D471E42E526E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2ECCB791-9E2E-4F52-95A5-BCE8767762A4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B823013F-000D-4B45-A1F5-A39D8FB28F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{0B23772D-A040-4C08-8FA5-CB945007A9D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [UDP Query User{EFF7AC0C-6179-4E1A-9EF5-B2040F0C9538}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F45DCA14-A8AB-4367-A50C-40479230D2A5}C:\users\trebor\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\trebor\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1E5A841D-E821-43FB-9994-C135D171E521}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B768A115-548D-44A5-801C-99B154ABE9A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33448037-AE0B-4028-A39A-B1EB78184CC7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAA0F04F-5374-4210-A3E8-104C1C3574F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2FA7AB95-70B6-4BBB-A961-8E6BA4BC17D1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D2121486-0622-4C1A-855F-0674764CC109}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C224A02-3F18-4E99-BA79-0D3515F33889}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{43E316E2-60DC-431F-ABBA-2D6DCFD5D87F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A3FB3932-7C8E-46C6-AF50-6E64025D05D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{ACEC2385-DFB3-4E94-B716-D197ECFBE943}] => (Allow) LPort=1900
FirewallRules: [{806D9519-C5EC-4457-A59A-C0137A357FC2}] => (Allow) LPort=2869
FirewallRules: [{D0254EB0-F93F-448E-8957-7309C1112C7F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EACA5854-B89E-464B-BFA4-AE6DE1CB939E}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9FE632B7-421E-4A02-97AF-6B62BE177663}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5C65962A-B94B-4E25-8408-6DA260ED3432}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{27FEBA5D-2FF8-4400-AAFE-0ED148C4345F}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{9F3BEB23-6129-4747-B421-AF195801FFF9}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{3D70D653-71F1-4146-B6ED-1671A12A0223}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{8244E444-CBFF-41DE-938E-EB0CDD438105}C:\users\trebor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\trebor\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{FBA02154-E1AA-4782-A3AD-102DC6E5C541}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolution.exe
FirewallRules: [{32FD2B02-CFA6-4D70-95DF-0080E6D4D4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolution.exe
FirewallRules: [{1B674E1C-5F50-4D29-AB19-25188B27FB1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolutionModEditor.exe
FirewallRules: [{9080083E-B0EE-4C07-A197-7BAAA3FC23A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacker Evolution\HackerEvolutionModEditor.exe
FirewallRules: [{F81B8147-0605-4D85-A4E9-8EC3DA6FC645}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DCFAA3A-B37D-4384-9205-38F031B43C23}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22F44E02-F9F7-4F57-8772-CD44B0B6AB42}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FC29A47A-2165-4986-B51C-142F3282B445}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4C80913-41BF-430A-94E9-CEA56D7D726A}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{623734BB-2BDF-49AE-889F-10443B3F74E9}] => (Allow) C:\Users\Trebor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E9BA140A-C472-4ECD-A49B-11D8A722784D}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [UDP Query User{C258D135-842B-4903-8921-2B1135F75C3E}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Block) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [TCP Query User{C07F53C3-546C-4BB9-875C-38456BBD445D}C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{C4954C15-8654-406F-B01F-38A67FEB33F0}C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{8C5CFA53-6C48-4687-8508-9AF0E5E53CEB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{AD1FD3B4-3461-4B8D-B4E0-9F28892A8ACE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{684A5E95-B4BA-463E-9131-F832903E6EF7}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe
FirewallRules: [UDP Query User{DC0F0428-E11F-433F-8B80-B90E46312D8D}C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.4.8_42449.exe
FirewallRules: [{1EF4B2E3-5C5D-4DF4-95FF-2F60E89D6A33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{DC5DCCBC-2361-4717-B523-98A3F4A27781}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [TCP Query User{68C2DD9B-B077-49A8-8080-8D51FB38351A}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{7308A23E-1F3D-4DA4-8684-5F3D1DF1858E}C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\rocksteady studios\batman arkham asylum - game of the year edition\binaries\shippingpc-bmgame.exe
FirewallRules: [{D4DDDF2B-6C1F-4E94-9DDC-37563005FFFC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7A5017EF-6D54-4D07-8D8A-F7A225C7A7E3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7861BACC-C91C-40A2-A537-29242786F832}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{269E427B-11AD-4D2F-AC87-B780442AD753}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7FD52C56-7CCD-4681-9ED6-96678032AC71}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5E14815C-0E8A-4B5E-B47C-613C756E85B6}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{3D9FA8EC-1CB8-4AB5-9764-54727D0FEBE5}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{6FDE3C41-9AE9-418E-9CBD-92B37D431567}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{F15EE7A5-3E00-4A35-BBB5-BA4A43504718}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{657591F7-1E05-4582-A6D6-031C0BA049E6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{60B6F9E3-C7E7-42C7-BD70-9023A3BE6A4F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{BB652096-4188-4E5A-8FED-51080C2814E6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{B3B92D19-4B15-48ED-9EE3-5340B8B0581F}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [UDP Query User{05824476-AD58-4B65-A5F8-2B65FEC6A16D}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [TCP Query User{595FAADE-DA3B-49C1-A7C2-6F0131ADD5B4}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [UDP Query User{3073B1F7-022F-4BD4-8A6C-61C35583FB81}C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\trebor\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [{E1D8DCA5-7820-44C7-A4FF-D65938301F64}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CA9C12FA-699D-4DA6-BD67-D202420195E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{1C97999E-1F9B-4029-B105-0ACFCD94BAE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0BC0689F-8CE8-4032-9D39-9824859C471C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{819814F6-6FE2-4467-9BAB-8F147D1170B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{6BC29DAE-99F3-4D95-8DFE-D777DBB24122}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{119C89A9-193B-4338-BFF6-387E8F870E15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{04BE5346-F72E-4961-95F8-6B13BE42DD50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7925FC44-B61E-4B64-AF17-002874AB8E41}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B483D05A-35F0-4DE6-814F-56468DA63205}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{F729AA28-C323-4750-BEBE-776BF8D04705}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3E0686AA-9317-46AB-BBDB-52D7C6AA4364}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{09FEA43C-37D8-444E-ADDB-19B0C6D3F29D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{13018868-B825-4312-BF81-78564282C294}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{46BAAB94-9103-4D21-8B2C-9D26026BF315}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{3FA951E3-E521-4C44-B131-2BBBB5E24CAD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{38EDD920-0372-469F-9295-FD25B5522B65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe
FirewallRules: [{E9BA8F10-E70B-41D8-9BD4-2F66231F157D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe
FirewallRules: [{D8D5C8DE-39D1-432C-9CFC-B5B957B99B66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{04A3C79C-310B-491A-B7B5-CF6F6023F4B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [TCP Query User{54C44AA4-3C95-4A75-B82F-367CE67ABA81}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{1FFACB2B-8DD8-4295-AB21-321EBD614C71}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{2616E624-D0D8-4359-A409-9AE8D235634F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{DD4E8B4D-552D-4EFF-B1C1-B2E6AD28F1DD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{7925C72C-9C88-4CBF-A47F-907F54E6872F}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
FirewallRules: [UDP Query User{10CE76FD-F806-42B6-A7BD-288266398153}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe
 
==================== Restore Points =========================
 
10-03-2018 22:28:36 Windows Modules Installer
14-03-2018 04:10:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: VMware VMCI Host Device
Description: VMware VMCI Host Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: vmci
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2018 11:40:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RadeonSettings.exe, version: 10.1.2.1703, time stamp: 0x5a725548
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1648
Faulting application start time: 0x01d3bc179a854448
Faulting application path: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Faulting module path: unknown
Report Id: 18b49c21-f42b-4619-8f2b-92b81ba2527b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/14/2018 11:39:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/14/2018 04:15:08 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL VMware. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (03/14/2018 02:22:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/14/2018 02:22:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/13/2018 08:20:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 159c
 
Start Time: 01d3bb323045bc2b
 
Termination Time: 3
 
Application Path: C:\Users\Trebor\Desktop\CKScanner.exe
 
Report Id: 5edd9a38-dca0-486b-8b90-5e7d90aa4031
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/13/2018 02:22:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (03/13/2018 02:22:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
 
System errors:
=============
Error: (03/14/2018 11:44:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/14/2018 11:44:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender Antivirus Service service to connect.
 
Error: (03/14/2018 11:39:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/14/2018 11:39:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/14/2018 06:39:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Feature update to Windows 10, version 1709.
 
Error: (03/14/2018 05:51:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.263.562.0).
 
Error: (03/14/2018 05:49:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (03/14/2018 05:41:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMUSBArbService service failed to start due to the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
===================================
Date: 2017-10-19 00:47:20.495
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4B2FEECD-409D-4D41-88EE-525F0DFC0191}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-19 00:13:35.822
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {008DB5D1-ECA0-4634-B798-93CD8107EEE2}
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2017-10-19 00:07:44.222
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A30DFFFA-EC65-4932-8D1F-3A5EFCCCBCC7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-08 15:51:21.395
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EA8FE8B8-9E8D-4B5B-A36D-919FFD90A6D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-03 14:18:46.458
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2FAD43BB-C9E6-4E72-856E-E1AA6F842F5F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2017-10-16 01:45:50.468
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.798.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2017-10-16 01:45:50.467
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2017-10-13 15:13:12.324
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.725.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2017-10-07 17:15:14.556
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.253.451.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14202.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2017-09-25 13:39:06.303
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.251.1412.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14104.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 
 
CodeIntegrity:
===================================
 
Date: 2018-02-28 19:00:47.152
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:59:01.240
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:59:01.237
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:59:01.234
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:58:59.112
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:55:43.987
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:55:43.983
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-28 18:55:43.980
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-125533.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8300 Eight-Core Processor 
Percentage of memory in use: 44%
Total physical RAM: 12203.47 MB
Available physical RAM: 6713.07 MB
Total Virtual: 14059.47 MB
Available Virtual: 8526.91 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1849.08 GB) (Free:1279.07 GB) NTFS
 
\\?\Volume{d2b1454e-cdc3-4eaf-8bc5-ef232bdcce5a}\ (Windows RE tools) (Fixed) (Total:0.78 GB) (Free:0.54 GB) NTFS
\\?\Volume{3d75ccdf-bada-4792-be2b-349b0be5730b}\ (Recovery image) (Fixed) (Total:12.78 GB) (Free:3.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0E12EE9D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#12 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 16 March 2018 - 11:04 AM

Hi trebor2828,

Let's run RKill.

  • Please download RKill from here and save it to your desktop.
  • On your desktop, double-click on RKill.
  • If a User Account Control dialog box opens, click Yes to allow RKill to run.
  • A black command prompt-like box will appear briefly and then disappear.
  • Do not restart your computer after this, as if you do, you will need to rerun RKill.
  • Notepad should open a file called RKill.log. Please copy and paste that into your next reply. If it does not open automatically it should have been saved to C:\RKill.log.

If the tool for some reason does not run properly, please retry the above steps using this file. When running that file, make sure to run the file as administrator.

Let's run a fix using FRST.

  • Highlight the contents of the code box below, then press Ctrl + C on your keyboard to copy it, You do not need to paste it anywhere, it need only be in your clipboard.
    CreateRestorePoint:
    CloseProcesses:
    C:\Windows\Temp\mshgmcrsrv.exe
    C:\Users\Trebor\AppData\Local\unilwph
    VirusTotal: C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frantic.jar;C:\Users\Trebor\Downloads\Itunes.com
    HKLM\SYSTEM\CurrentControlSet\Services\hzcgu <==== ATTENTION (Rootkit!)
    C:\Users\Trebor\Downloads\Windows 10 Pro v.1511 En-us x64 July2016 Pre-Activated-=TEAM OS=-
    C:\WINDOWS\system32\Drivers\atampswz.sys
    C:\Users\Trebor\AppData\Local\SKIDROW
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
    C:\Program Files (x86)\R.G. Mechanics
    C:\Users\Trebor\AppData\Local\Temp\5b8820cfcb94b32e98455a955d292f21.dll
    C:\Users\Trebor\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
    C:\Users\Trebor\AppData\Local\Temp\tmp941C.exe
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvkkbjlj.sys:changelist [3790]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\peurlmyr.sys:changelist [2466]
    AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
  • From your desktop, right click FRST and click Run as Administrator.
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Fix and wait for the fixlist to be run.

Do you recognize these files?

There are a few files which I do not recognize, but which you may. Can you please tell me if you recognize any of these files and what their purposes are if you do?

  • C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frantic.jar
  • C:\Users\Trebor\Downloads\Itunes.com. Note that this file is an executable file, and not a shortcut to Itunes.com.

In your next reply, please include the following:

  • RKill.log
  • Fixlog.txt
  • Do you recognize the files?

sasschary



#13 trebor2828

trebor2828
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 16 March 2018 - 01:52 PM

I recognize both files.

 

I think the source of the malware is the unilwph file. When my cpu is being ran by the malware the processes come back to it. Also, you can see that it wasn't able to be moved by the fix.

 

This is Rkill

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/16/2018 01:43:28 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Trebor\Downloads\FRST64.exe (PID: 11520) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 
This is fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Trebor (16-03-2018 13:46:08) Run:1
Running from C:\Users\Trebor\Downloads
Loaded Profiles: Trebor (Available Profiles: Trebor)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Windows\Temp\mshgmcrsrv.exe
C:\Users\Trebor\AppData\Local\unilwph
VirusTotal: C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frantic.jar;C:\Users\Trebor\Downloads\Itunes.com
HKLM\SYSTEM\CurrentControlSet\Services\hzcgu <==== ATTENTION (Rootkit!)
C:\Users\Trebor\Downloads\Windows 10 Pro v.1511 En-us x64 July2016 Pre-Activated-=TEAM OS=-
C:\WINDOWS\system32\Drivers\atampswz.sys
C:\Users\Trebor\AppData\Local\SKIDROW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
C:\Program Files (x86)\R.G. Mechanics
C:\Users\Trebor\AppData\Local\Temp\5b8820cfcb94b32e98455a955d292f21.dll
C:\Users\Trebor\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
C:\Users\Trebor\AppData\Local\Temp\tmp941C.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvkkbjlj.sys:changelist [3790]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\peurlmyr.sys:changelist [2466]
AlternateDataStreams: C:\Users\Public\AppData:CSM [480]
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\Temp\mshgmcrsrv.exe => moved successfully
 
"C:\Users\Trebor\AppData\Local\unilwph" folder move:
 
Could not move "C:\Users\Trebor\AppData\Local\unilwph" => Scheduled to move on reboot.
 
"VirusTotal: C:\Users\Trebor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frantic.jar" => not found
"VirusTotal: C:\Users\Trebor\Downloads\Itunes.com" => not found
HKLM\SYSTEM\CurrentControlSet\Services\hzcgu <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
C:\Users\Trebor\Downloads\Windows 10 Pro v.1511 En-us x64 July2016 Pre-Activated-=TEAM OS=- => moved successfully
"C:\WINDOWS\system32\Drivers\atampswz.sys" => not found
C:\Users\Trebor\AppData\Local\SKIDROW => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics => moved successfully
C:\Program Files (x86)\R.G. Mechanics => moved successfully
C:\Users\Trebor\AppData\Local\Temp\5b8820cfcb94b32e98455a955d292f21.dll => moved successfully
C:\Users\Trebor\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll => moved successfully
C:\Users\Trebor\AppData\Local\Temp\tmp941C.exe => moved successfully
C:\WINDOWS\system32\Drivers\nvkkbjlj.sys => ":changelist" ADS removed successfully
C:\WINDOWS\system32\Drivers\peurlmyr.sys => ":changelist" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-03-2018 13:49:33)
 
C:\Users\Trebor\AppData\Local\unilwph => Could not move
 
==== End of Fixlog 13:49:38 ====


#14 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 18 March 2018 - 07:48 PM

Hi trebor2828,
 

I think the source of the malware is the unilwph file.

You have thought correctly, that is part of the infection. The next set of instructions is rather long, so I suggest you read through everything before doing anything. Additionally, since you will have to restart your computer and then will not have internet access, you will want to make sure you have some other method of accessing this post, be it by printing this thread, having it open on a phone nearby, or some other similar method. Also, since you are able to boot into the infected computer, you can use that computer instead of a separate, clean computer.

Let's run an FRST fix from the Recovery Environment

Note: You will need both a USB flash drive and a clean computer in order to complete these steps. Please start out working on the clean system with the USB drive plugged into it.

We need to first create a fixlist for FRST to run.

  • Open Notepad and paste the text given below in the window.
    C:\Users\Trebor\AppData\Local\unilwph
    DeleteKey: HKLM\SYSTEM\ControlSet001\Services\hzcgu
  • Click File -> Save, and a Save As dialog box should appear.
  • In the Save As dialog, browse to your USB flash drive.
  • Type fixlist in the File Name box and ensure that Text Documents (*.txt) is selected in the Save As Type box.
  • Click Save.

Now we need to download FRST and run the fixlist.

  • Please download the 64 Bit version of the Farbar Recovery Scan Tool from here and save it to your USB flash drive, in the same place you saved fixlist.txt.
  • Unplug your USB flash drive and plug it in to the infected computer.
  • Turn off the infected system.
  • Turn your computer on, but once the system starts booting, press and hold the power button to turn it off again.
  • Repeat Step 4 two more times.
  • Turn on your system again, and let it boot completely. It should boot into an automatic repair mode.
  • After the startup repair process completes, press Advanced options, then Troubleshoot, Advanced Options, and finally Command Prompt.
  • You should be asked to sign in. Click your username, and then enter your password on the next screen.
  • A command prompt should appear. Type notepad and press Enter on your keyboard.
  • In the Notepad window which opens, click the File menu, then click Open.
  • In the Open dialog box, click This PC.
  • Look for your USB drive and find what drive letter it has. This will probably look something like E:\.
  • Click Cancel and close Notepad.
  • Back in the command prompt, type E:\FRST64.exe, replacing E:\ with the letter you found earlier. So, if you found it to be G:\, you should type G:\FRST64.exe.
  • Press Enter on your keyboard.
  • FRST should open. Click Yes to allow FRST to run.
  • Click Fix.
  • Once the fix is complete, it will save a log called fixlog.txt to your USB drive. Please open it on the computer you are using to post here, then copy and paste it into your next reply.

In your next reply, please include the following:

  • fixlog.txt

sasschary



#15 sasschary

sasschary

  • Malware Study Hall Senior
  • 847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:15 AM

Posted 21 March 2018 - 06:23 PM

Hi, trebor2828,

 

Are you still with me?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users