Malware problem computer workings slowly. There are processes that i didn't install.
Page 1 of 2 12 LastLast
Results 1 to 15 of 24

Thread: Malware problem computer workings slowly. There are processes that i didn't install.

Hybrid View

  1. #1
    Join Date
    Mar 2017
    Posts
    17

    Malware problem computer workings slowly. There are processes that i didn't install.

    I have opened my computer after long time found out that it is infected. There are processes that I didn't do anything to install such as "domino.exe" "vmsnap3.exe" I used malwarebytes anti-rootkit I get the error "The system volume seems inaccessible or encrypted. Scan can't continue."


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by Asce (administrator) on FIRE_FIST (24-03-2017 14:08:41)
    Running from C:\Users\Asce\Desktop
    Loaded Profiles: Asce & (Available Profiles: Asce)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
    () C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    () C:\Windows\SysWOW64\XSrvSetup.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\Gigabyte\smart6\timelock\TimeMgmtDaemon.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\loggingserver.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    () C:\Users\Asce\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\Gigabyte\smart6\timelock\AlarmClock.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    () C:\Program Files\Sublime Text 3\sublime_text.exe
    (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net.exe
    (Valve Corporation) C:\Steam\Steam.exe
    () C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
    (Valve Corporation) C:\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Steam\bin\steamwebhelper.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera_crashreporter.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Malwarebytes Corp.) C:\Users\Asce\Downloads\mbar-1.09.3.1001.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Malwarebytes) C:\Users\Asce\Desktop\mbar\mbar.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5485\Agent.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    () C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
    (Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
    HKLM\...\Run: [VMSnap3] => C:\Windows\VMSnap3.exe [49152 2006-07-18] (Vimicro)
    HKLM\...\Run: [Domino] => C:\Windows\Domino.exe [49152 2006-07-04] ()
    HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5189176 2015-05-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-23] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2569104 2015-12-11] ()
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
    HKLM-x32\...\Run: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [20480 2007-07-26] ()
    HKLM-x32\...\Run: [SoliCallPro] => C:\Program Files (x86)\SoliCall\bin\SoliCall_Pro.exe [1940584 2015-05-30] ()
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Asce\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [f.lux] => C:\Users\Asce\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [GNE_SwapScreen] => C:\Users\Asce\Desktop\SwapScreen.exe
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-19] (Voobly)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-05-28] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Steam] => C:\Steam\steam.exe [3013200 2016-01-02] (Valve Corporation)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Spotify Web Helper] => C:\Users\Asce\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-17] (Spotify Ltd)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [GoogleChromeAutoLaunch_869D1C098422C3FF363196C3B970F3FA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\MountPoints2: {03f5a58e-0cdf-11e4-9364-fa05310c68ca} - F:\AutoRun.exe
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\MountPoints2: {10963882-1014-11e4-ba5d-c05a936a09ba} - F:\setup.exe
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Octoshape Streaming Services] => C:\Users\Asce\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\Asce\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GNE_SwapScreen] => C:\Users\Asce\Desktop\SwapScreen.exe
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-19] (Voobly)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-05-28] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Steam\steam.exe [3013200 2016-01-02] (Valve Corporation)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Asce\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-17] (Spotify Ltd)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_869D1C098422C3FF363196C3B970F3FA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {03f5a58e-0cdf-11e4-9364-fa05310c68ca} - F:\AutoRun.exe
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {10963882-1014-11e4-ba5d-c05a936a09ba} - F:\setup.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CheVolume.lnk [2015-06-03]
    ShortcutTarget: CheVolume.lnk -> C:\Program Files (x86)\WellWeWeb\CheVolume\CheVolume.exe (WellWeWeb)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-05-02]
    ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-1292172697-4276861399-4271014393-1000] => 37.239.46.50:80
    ProxyServer: [S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => 37.239.46.50:80
    Tcpip\Parameters: [DhcpNameServer] 139.179.30.24 139.179.10.13
    Tcpip\..\Interfaces\{002F3112-3E11-4216-8254-E6C7BFD34FE5}: [DhcpNameServer] 85.25.83.11 8.8.8.8
    Tcpip\..\Interfaces\{0A87EDDF-4DA3-45DE-9CF4-4DF1736A9197}: [DhcpNameServer] 85.25.83.11 8.8.8.8
    Tcpip\..\Interfaces\{0BE02F3D-1738-4A38-ABA4-74E12809B258}: [DhcpNameServer] 85.25.83.11 8.8.8.8
    Tcpip\..\Interfaces\{60B144C7-C780-4A62-8526-3B93ADD31C4A}: [DhcpNameServer] 85.25.83.11 8.8.8.8
    Tcpip\..\Interfaces\{A31C4A9E-95FD-4295-92BE-02C9E1287228}: [DhcpNameServer] 85.25.83.11 8.8.8.8
    Tcpip\..\Interfaces\{D38BF8D7-4BA9-4FB1-B438-564050461773}: [DhcpNameServer] 85.25.83.11 8.8.8.8
    Tcpip\..\Interfaces\{DA2D582E-7FDF-4CC8-A295-2DB4EC3588B7}: [DhcpNameServer] 139.179.30.24 139.179.10.13

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.com.tr/?clid=1818323
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://tr.msn.com/?rd=1&ucc=TR&dcc=TR&opt=0&ocid=iehp
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.com.tr/?clid=1818323
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://tr.msn.com/?rd=1&ucc=TR&dcc=TR&opt=0&ocid=iehp
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-28] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-28] (Oracle Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.5.0\ViProtocol.dll [2015-12-11] (AVG Secure Search)

    FireFox:
    ========
    FF HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
    FF HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.5.0\\npsitesafety.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2020-04-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2020-04-03] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1292172697-4276861399-4271014393-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Asce\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
    FF Plugin HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Asce\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
    FF Plugin ProgramFiles/Appdata: C:\Users\Asce\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-07-30] (Octoshape ApS)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com.tr/"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default [2017-03-24]
    CHR Extension: (Google Translate) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
    CHR Extension: (Google Docs) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
    CHR Extension: (Google Drive) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
    CHR Extension: (imgur Extension by Metronomik) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2017-03-24]
    CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-24]
    CHR Extension: (AdBlock) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-24]
    CHR Extension: (Document online) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdogoocenkoogpajficlnleblfoelph [2015-09-25]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-03-24]
    CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-03-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-24]
    CHR Extension: (Hover Zoom) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-03-24]
    CHR Extension: (Enhanced Steam) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-03-24]
    CHR Extension: (Gmail) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR Extension: (Chrome Media Router) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-24]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1049000 2015-12-08] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1257504 2015-12-03] ()
    R2 DES2 Service; C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-12-25] (EasyAntiCheat Ltd)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-23] (NVIDIA Corporation)
    U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-23] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-23] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-23] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-08] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-10-08] ()
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [176264 2015-05-28] (Sandboxie Holdings, LLC)
    R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5189176 2015-05-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
    R2 vToolbarUpdater3.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe [1829776 2015-12-11] (AVG Secure Search)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] ()
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-20] (Disc Soft Ltd)
    R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
    R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-03-24] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-24] (Malwarebytes)
    S3 msvad_simple; C:\Windows\System32\solicall.sys [40664 2010-10-30] (SoliCall)
    R3 Neo_braz; C:\Windows\System32\DRIVERS\Neo_0005.sys [28640 2015-05-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-23] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [188552 2015-05-28] (Sandboxie Holdings, LLC)
    S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2015-07-21] (ShiningMorning Inc.)
    S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
    S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-04-03 08:39 - 2020-04-03 08:41 - 00524288 ___SH C:\Users\Asce\ntuser.dat{da51557c-7575-11ea-8411-00aca320a6d8}.TMContainer00000000000000000002.regtrans-ms
    2020-04-03 08:39 - 2020-04-03 08:41 - 00524288 ___SH C:\Users\Asce\ntuser.dat{da51557c-7575-11ea-8411-00aca320a6d8}.TMContainer00000000000000000001.regtrans-ms
    2020-04-03 08:39 - 2020-04-03 08:41 - 00065536 ___SH C:\Users\Asce\ntuser.dat{da51557c-7575-11ea-8411-00aca320a6d8}.TM.blf
    2017-03-24 14:08 - 2017-03-24 14:09 - 00029678 _____ C:\Users\Asce\Desktop\FRST.txt
    2017-03-24 14:08 - 2017-03-24 14:08 - 00000000 ____D C:\FRST
    2017-03-24 14:08 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2017-03-24 14:08 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2017-03-24 14:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-03-24 14:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-03-24 14:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-03-24 14:08 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2017-03-24 14:08 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2017-03-24 14:08 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2017-03-24 14:07 - 2017-03-24 14:08 - 00000000 ___SD C:\ComboFix
    2017-03-24 13:05 - 2017-03-24 13:05 - 02424832 _____ (Farbar) C:\Users\Asce\Desktop\FRST64.exe
    2017-03-24 12:58 - 2017-03-24 14:07 - 00000000 ____D C:\Qoobox
    2017-03-24 12:57 - 2017-03-24 14:07 - 00000000 ___SD C:\32788R22FWJFW
    2017-03-24 12:57 - 2017-03-24 12:57 - 05659269 ____R (Swearware) C:\Users\Asce\Downloads\ComboFix.exe
    2017-03-24 12:57 - 2017-03-24 12:57 - 00000000 ____D C:\Windows\erdnt
    2017-03-24 12:38 - 2017-03-24 12:38 - 00000880 _____ C:\Users\Public\Desktop\Overwatch.lnk
    2017-03-24 12:38 - 2017-03-24 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
    2017-03-24 12:10 - 2017-03-24 12:12 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-03-24 12:10 - 2017-03-24 12:10 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-03-24 12:10 - 2017-03-24 12:10 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-03-24 12:09 - 2017-03-24 13:59 - 00000000 ____D C:\Users\Asce\Desktop\mbar
    2017-03-24 12:09 - 2017-03-24 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-03-24 12:09 - 2017-03-24 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-03-24 12:09 - 2017-03-24 12:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-03-24 12:09 - 2017-03-24 12:09 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2017-03-24 12:09 - 2017-03-24 12:09 - 00001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-03-24 12:09 - 2017-03-24 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-24 12:09 - 2017-03-24 12:09 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-03-24 12:09 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-03-24 12:07 - 2017-03-24 12:38 - 00000000 ____D C:\Program Files (x86)\Overwatch
    2017-03-24 12:07 - 2017-03-24 12:07 - 57131432 _____ (Malwarebytes ) C:\Users\Asce\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-24 12:06 - 2017-03-24 12:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Asce\Downloads\mbar-1.09.3.1001.exe
    2017-03-24 12:05 - 2017-03-24 12:05 - 05788712 _____ C:\Users\Asce\Downloads\qssetup.exe
    2017-03-24 11:58 - 2017-03-24 11:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-03-24 11:43 - 2017-03-24 11:43 - 00000000 ____D C:\Users\Asce\AppData\Local\NVIDIA Corporation
    2017-03-24 11:40 - 2017-03-24 11:40 - 00001389 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2017-03-24 11:37 - 2017-03-24 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-03-24 11:37 - 2017-03-24 11:37 - 00000000 ____D C:\Users\Asce\AppData\Local\NVIDIA
    2017-03-24 11:37 - 2016-01-23 04:54 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2017-03-24 11:37 - 2016-01-23 04:54 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2017-03-24 11:37 - 2016-01-23 04:53 - 01859936 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2017-03-24 11:37 - 2016-01-23 04:53 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2017-03-24 11:37 - 2016-01-23 04:53 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
    2017-03-24 11:35 - 2017-03-24 11:43 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-03-24 11:35 - 2016-01-23 03:12 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2017-03-24 11:34 - 2017-03-24 11:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-03-24 11:34 - 2016-01-23 03:04 - 06368312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2017-03-24 11:34 - 2016-01-23 03:04 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2017-03-24 11:34 - 2016-01-23 03:04 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2017-03-24 11:34 - 2016-01-23 03:04 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2017-03-24 11:34 - 2016-01-23 03:04 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2017-03-24 11:34 - 2016-01-23 03:04 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2017-03-24 11:34 - 2016-01-23 03:04 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2017-03-24 11:34 - 2016-01-23 03:04 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2017-03-24 11:34 - 2016-01-22 23:07 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
    2017-03-24 11:33 - 2016-01-23 05:42 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 37614528 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 31079992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 24911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 21193544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 18758400 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 17626352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 16995064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 16327896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 12379072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2017-03-24 11:33 - 2016-01-23 05:42 - 03683560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 03258664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 02721216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2017-03-24 11:33 - 2016-01-23 05:42 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2017-03-24 11:33 - 2016-01-23 05:42 - 00034905 _____ C:\Windows\system32\nvinfo.pb
    2017-03-24 11:33 - 2015-12-18 08:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2017-03-24 11:33 - 2015-12-18 08:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2017-03-24 11:33 - 2015-12-18 08:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2017-03-24 11:10 - 2017-03-24 11:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2017-03-24 11:10 - 2017-03-24 11:10 - 00000000 ____D C:\NVIDIA
    2017-03-24 11:08 - 2017-03-24 11:09 - 385746880 _____ (NVIDIA Corporation) C:\Users\Asce\Downloads\361.75-desktop-win8-win7-winvista-64bit-international-whql.exe
    2017-03-24 11:08 - 2017-03-24 11:08 - 20647512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-04-03 18:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\wfp
    2020-04-03 18:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\config\systemprofile
    2020-04-03 18:37 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
    2020-04-03 18:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\wbem
    2020-04-03 18:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Drivers\UMDF
    2020-04-03 18:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
    2020-04-03 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\LogFiles
    2020-04-03 10:05 - 2014-07-12 08:43 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2020-04-03 10:05 - 2014-07-12 08:43 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2020-04-03 08:39 - 2014-07-12 08:23 - 00000000 ____D C:\Users\Asce
    2020-04-03 08:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\config\TxR
    2017-03-24 14:09 - 2014-11-20 22:11 - 00000000 ____D C:\Users\Asce\AppData\Local\Battle.net
    2017-03-24 13:47 - 2015-11-10 21:15 - 00000000 ____D C:\Users\Asce\AppData\Local\MalwareProtectionLive
    2017-03-24 13:43 - 2009-07-14 06:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-24 13:43 - 2009-07-14 06:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-24 12:58 - 2015-01-19 23:51 - 00000000 ____D C:\Users\Asce\AppData\Local\LogMeIn Hamachi
    2017-03-24 12:48 - 2016-01-04 23:02 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1451941354
    2017-03-24 12:48 - 2016-01-04 23:02 - 00000000 ____D C:\Program Files (x86)\Opera
    2017-03-24 12:02 - 2014-11-20 22:12 - 00000000 ____D C:\Program Files (x86)\Hearthstone
    2017-03-24 11:57 - 2014-07-25 01:09 - 00000000 ____D C:\ProgramData\Package Cache
    2017-03-24 11:54 - 2014-11-20 22:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2017-03-24 11:54 - 2014-07-13 00:17 - 00000000 ____D C:\Steam
    2017-03-24 11:52 - 2014-11-20 22:11 - 00000000 ____D C:\Users\Asce\AppData\Roaming\Battle.net
    2017-03-24 11:52 - 2014-11-20 22:08 - 00000000 ____D C:\ProgramData\Battle.net
    2017-03-24 11:51 - 2015-11-05 00:14 - 00007608 _____ C:\Users\Asce\AppData\Local\Resmon.ResmonCfg
    2017-03-24 11:48 - 2014-07-12 08:44 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-24 11:47 - 2014-08-05 23:24 - 00000000 ____D C:\Users\Asce\AppData\Roaming\Skype
    2017-03-24 11:47 - 2014-07-12 22:38 - 00000000 ____D C:\ProgramData\MFAData
    2017-03-24 11:47 - 2009-07-14 07:13 - 00783062 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-03-24 11:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
    2017-03-24 11:44 - 2015-05-02 15:26 - 00000000 ____D C:\Program Files\SoftEther VPN Client
    2017-03-24 11:43 - 2015-05-18 14:56 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2017-03-24 11:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-24 11:37 - 2015-07-29 19:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-03-24 11:36 - 2015-06-02 15:04 - 00001766 _____ C:\Windows\Sandboxie.ini
    2017-03-24 11:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
    2017-03-24 11:08 - 2015-10-04 22:42 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-03-24 11:08 - 2015-10-04 22:42 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-03-24 11:08 - 2015-10-04 22:42 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-03-24 11:08 - 2015-10-04 22:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-03-24 11:08 - 2015-10-04 22:42 - 00000000 ____D C:\Windows\system32\Macromed

    ==================== Files in the root of some directories =======

    2015-12-25 09:42 - 2015-12-26 01:41 - 0002136 _____ () C:\Users\Asce\AppData\Roaming\SpeedRunnersLog.txt
    2015-11-05 00:14 - 2017-03-24 11:51 - 0007608 _____ () C:\Users\Asce\AppData\Local\Resmon.ResmonCfg
    2015-12-11 21:02 - 2015-12-11 21:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2015-10-23 19:47 - 2015-10-23 19:47 - 2892128 _____ (AVG Technologies) C:\Users\Asce\AppData\Local\Temp\avg-ae9d4a66-87be-4c57-9f03-a23b13fdc342.exe
    2016-01-05 20:18 - 2015-11-12 16:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Asce\AppData\Local\Temp\avguirn_0899728453.exe
    2015-10-08 19:45 - 2015-10-08 19:49 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Asce\AppData\Local\Temp\drm_dyndata_7400009.dll
    2015-11-10 21:16 - 2015-11-10 23:19 - 0035680 _____ () C:\Users\Asce\AppData\Local\Temp\i4jdel0.exe
    2015-07-18 15:30 - 2015-07-18 15:30 - 0011264 _____ ( ) C:\Users\Asce\AppData\Local\Temp\iuo4idyi.dll
    2015-10-24 21:18 - 2015-12-08 22:45 - 56061688 _____ (Rockstar Games) C:\Users\Asce\AppData\Local\Temp\Social%20Club%20v1.1.6.8%20Setup.exe
    2015-12-21 03:39 - 2015-12-21 03:39 - 56838704 _____ (Rockstar Games) C:\Users\Asce\AppData\Local\Temp\Social%20Club%20v1.1.6.9%20Setup.exe
    2017-03-24 11:48 - 2017-03-24 11:48 - 14456872 _____ (Microsoft Corporation) C:\Users\Asce\AppData\Local\Temp\vc_redist.x86.exe
    2015-08-03 01:58 - 2015-08-03 01:58 - 0118784 _____ () C:\Users\Asce\AppData\Local\Temp\xmlUpdater.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-03-24 13:35

    ==================== End of FRST.txt ============================

  2. #2
    Join Date
    Mar 2017
    Posts
    17
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by Asce (24-03-2017 14:09:52)
    Running from C:\Users\Asce\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2014-07-12 06:23:31)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1292172697-4276861399-4271014393-500 - Administrator - Disabled)
    Asce (S-1-5-21-1292172697-4276861399-4271014393-1000 - Administrator - Enabled) => C:\Users\Asce
    Guest (S-1-5-21-1292172697-4276861399-4271014393-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1292172697-4276861399-4271014393-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @BIOS Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
    µTorrent (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    µTorrent (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version: - )
    A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - A4 TECH)
    Acoustica MP3 CD Burner (HKLM-x32\...\Acoustica MP3 CD Burner) (Version: - Acoustica, Inc)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Aegisub 3.0.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.0.2 - Aegisub Team)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AoE II HD Compatibility Patch version 1.0c (HKLM-x32\...\AoE II HD Compatibility Patch_is1) (Version: 1.0c - )
    AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
    AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
    AVG (Version: 16.12.7294 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4767 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies)
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.5.0.0 - AVG Technologies)
    AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
    Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Battlefield 1942â„¢ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
    Battlefield 3â„¢ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
    Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
    Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
    Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    CheVolume 0.3.0.0 (HKLM-x32\...\CheVolume_0) (Version: 0.3.0.0 - WellWeWeb)
    Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
    Commandos 2: Men of Courage (HKLM-x32\...\Steam App 6830) (Version: - Pyro Studios)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
    Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
    Dead Spaceâ„¢ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
    DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
    Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
    Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version: - )
    Easy Tune 6 B10.0420.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
    Easy Tune 6 B10.0420.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley)
    Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
    f.lux (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Flux) (Version: - )
    f.lux (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version: - )
    Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
    FMW 1 (Version: 1.42.1 - AVG Technologies) Hidden
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Geometry Dash (HKLM-x32\...\Steam App 322170) (Version: - RobTop Games)
    Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
    Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Grand Theft Auto III (HKLM-x32\...\Steam App 12100) (Version: - Rockstar Games)
    Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
    Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version: - Rockstar Games)
    Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version: - Double Fine Productions)
    GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
    Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
    Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\Steam App 275390) (Version: - DrinkBox Studios)
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)
    H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Daybreak Games)
    Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
    HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
    Hurtworld (HKLM-x32\...\Steam App 393420) (Version: - Bankroll Studios)
    InstallShieldHiRezCurrent (HKLM-x32\...\{9433FC1C-7405-433C-A26D-81076293BBCE}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - Avalanche Studios)
    King's Quest (HKLM-x32\...\Steam App 345390) (Version: - The Odd Gentlemen)
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Lethal League (HKLM-x32\...\Steam App 261180) (Version: - Team Reptile)
    Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
    Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
    Lua for Windows 5.1.4-46 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.46 - The Lua for Windows Project and Lua and Tecgraf, PUC-Rio)
    Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    MAMEUIFX32 (HKLM-x32\...\MAMEUIFX32) (Version: 0.145 - Mamesick)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Minecraft1.7.8 (HKLM-x32\...\Minecraft1.7.8) (Version: - )
    Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - )
    MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
    Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
    NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
    Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - )
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Octoshape Streaming Services (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
    Octoshape Streaming Services (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
    ON_OFF Charge B10.0422.2 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Opera Stable 44.0.2510.857 (HKLM-x32\...\Opera 44.0.2510.857) (Version: 44.0.2510.857 - Opera Software)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
    osu! (HKLM-x32\...\{dd2cc895-8ae6-4b9e-b42a-9aa908c1dca5}) (Version: latest - ppy Pty Ltd)
    Outlast (HKLM-x32\...\Outlast_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    Power MP3 Recorder Cutter v6.5 (HKLM-x32\...\Power MP3 Recorder Cutter_is1) (Version: 6.5 - CooolSoft, Inc.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
    Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
    Quake Live (HKLM-x32\...\Steam App 282440) (Version: - id Software)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Reflex (HKLM-x32\...\Steam App 328070) (Version: - Turbo Pixel Studios)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
    Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
    Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
    Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
    Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - Croteam)
    Serious Sam 2 Dedicated Server Utility (HKLM-x32\...\SS2DedServerUtility) (Version: - )
    Shadow Warrior Classic Redux (HKLM-x32\...\Steam App 225160) (Version: - 3D Realms)
    SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
    ShiftWindow 1.02 (HKLM-x32\...\ShiftWindow_is1) (Version: - Grismar)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Simply Chess (HKLM-x32\...\Steam App 312280) (Version: - BlueLine Games)
    Skypeâ„¢ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
    SMITE (HKLM-x32\...\Steam App 386360) (Version: - Hi-Rez Studios)
    Snaz version 1.9.4.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.9.4.0 - JimsApps)
    SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.15.9546 - SoftEther VPN Project)
    SoliCall Pro (HKLM-x32\...\SoliCall Pro) (Version: - SoliCall)
    Source Dedicated Server (HKLM-x32\...\Steam App 205) (Version: - Valve)
    SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
    Spotify (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
    Spotify (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
    Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
    Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
    SWF Extractor 2.2 (HKLM-x32\...\SWF Extractor_is1) (Version: 2.2 - GlobFX Technologies)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
    Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.7.0.9 - GOG.com)
    The Crew Trial (HKLM-x32\...\Steam App 366310) (Version: - Ivory Tower in collaboration with Ubisoft Reflections)
    The Mean Greens - Plastic Warfare (HKLM-x32\...\Steam App 360940) (Version: - Virtual Basement LLC)
    The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version: - )
    The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED)
    Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    Uplay (HKLM-x32\...\Uplay) (Version: 5.2 - Ubisoft)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
    WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
    WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
    Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Digital Ltd)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {103C58DC-6A11-4132-B128-61354501B69A} - System32\Tasks\{A3DE1E29-CB5E-436B-872E-BB799B0C8DF1} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.105&amp;LastError=404
    Task: {1C19EF2B-55CE-4B9A-9751-508F7C410743} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {275442C4-D16A-4192-AF24-7596AD12785C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
    Task: {28BB728F-23D1-4B05-920F-7E52ECBF1D92} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
    Task: {316804F2-ABEA-4E91-840A-33A1AA0FBE0C} - System32\Tasks\Opera scheduled Autoupdate 1451941354 => C:\Program Files (x86)\Opera\launcher.exe [2017-03-21] (Opera Software)
    Task: {7336F5F1-868C-4651-96B7-E0A2FE1108BB} - System32\Tasks\{533EB031-BF25-4683-BA64-C3FE54B89C09} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
    Task: {88532493-8D42-4E75-9103-E36AC36EDDE5} - System32\Tasks\{136F545B-0559-4304-96C4-F4550D4EB7AF} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.105&amp;LastError=404
    Task: {89E90A11-F5AA-4165-A2EF-2F15D9118E6E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-24] (Adobe Systems Incorporated)
    Task: {ABEDF6F5-C1DC-4CF9-9135-14D209677214} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
    Task: {D9DB1260-259C-49D3-8DC4-DCC47C5390EC} - System32\Tasks\{07F404C9-2511-4B82-AB56-2D81B19FE727} => pcalua.exe -a C:\Users\Asce\Downloads\lgs510.exe -d C:\Users\Asce\Downloads
    Task: {FCB7ED30-AA59-4222-9914-0D20871C1F89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Asce\Desktop\Hand + Wrist Exercises For Gamers - YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.youtube.com/watch?v=EiRC80FJbHU
    ShortcutWithArgument: C:\Users\Asce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg

    ==================== Loaded Modules (Whitelisted) ==============

    2017-03-24 11:34 - 2016-01-23 03:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-05-18 14:41 - 2009-06-17 15:13 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
    2015-05-18 14:45 - 2010-01-19 04:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
    2017-03-24 11:36 - 2016-01-23 04:55 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2015-10-08 00:47 - 2015-10-08 17:56 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2015-12-11 02:00 - 2015-12-11 02:00 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\loggingserver.exe
    2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2014-08-30 08:28 - 2015-12-11 02:00 - 02569104 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
    2015-11-05 21:23 - 2015-11-05 21:23 - 00851488 _____ () C:\Users\Asce\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
    2017-03-24 11:53 - 2017-03-24 11:53 - 01477096 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net Helper.exe
    2015-05-18 14:42 - 2009-05-04 16:56 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\EnergySaver2\ycc.dll
    2017-03-24 11:36 - 2016-01-23 04:55 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-12-11 02:00 - 2015-12-11 02:00 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\log4cplusU.dll
    2015-11-23 22:18 - 2015-11-23 22:17 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
    2017-03-24 11:53 - 2017-03-24 11:53 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\ortp.dll
    2017-03-24 11:53 - 2017-03-24 11:53 - 55758824 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libcef.dll
    2017-03-24 11:53 - 2017-03-24 11:53 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libEGL.dll
    2017-03-24 11:53 - 2017-03-24 11:53 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libGLESv2.dll
    2014-07-13 00:17 - 2015-12-15 07:54 - 00782336 _____ () C:\Steam\SDL2.dll
    2014-12-07 01:58 - 2015-07-03 18:12 - 04962816 _____ () C:\Steam\v8.dll
    2014-12-07 01:58 - 2015-07-03 18:12 - 01556992 _____ () C:\Steam\icui18n.dll
    2014-12-07 01:58 - 2015-07-03 18:12 - 01187840 _____ () C:\Steam\icuuc.dll
    2014-07-13 00:17 - 2016-01-02 01:35 - 02546768 _____ () C:\Steam\video.dll
    2014-08-22 17:27 - 2015-09-24 02:33 - 02549248 _____ () C:\Steam\libavcodec-56.dll
    2014-08-22 17:27 - 2015-09-24 02:33 - 00442880 _____ () C:\Steam\libavutil-54.dll
    2014-08-22 17:27 - 2015-09-24 02:33 - 00491008 _____ () C:\Steam\libavformat-56.dll
    2014-08-22 17:27 - 2015-09-24 02:33 - 00332800 _____ () C:\Steam\libavresample-2.dll
    2014-08-22 17:27 - 2015-09-24 02:33 - 00485888 _____ () C:\Steam\libswscale-3.dll
    2014-07-13 00:17 - 2016-01-02 01:35 - 00802896 _____ () C:\Steam\bin\chromehtml.DLL
    2015-07-08 11:50 - 2015-12-30 03:51 - 00208896 _____ () C:\Steam\bin\openvr_api.dll
    2017-03-24 11:53 - 2017-03-24 11:53 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libglesv2.dll
    2017-03-24 11:53 - 2017-03-24 11:53 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libegl.dll
    2014-07-13 00:17 - 2015-12-15 07:54 - 47846688 _____ () C:\Steam\bin\libcef.dll
    2015-10-16 12:02 - 2015-10-16 12:02 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2014-12-28 18:32 - 2015-09-25 01:56 - 00119208 _____ () C:\Steam\winh264.dll
    2017-03-24 12:02 - 2017-01-16 09:32 - 68769880 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\opera.dll
    2017-03-24 11:59 - 2017-01-16 09:32 - 01895000 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\libglesv2.dll
    2017-03-24 11:59 - 2017-01-16 09:32 - 00087128 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\libegl.dll
    2017-03-24 11:44 - 2017-02-01 11:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
    2017-03-24 11:44 - 2017-02-01 11:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sony.com -> sony.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 139.179.30.24 - 139.179.10.13
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{458A164A-2A83-40A9-9CF6-F09DEB5C42F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{1B9BD2ED-A2F3-4669-9678-CB099CADDAB3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{B92839D7-E05D-4DEE-8FBA-520A41FF0AE5}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{BAA787D1-92B7-4D3F-B05F-073A0C3FB212}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{790DD38B-2D8C-465B-95D4-6249283345C9}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{06424155-76A8-442F-B0E2-346B71524333}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{453E5431-9948-44F6-B71F-030129F475B3}] => (Allow) C:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{0B711E6A-71F6-4981-8A00-4BEF21486E5B}] => (Allow) C:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{12D57C11-4036-480D-8628-06C3DAB5D7F2}] => (Allow) C:\Steam\SteamApps\common\Spacewar\SteamworksExample.exe
    FirewallRules: [{F2A34E0E-A7E3-4978-9FC7-7545C750967D}] => (Allow) C:\Steam\SteamApps\common\Spacewar\SteamworksExample.exe
    FirewallRules: [{B24E8689-9375-4979-9F58-9556DFDD7FE7}] => (Allow) C:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{32EA9E2F-F816-44BA-ADA7-5F8B1FDE2B6A}] => (Allow) C:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{B8ABE8D7-5376-477C-8A90-D4B5F592ABA3}] => (Allow) C:\Users\Asce\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{D46BA8D8-D7AC-48FE-9F6C-708180DF7F6E}] => (Allow) C:\Users\Asce\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{75FD7C1B-D0C9-4085-ADE9-BF37F93A5D53}] => (Allow) C:\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{AE8E5E33-7B66-415E-84FA-1642DA83A2CF}] => (Allow) C:\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{9287F43D-18EB-46BD-A913-37FD1BC1FF29}] => (Allow) C:\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
    FirewallRules: [{884E7D36-4B6B-4D3E-8D80-CAD1B60CCEFC}] => (Allow) C:\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
    FirewallRules: [{8A6B68FF-0820-4845-9BF3-F3DB3C3F304F}] => (Allow) C:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
    FirewallRules: [{13579D56-CA61-4549-B417-482C6BD3C6F7}] => (Allow) C:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
    FirewallRules: [{0AAD6341-F368-4FAB-B66C-817FF697BA9C}] => (Allow) C:\Steam\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
    FirewallRules: [{FDAF864E-C168-49D1-8D38-37692F42C572}] => (Allow) C:\Steam\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
    FirewallRules: [TCP Query User{768D7918-BAE8-456C-94ED-11EE827FBC68}C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [UDP Query User{F538583C-9828-4C5B-A80C-544AF6AC1D02}C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [{E83EB416-9480-48F0-B4C1-4906165AF845}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
    FirewallRules: [{482EF486-1DB9-463A-B689-30230EF651A5}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
    FirewallRules: [{63E62E53-04C2-4159-946D-780877E67A53}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{E0EA29A9-FAAC-479C-8C17-9DECC449766F}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{D1360145-78D8-4529-B7C6-58CB74D8A9E9}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{65778332-9DF7-4531-AB4E-87620C256401}C:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\game.exe
    FirewallRules: [UDP Query User{97158542-D407-4939-A8F9-30EDA29DCD95}C:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\game.exe
    FirewallRules: [TCP Query User{50AE6C6D-1F9C-42F5-B1A6-2C0234462B74}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{5AAC0DEE-0AF7-4937-8946-30C4901D1D8C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [{9DFC48D2-942F-4E37-897C-329190B5BCB6}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
    FirewallRules: [{37563006-1568-43B9-B42F-CF30A98DAB87}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
    FirewallRules: [{FA4C023D-27E3-46A6-94D0-6480170087F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{7784A54E-6C08-4034-8024-AF8AA49A8F64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{627B7053-78CE-4024-8534-37A1941E7C53}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{50E11F07-1D4D-4714-A917-E0B427FB9D4D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{2E9B195F-C120-4732-AB75-E5D9B91AC561}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{21EB7C6D-561D-4AA1-87F8-B187160F0CE7}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{8CEAC588-0974-4388-AE41-6A92077AF354}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{85D49392-4EC9-49D7-BDC9-08479635021C}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{A891EF7A-AD93-473F-9AAF-A5CC84E1CD98}] => (Allow) C:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{A8A09009-989F-444F-A192-5B391A25BC20}] => (Allow) C:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{0C0AB31E-BF19-4E69-8C98-5911AF046FEF}] => (Allow) C:\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [{14908FA5-273F-439C-8C30-A267B52B0222}] => (Allow) C:\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [TCP Query User{845A900A-6D0D-4608-AB2E-66CE50C7CCB1}C:\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\steam\steamapps\common\war thunder\launcher.exe
    FirewallRules: [UDP Query User{356874B1-6180-4C84-87A8-0E5B4651CEEA}C:\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\steam\steamapps\common\war thunder\launcher.exe
    FirewallRules: [{CBE7D417-75D2-4327-B789-0EBC0E25DB39}] => (Allow) C:\Steam\SteamApps\common\Age2HD\Launcher.exe
    FirewallRules: [{348873A4-7388-40EA-A6A6-1CC2A615CB2B}] => (Allow) C:\Steam\SteamApps\common\Age2HD\Launcher.exe
    FirewallRules: [TCP Query User{D3C85D33-E008-4269-AADC-3D8403C8B26C}C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe] => (Allow) C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe
    FirewallRules: [UDP Query User{BB7ADB34-833F-4734-9609-189E9B43CF72}C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe] => (Allow) C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe
    FirewallRules: [TCP Query User{A08EE83E-FD86-4F98-AD8C-CD0D45F2E7C1}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
    FirewallRules: [UDP Query User{DF08D976-FAF6-43AF-BCBA-C131F3016B41}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
    FirewallRules: [TCP Query User{839BB445-A274-4919-88EF-D036D5855D79}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [UDP Query User{B2333D85-D96E-4A70-8571-2E3F3F996556}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [TCP Query User{5CF18D48-96B1-48EB-B1A5-2EA725EA6E0A}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3715\agent.exe
    FirewallRules: [UDP Query User{8E12136B-DC50-4AA2-8B90-AB95AB7F545B}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Allow)

  3. #3
    Join Date
    Mar 2017
    Posts
    17
    C:\programdata\battle.net\agent\agent.3715\agent.exe
    FirewallRules: [TCP Query User{5E48CF9B-3A6C-48A4-92EB-0C046617D9EB}C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
    FirewallRules: [UDP Query User{F47D2C14-5D86-4544-B219-7BB623201125}C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
    FirewallRules: [TCP Query User{D8C08E9A-6FCE-443E-BEA1-176DFF4A8922}C:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\steam\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [UDP Query User{607A5763-C6F7-467F-806E-5B124435373F}C:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\steam\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [{4CBA86BD-46D4-4137-AFDA-6C14BADCAB7B}] => (Allow) C:\Steam\SteamApps\common\Magicka\Magicka.exe
    FirewallRules: [{20553E12-A9A2-405D-BF6A-FC75A27D4BA0}] => (Allow) C:\Steam\SteamApps\common\Magicka\Magicka.exe
    FirewallRules: [{3FE5DB57-0CEF-4D11-89B2-9DED2F66604E}] => (Allow) C:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{064EA017-88CA-4CAC-B5FC-D13B43D029D0}] => (Allow) C:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{DCC914F5-0E9E-402E-B1BB-0C28F526D94B}] => (Allow) C:\Steam\SteamApps\common\Bastion\Bastion.exe
    FirewallRules: [{CC87A59B-86FA-4A28-A52E-FA12B2FC4FCD}] => (Allow) C:\Steam\SteamApps\common\Bastion\Bastion.exe
    FirewallRules: [{337D0EF2-F120-42CE-8CC5-62B392FB42DD}] => (Allow) C:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
    FirewallRules: [{A9A3592E-223C-4A6D-B5B0-1FAEB81437BA}] => (Allow) C:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
    FirewallRules: [{6D760926-C82D-420E-A861-F18D0AC677E1}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{3651B532-0C04-4917-9036-3C7C892052B5}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{A440F110-CF58-4FA0-919E-7DA6030B2B48}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
    FirewallRules: [{B3FBAD54-C776-48E5-96FC-8C59D7F51AB2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    FirewallRules: [{39E13DC8-BD4C-4095-93EA-8C7027A83620}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
    FirewallRules: [{7A5C0495-050F-4100-BFF8-B90CC3A6F240}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    FirewallRules: [{E9E309E2-E2E6-49BF-86B0-43F36EF54DD7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
    FirewallRules: [{F56DB718-D6DA-4D4C-A51C-B71D4C4F066C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
    FirewallRules: [TCP Query User{4EB4B49F-7C22-4EED-9A65-07A8435BE692}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{259A3B69-E6F3-4A3F-8379-06FF4D50FC0D}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [{E02CC463-48D1-420D-BCD0-948A83B0FB9A}] => (Allow) C:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{75B148F3-EDB5-46FC-BFD4-03ACECCAD858}] => (Allow) C:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{EBC98A17-83DE-4EA9-AE90-AFA020F78C98}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
    FirewallRules: [{26EB3412-85B3-4BD4-8543-E281738C45DC}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
    FirewallRules: [{4028C7BE-6823-4B7A-BF03-C0B5FDB2FC70}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{63F54E8A-464E-4C05-834F-53378A25565A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{7ECD9E37-E671-49C2-89CC-0CE1FCEA1D0B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{B9E11AA8-989B-457E-8412-FED0C09FAA7B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{52C178C9-9383-4E4D-AB6F-0EFACA21B481}] => (Allow) C:\Steam\SteamApps\common\H1Z1\LaunchPad.exe
    FirewallRules: [{EB8D9685-B910-4A3F-A3BA-22F09ED80BB1}] => (Allow) C:\Steam\SteamApps\common\H1Z1\LaunchPad.exe
    FirewallRules: [{1F653092-0193-4E9D-A4A9-D9BAB23A62B3}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
    FirewallRules: [{00E7DAF6-55C8-4464-AC17-9EAE73F5E4E3}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
    FirewallRules: [{F99637CA-952B-47AD-AD14-AF6DC74905AB}] => (Allow) C:\Steam\SteamApps\common\Half-Life 2\hl2.exe
    FirewallRules: [{A364DEA6-23BA-401C-B80C-CAD40B226383}] => (Allow) C:\Steam\SteamApps\common\Half-Life 2\hl2.exe
    FirewallRules: [{B5641A06-9510-4386-8D3B-9B965EFB5459}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{04E1DCA9-D488-4A35-9AF9-DB6F2FC757EB}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{44422A73-CAA9-4137-A451-384E7B7C1A22}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{40C4CD7D-3523-4B43-AF57-B73701C12215}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{12A921F1-2A9D-40CA-9456-FA194BFCB4F7}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
    FirewallRules: [{AA0A859B-07F0-4BA3-9E7A-A59240502D6B}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
    FirewallRules: [{D39FD8B2-9260-4187-8BCD-180D1A121F24}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\BeatHazard.exe
    FirewallRules: [{9468B3F8-6539-4430-9E8F-7A56FC000EEA}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\BeatHazard.exe
    FirewallRules: [{5660E3DB-1CD1-4F30-BBC7-4D5BC135E208}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\runme.exe
    FirewallRules: [{793BB8AF-E93F-414D-B6DA-268BA0DA5ADD}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\runme.exe
    FirewallRules: [TCP Query User{1005A1D9-6A03-4EFA-A654-F3AAAC65B81A}C:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) C:\steam\steamapps\common\counter-strike source\hl2.exe
    FirewallRules: [UDP Query User{DA3D4B21-A3AC-491B-BBB2-09911F8ED5AF}C:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) C:\steam\steamapps\common\counter-strike source\hl2.exe
    FirewallRules: [{977241C8-6B2A-43ED-99CD-251F5387F0A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{BB40CF8B-46CF-424C-9BEB-C3E69EA66CF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{7E06EBD3-8902-429D-96E9-4F4704626099}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{B28CDDCB-DB4E-4120-AC00-F74C750EAEA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{40477175-FB13-4A91-8F71-4C0863E7261A}C:\program files (x86)\jack\jackd.exe] => (Allow) C:\program files (x86)\jack\jackd.exe
    FirewallRules: [UDP Query User{00D46205-F72E-4088-93AE-69F501AC46C9}C:\program files (x86)\jack\jackd.exe] => (Allow) C:\program files (x86)\jack\jackd.exe
    FirewallRules: [{F8105125-8BA8-4A51-8E57-93B087A3DFE0}] => (Allow) C:\Steam\SteamApps\common\Gotham City Impostors F2P\Engine.exe
    FirewallRules: [{F96FEC7E-5A55-43BA-817D-7678852B4247}] => (Allow) C:\Steam\SteamApps\common\Gotham City Impostors F2P\Engine.exe
    FirewallRules: [TCP Query User{F6369E5B-2513-4ECD-969E-FE348930B4EA}C:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [UDP Query User{B9CD162F-7332-44EF-829F-152DC5664223}C:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [{9DCBFD6F-2999-4FBC-BA55-AF1BF04B1488}] => (Allow) C:\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
    FirewallRules: [{ED753236-A68E-4324-BBA7-64AC97142180}] => (Allow) C:\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
    FirewallRules: [{53ACA7E4-2CF2-4D1B-A6B1-3944E1442245}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\sw.exe
    FirewallRules: [{C1391A5A-991E-44F6-8A08-1D6D8B94D319}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\sw.exe
    FirewallRules: [{21609DDB-E13E-424C-BA99-562DC521697F}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
    FirewallRules: [{163A9E33-7DA5-4B92-B5D7-146A89D1017D}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
    FirewallRules: [{89F8D722-ED46-49BC-88E7-79EC3D18ED84}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\build.exe
    FirewallRules: [{54B6E249-05C8-4DF3-A11E-533A4B0630B2}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\build.exe
    FirewallRules: [{91BD5A96-25B6-469B-8214-045D3D45E0AB}] => (Allow) C:\Steam\SteamApps\common\Serious Sam 2\Bin\Sam2.exe
    FirewallRules: [{D76CF486-0176-486E-8E63-D89919DD2C4F}] => (Allow) C:\Steam\SteamApps\common\Serious Sam 2\Bin\Sam2.exe
    FirewallRules: [TCP Query User{E79AEF5B-CDF5-4D93-B863-28426B8864DF}C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe] => (Allow) C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe
    FirewallRules: [UDP Query User{2EE07E21-D533-4262-9A98-ED26CC072427}C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe] => (Allow) C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe
    FirewallRules: [{F8969FFB-6159-4A43-B0BB-05734FD1BBB5}] => (Allow) C:\Steam\SteamApps\common\Commandos 2 Men of Courage\comm2.exe
    FirewallRules: [{D63320BC-3121-4027-BA43-55BCF9AEDDEF}] => (Allow) C:\Steam\SteamApps\common\Commandos 2 Men of Courage\comm2.exe
    FirewallRules: [{A5648C60-C137-4E82-B8A6-4C7C44402AE3}] => (Allow) C:\Steam\SteamApps\common\Grand Theft Auto Vice City\gta-vc.exe
    FirewallRules: [{B4F72047-6506-4246-91ED-932D9E6AB248}] => (Allow) C:\Steam\SteamApps\common\Grand Theft Auto Vice City\gta-vc.exe
    FirewallRules: [{25FE4756-9D28-47DE-91A2-47AED6C8D3F4}] => (Allow) C:\Steam\SteamApps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{5C7295D5-8895-477A-A561-0CD5A5E28DF2}] => (Allow) C:\Steam\SteamApps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{BD2BB551-17DB-4F57-AD9A-A407C6C9ED68}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{FEE3A5B0-87D2-4CEC-8A2B-F4F4608181AC}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{2DF41A9A-25EB-4EF2-BE02-621B5742448F}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{19D82A3F-6D85-4DE5-A0D9-494896E22E55}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [TCP Query User{4FC09390-68F5-44A3-AE5C-DC9CBECB5CBF}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
    FirewallRules: [UDP Query User{BCFC344D-0FAA-4581-9D72-FDF142AA8F06}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
    FirewallRules: [{E82AAA06-A582-4049-BE22-2F7B4CE6EDAC}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
    FirewallRules: [{2C449822-5CFE-467F-92C0-E18790451F8E}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
    FirewallRules: [TCP Query User{30D5AB24-1CEA-4142-9A25-6CF3F14E8E07}C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Allow) C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
    FirewallRules: [UDP Query User{CD2B38B6-00E4-4CE3-A83F-A7769712EC2F}C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Allow) C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
    FirewallRules: [{F1DE7916-2403-43E6-981A-16398A49CF26}] => (Allow) C:\Steam\SteamApps\common\The Crew\TheCrew.exe
    FirewallRules: [{8A3392D1-C171-4102-86EB-FCDFFCD4566E}] => (Allow) C:\Steam\SteamApps\common\The Crew\TheCrew.exe
    FirewallRules: [TCP Query User{9BD545FF-621A-4652-B07B-B8F63FDAA3BF}C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe] => (Allow) C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe
    FirewallRules: [UDP Query User{D97670D7-40C8-4411-8BA2-5614DF28E8DD}C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe] => (Allow) C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe
    FirewallRules: [{9A3D033A-FCD6-4FBD-921D-AFC138AB1FB2}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{92A8D395-8F33-464A-BC17-7115E1DE793F}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{14D86838-3752-48AF-989D-5E5A42CF3788}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
    FirewallRules: [{12379673-21C0-465D-A44D-78D53B36A81A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
    FirewallRules: [{D0F6C4AE-F57E-4EC9-8BDF-87D8D4950EAF}] => (Allow) C:\Steam\SteamApps\common\AirMech\AirMech.exe
    FirewallRules: [{A4A6D63A-E11D-445A-B0D8-B7D3A6115A2A}] => (Allow) C:\Steam\SteamApps\common\AirMech\AirMech.exe
    FirewallRules: [TCP Query User{D403AD49-AEA0-4C63-9BF5-16F1BDDC701C}C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe
    FirewallRules: [UDP Query User{12D09060-16DB-44BB-A094-7725AF3CC4EE}C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe
    FirewallRules: [{C69DF29F-F81E-4265-8ACC-92A85E08EDFD}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{EFAE076E-AEF6-47E7-95EA-A835E2BBB425}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{FC4E9CEB-A979-454F-A1FF-C8A98F699476}] => (Allow) C:\Steam\SteamApps\common\Medal of Honor\MP\mohmpgame.exe
    FirewallRules: [{C5385961-ED96-40FD-A3C1-D6F29ECE5904}] => (Allow) C:\Steam\SteamApps\common\Medal of Honor\MP\mohmpgame.exe
    FirewallRules: [{ABEEC177-9161-4546-83B5-D09D820A3999}] => (Allow) D:\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{1E441118-B489-47A1-83A2-E3DFF93C5798}] => (Allow) D:\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{7DB421E5-9D8B-4BDE-AF0A-CEFA08DCB8BE}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
    FirewallRules: [{3B3E78BA-5353-4B0B-9FA0-55AFFDBDAFDC}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
    FirewallRules: [{4796D9DA-8E27-4597-9653-3A14889D8F57}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{418656AB-1D20-44EC-BEDB-E29EA925C85F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{AAE20059-60B3-4B80-8D00-3295B2C2B0E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{4A466575-55FC-4D2C-B2AA-4D3660566503}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{B87F36AA-842A-40EF-B6E8-27548798E9C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{A8555116-534A-428D-B04C-636A71E24141}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{0EDBC1A7-923D-4FD2-BF33-FE783C7B8904}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
    FirewallRules: [{A9BD6E62-3F3F-49C9-91DA-48AE22A97E21}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
    FirewallRules: [TCP Query User{BC0D9FB8-87BE-476D-9F44-9ADA26398327}C:\users\asce\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asce\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{7C06F8F0-F62B-4781-AB2E-F3AED079BA0A}C:\users\asce\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asce\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{79DAE8A2-005F-4664-81F3-638F983ABA34}] => (Allow) D:\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{4632AB5C-9892-4C41-B459-95F9D2C9F23E}] => (Allow) D:\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{BF4E11DC-8684-456B-9BF5-9BDFAAC81F4F}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{3AD1EF6F-E286-4E94-B6FC-242CB9CB2680}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{C152F5B1-83A3-4782-B426-6A4F10E8F7A0}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{9980EB2B-52CC-4000-A12F-16DF86E1215E}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{8A31570E-B9A6-4F32-AA89-0D4B82BE23BC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
    FirewallRules: [{F4B49610-13E0-4433-B5D3-A2E9BA3D8848}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
    FirewallRules: [TCP Query User{F3C73510-4E31-4969-807C-0A9CAA20E395}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [UDP Query User{BA230D1B-712D-47BA-B8E7-570C1CB997F7}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [TCP Query User{0B12062F-ED8A-426D-8C34-9C1B55949527}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe
    FirewallRules: [UDP Query User{05AE1AC8-DD09-4CF9-837B-2EE0231AF0F8}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe
    FirewallRules: [{B020C7DA-D5D0-4233-AEDD-7169A8E4BB52}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [{FE62A208-9F35-4442-976D-2FEEDA4445D7}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{4E45818F-FED2-49A6-9CBD-51D5CC162753}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
    FirewallRules: [UDP Query User{B454EA65-1E22-486F-8A36-8CEC156E7D24}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
    FirewallRules: [{B454E9C7-03B1-4B93-8E94-0359454D7D22}] => (Allow) D:\Steam\steamapps\common\Chess\Chess.exe
    FirewallRules: [{C88A73B2-8CAF-4C03-8882-3C61E8D1BA29}] => (Allow) D:\Steam\steamapps\common\Chess\Chess.exe
    FirewallRules: [{B83943CE-D73A-4598-8DD4-4F5D5AE7248C}] => (Allow) D:\Steam\steamapps\common\Emily is Away\emily is away.exe
    FirewallRules: [{7B75273B-A9B8-4F2A-805E-47DD6C574767}] => (Allow) D:\Steam\steamapps\common\Emily is Away\emily is away.exe
    FirewallRules: [{A2F396A7-B2CF-42CA-AFD9-95D562155303}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{BD86AFE3-7A08-4CBD-8E3C-70F275EC7633}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{FB1DB392-1FBB-470E-A284-A14C21B77E2F}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
    FirewallRules: [{6E4E64A9-BD73-48AB-B9CA-D5069F57BD02}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
    FirewallRules: [{0E2E05FB-A6AC-46EF-B8C9-FC8954FD2E73}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{980162A5-6975-462C-8AAD-CC2293BEE9F6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{16CDBB4C-66AF-46A4-9755-2DEADC4C6069}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{AE7C9832-305E-46B4-9F12-F4EF8EA468B2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{904FFE87-6E67-4438-915C-4FB2E6F1B4FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{A9591A25-332D-41B8-B65C-6ADAE423BED6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [TCP Query User{C0584E31-3065-4474-AA88-C3D2CED601E7}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
    FirewallRules: [UDP Query User{12453E44-3186-4CE2-A32F-0D8D5B419BA8}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
    FirewallRules: [{080F8DDD-54E9-43D3-836E-6EBFB404542C}] => (Allow) D:\Steam\steamapps\common\Hurtworld\Hurtworld.exe
    FirewallRules: [{331F7D72-D517-49C1-B759-60B72E382F3D}] => (Allow) D:\Steam\steamapps\common\Hurtworld\Hurtworld.exe
    FirewallRules: [{10BF1FEB-6697-49DB-8595-E4D1E2E8B83D}] => (Allow) D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{A62301DE-D76B-4513-B3E3-A17BAEDF9566}] => (Allow) D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{03614493-9155-4642-8BCD-76B5E4E58C06}] => (Allow) D:\Steam\steamapps\common\insurgency2\insurgency.exe
    FirewallRules: [{A82C9D23-53BF-4AA1-95D0-69CFEDF188AC}] => (Allow) D:\Steam\steamapps\common\insurgency2\insurgency.exe
    FirewallRules: [{9392E0AC-BA83-4155-999C-15EB4741B59C}] => (Allow) C:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{037A7B93-0AC1-4E8E-95CB-E1EAFD0947A2}] => (Allow) C:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{A17C01CD-8D5D-4417-A7EE-445BB4F45D49}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{83CA53FF-A8E9-4C1C-9061-4E09E4B68BA7}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{AD60D0CB-D079-40B7-AB63-A9DFA29B12B9}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{81CB5D6C-2744-431F-8A83-34309192E094}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{95C4C220-2428-4436-87C7-331BE8F96D80}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{46D42169-680A-4110-80D5-C8F381764AF5}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{F3C6CB40-EBA7-46F7-A5A4-5077C91240FE}] => (Allow) D:\Steam\steamapps\common\Hurtworld\HurtworldClient.exe
    FirewallRules: [{B987E40A-2C59-4489-B0C1-0B408DEB8521}] => (Allow) D:\Steam\steamapps\common\Hurtworld\HurtworldClient.exe
    FirewallRules: [{33E3B8C7-D825-40D4-B88E-26C9C9E26D8C}] => (Allow) D:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{1E4EE38F-AC94-4307-901E-DA37617F72DE}] => (Allow) D:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{B5D7C706-2A1B-429F-90A7-E0220107A5CD}] => (Allow) D:\Steam\steamapps\common\Rust\Rust.exe
    FirewallRules: [{4C03A861-6A96-4C12-B277-300070550356}] => (Allow) D:\Steam\steamapps\common\Rust\Rust.exe
    FirewallRules: [{324A5F0A-2635-4A82-BD38-F34624679746}] => (Allow) D:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{E862CBC5-EFB8-4398-A891-354D4DA629EC}] => (Allow) D:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{1F801F28-19EA-46A0-B39F-28F144AF3F61}] => (Allow) D:\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
    FirewallRules: [{528F2B1E-E34E-4E4C-B767-0C993677A83B}] => (Allow) D:\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
    FirewallRules: [{92B7EAB7-A8C0-4A30-9E7D-F90A1CFB1F59}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
    FirewallRules: [{B694DBF6-C326-4C3B-9863-1C59EAD89BA4}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
    FirewallRules: [{EBE38983-40BD-4F75-BD97-CC6E2B112299}] => (Allow) D:\Steam\steamapps\common\lethalleague\LethalLeague.exe
    FirewallRules: [{1EC91F64-C926-4A17-BE09-D4AAA1CE2DE8}] => (Allow) D:\Steam\steamapps\common\lethalleague\LethalLeague.exe
    FirewallRules: [{736DEABA-05F3-4543-8315-47A10349735F}] => (Allow) D:\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
    FirewallRules: [{E70C31A8-AD26-47B4-A688-C9F944865EF5}] => (Allow) D:\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
    FirewallRules: [{31B84675-81BF-4394-947F-815AD32A6288}] => (Allow) D:\Steam\steamapps\common\DrinkBox_Game4\Game.exe
    FirewallRules: [{D9BC3167-5066-43F0-9FD7-7CDD7910DA8E}] => (Allow) D:\Steam\steamapps\common\DrinkBox_Game4\Game.exe
    FirewallRules: [{D4ECB153-C424-4CD0-A70D-401F67D30A5D}] => (Allow) D:\Steam\steamapps\common\Guacamelee\Guac.exe
    FirewallRules: [{C00B9462-0FC5-4A42-95C1-1E15D4C62618}] => (Allow) D:\Steam\steamapps\common\Guacamelee\Guac.exe
    FirewallRules: [{29DD87A8-F8FC-4BC4-B8D3-E7B2DD2F3D01}] => (Allow) D:\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
    FirewallRules: [{C54E50EF-498D-4683-AC04-FAAE44EBD024}] => (Allow) D:\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
    FirewallRules: [{5E70CF38-D185-4002-B7BE-4B443D898E0B}] => (Allow) D:\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
    FirewallRules: [{03B1D084-A9F2-4B6F-A0EF-EF3FB6635E23}] => (Allow) D:\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
    FirewallRules: [{2B991ECD-52B7-42EE-96D9-84554DE21821}] => (Allow) D:\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{3F46213D-A04D-443E-8290-D3120206002D}] => (Allow) D:\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{48708460-942D-40F8-BB4B-8ECBB4A35B88}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{A591C18D-231C-4A0B-B179-192968E526C3}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{8CD86956-F917-418A-A12D-6F18519E71E9}] => (Allow) C:\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{28DBF86F-8E00-4FFA-94DA-CD3B0A53A87E}] => (Allow) C:\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{430AD443-9620-473B-AB15-DCF9A7FC71EE}] => (Allow) D:\Steam\steamapps\common\reflexfps\reflex.exe
    FirewallRules: [{F979A09A-9AC2-48BC-B7E4-CAADB4F65927}] => (Allow) D:\Steam\steamapps\common\reflexfps\reflex.exe
    FirewallRules: [{C2F0BBC3-A299-46B1-86B2-451BDDD55AE0}] => (Allow) C:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{FDEDC4C5-44BB-4930-B0E4-D33F88B22B5E}] => (Allow) C:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{E82311DF-100B-4D06-B9F9-88964D641101}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{ED9FA859-D372-4FAD-B2F7-6AD001F63E47}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{77D5DD51-D142-4054-9894-DBD4EC410A3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{12A6A3CA-AB57-46C7-A81A-F608F506D56A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{09D96CB5-E737-49C2-A555-9537B8E7BFF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{B7251954-FBB2-4B13-9B8D-CCBB3D232548}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{75719BF4-A39A-4CFA-A06B-F6CD00557C9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0A7FC381-B8ED-46DD-A6E5-D01F427F135E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{0B89F618-F543-47B1-A5ED-218FC68B5732}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    FirewallRules: [{563A0BB8-703F-4E57-8260-B5B696CB0014}] => (Allow) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe

    ==================== Restore Points =========================

    06-01-2016 12:05:31 Automatic creation
    07-01-2016 22:50:49 Automatic creation
    24-03-2017 12:14:43 Automatic creation

    ==================== Faulty Device Manager Devices =============

    Name: Marvell 91xx Config ATA Device
    Description: Marvell 91xx Config ATA Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/24/2017 12:58:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
    Faulting module name: mbae-api-na.dll_unloaded, version: 0.0.0.0, time stamp: 0x589c7ca9
    Exception code: 0xc0000005
    Fault offset: 0x000007fed28634b3
    Faulting process id: 0x730
    Faulting application start time: 0x01d2a486bc64de24
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: mbae-api-na.dll
    Report Id: df1e402e-1080-11e7-b841-00aca320a6d8

    Error: (03/24/2017 11:57:45 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\ProgramData\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={e2803110-78b3-4664-a479-3611a381656a} -burn.embedded BurnPipe.{D34D8BF8-4B4B-4FF2-AF40-8AE44B2C483C} {CA48A597-D0FF-4749-9D52-580227C90A12} 7412; Description = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026; Error = 0x80070514).

    Error: (03/24/2017 11:52:22 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\Asce\AppData\Local\Temp\vc_redist.x86.exe /install /quiet /norestart; Description = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215; Error = 0x80070514).

    Error: (03/24/2017 11:44:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/03/2020 10:05:50 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
    Description: Acquisition of genuine ticket failed (hr=0x80072F8F) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

    Error: (04/03/2020 10:05:50 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0x80072F8F

    Error: (04/03/2020 10:00:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/03/2020 09:57:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/03/2020 09:56:18 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (04/03/2020 08:41:31 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.


    System errors:
    =============
    Error: (03/24/2017 12:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/24/2017 11:51:22 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

    Error: (03/24/2017 11:48:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (03/24/2017 11:41:04 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

    Error: (04/03/2020 10:06:00 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
    Description: The time service has detected that the system time needs to be changed by -95531948 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.223.23:123) is working properly.

    Error: (04/03/2020 10:05:01 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
    Description: The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (04/03/2020 10:05:01 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 45. The internal error state is 552.

    Error: (04/03/2020 10:04:46 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
    Description: The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (04/03/2020 10:04:46 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 45. The internal error state is 552.

    Error: (04/03/2020 10:04:36 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
    Description: The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
    Percentage of memory in use: 62%
    Total physical RAM: 6142.43 MB
    Available physical RAM: 2297.29 MB
    Total Virtual: 12283.07 MB
    Available Virtual: 6800.8 MB

    ==================== Drives ================================

    Drive c: (HDD Main) (Fixed) (Total:931.41 GB) (Free:237.21 GB) NTFS
    Drive d: (SSD) (Fixed) (Total:223.57 GB) (Free:55.74 GB) NTFS
    Drive f: (Fallout 4) (CDROM) (Total:24.47 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C232954D)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: E9CEE9B3)
    Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ================================

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

  5. #5
    Join Date
    Mar 2017
    Posts
    17
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.2 (03.10.2017)
    Operating System: Windows 7 Home Premium x64
    Ran by Asce (Administrator) on Sat 03/25/2017 at 6:17:15.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 41

    Successfully deleted: C:\Users\Asce\AppData\Roaming\speedrunnerslog.txt (File)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LRXM1HH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T8VGUSD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96WSY0GP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BREWAR6T (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKD2JHO4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPYCNJL1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYJL3YF4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2P7PLFM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M96HJ377 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXX7B4E4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDY709OZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1H2826I (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y18H9XRB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJLUED8Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZON7WYJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Asce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU5K3PI9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LRXM1HH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T8VGUSD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96WSY0GP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BREWAR6T (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKD2JHO4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPYCNJL1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYJL3YF4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2P7PLFM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M96HJ377 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXX7B4E4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDY709OZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1H2826I (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y18H9XRB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJLUED8Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZON7WYJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU5K3PI9 (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_869D1C098422C3FF363196C3B970F3FA (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 03/25/2017 at 6:20:22.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Join Date
    Mar 2017
    Posts
    17
    roguekiller wasn't starting I ended processes from the taskmengaer "WMsnap3.exe" "domino.exe" then roguekiller started and scanned the pc. roguekiller restarted the pc. I tried to open malwarebytes it didn't open there were still those processes "WMsnap3.exe" "domino.exe" I killed domino exe and malwarebytes started (It might be a consequence) it completed the scan. Malware bytes restarted the computer. There were still the "wmsnap" and "domino" processes USed adw scanned restarted the pc "wmsnap3" was gone domino.exe was still there on task menager. Used JRT it completed the scan restarted the computer domino is gone aswell. Pc is still abit slower than normal.

    RogueKiller V12.10.1.0 (x64) [Mar 20 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Asce [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 03/25/2017 04:03:52 (Duration : 00:47:56)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 22 ¤¤¤
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Tuneup -> Deleted
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Softonic -> Deleted
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Softonic -> Deleted
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 37.239.46.50:80 -> Deleted
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 37.239.46.50:80 -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yandex.com.tr/?clid=1818323 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1292172697-4276861399-4271014393-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yandex.com.tr/?clid=1818323 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 139.179.30.24 139.179.10.13 ([Turkey][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{002F3112-3E11-4216-8254-E6C7BFD34FE5} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0A87EDDF-4DA3-45DE-9CF4-4DF1736A9197} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0BE02F3D-1738-4A38-ABA4-74E12809B258} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{60B144C7-C780-4A62-8526-3B93ADD31C4A} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A31C4A9E-95FD-4295-92BE-02C9E1287228} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D38BF8D7-4BA9-4FB1-B438-564050461773} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DA2D582E-7FDF-4CC8-A295-2DB4EC3588B7} | DhcpNameServer : 139.179.30.24 139.179.10.13 ([Turkey][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{002F3112-3E11-4216-8254-E6C7BFD34FE5} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0A87EDDF-4DA3-45DE-9CF4-4DF1736A9197} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0BE02F3D-1738-4A38-ABA4-74E12809B258} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{60B144C7-C780-4A62-8526-3B93ADD31C4A} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A31C4A9E-95FD-4295-92BE-02C9E1287228} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D38BF8D7-4BA9-4FB1-B438-564050461773} | DhcpNameServer : 85.25.83.11 8.8.8.8 ([Germany][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DA2D582E-7FDF-4CC8-A295-2DB4EC3588B7} | DhcpNameServer : 139.179.30.24 139.179.10.13 ([Turkey][-]) -> Replaced ()

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 7 ¤¤¤
    [PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Removed at reboot [91]
    [PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search\Logger -> ERROR [5]
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Removed at reboot [91]
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt -> ERROR [5]
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\CrashReport -> ERROR [5]
    [PUP.Gen1][Folder] C:\Users\Asce\AppData\Local\AVG Web TuneUp -> Deleted
    [PUP.Gen1][Folder] C:\Users\Asce\AppData\Local\AVG Web TuneUp\DNT -> Deleted
    [PUP.Gen1][Folder] C:\Users\Asce\AppData\Local\AVG Web TuneUp\Statistics -> Deleted
    [PUP.MalwareProtection|PUP.Gen1][Folder] C:\Users\Asce\AppData\Local\MalwareProtectionLive -> Deleted
    [PUP.MalwareProtection|PUP.Gen1][File] C:\Users\Asce\AppData\Local\MalwareProtectionLive\certificates -> Deleted
    [PUP.MalwareProtection|PUP.Gen1][File] C:\Users\Asce\AppData\Local\MalwareProtectionLive\certificates_filter -> Deleted
    [PUP.MalwareProtection|PUP.Gen1][File] C:\Users\Asce\AppData\Local\MalwareProtectionLive\extensions -> Deleted
    [PUP.MalwareProtection|PUP.Gen1][File] C:\Users\Asce\AppData\Local\MalwareProtectionLive\extensions_filter -> Deleted
    [PUP.MalwareProtection|PUP.Gen1][File] C:\Users\Asce\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Secure Search\Logger\logger.properties -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search\Logger -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Removed at reboot [91]
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.14 -> ERROR [5]
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.18\avg.crx -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.18\ExtensionTemplate.txt -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.18 -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.51\avg.crx -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.51\ExtensionTemplate.txt -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.51 -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.52\avg.crx -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.52\ExtensionTemplate.txt -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.2.0.52 -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.3.0.11\avg.crx -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.3.0.11\ExtensionTemplate.txt -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.3.0.11 -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.4.0.1\avg.crx -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.4.0.1\ExtensionTemplate.txt -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.4.0.1 -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.5.0.0\avg.crx -> Deleted
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.5.0.0\ExtensionTemplate.txt -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\3.5.0.0 -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt -> Removed at reboot [91]
    [PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\CrashReport\crash.avgdx -> Deleted
    [PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\CrashReport -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp -> Removed at reboot [91]
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.14 -> ERROR [5]
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.18\AVG Web TuneUp_toolbar.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.18\install.ini -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.18 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.51\AVG Web TuneUp_toolbar.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.51\install.ini -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.51 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.52\AVG Web TuneUp_toolbar.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.52\install.ini -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\3.2.0.52 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.3.0.11\AVG Web TuneUp_toolbar.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.3.0.11\install.ini -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\3.3.0.11 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.4.0.1\AVG Web TuneUp_toolbar.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.4.0.1\install.ini -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\3.4.0.1 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.5.0.0\AVG Web TuneUp_toolbar.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\3.5.0.0\install.ini -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\3.5.0.0 -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\about.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\AvgComponents.manifest -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\avgMozXPCOM.js -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\BundleInstall -> ERROR [5]
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\BundleInstall.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\BundleInstaller.ini -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\ChConfirmHelperRes -> ERROR [5]
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\Chrome -> ERROR [5]
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\ChromeGuardRes -> ERROR [5]
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\ChromeRes -> ERROR [5]
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\configuration.xml -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\crash.avgdx -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\current.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\data.zip -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\DSPDlg_IE -> ERROR [5]
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\EnableHelperRes -> ERROR [5]
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\EULA.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\Eula.txt -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\favicon.ico -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\feedback.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\FireFoxSearchXml.tmp -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\help.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\icon18.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\labs.gif -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\Licenses -> ERROR [5]
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\lip.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\privacy.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\remote_configuration.xml -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\search.gif -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\setup.bmp -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\Uninstall.exe -> Deleted
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\uninstall.gif -> Deleted
    [PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\UninstallRes -> ERROR [5]
    [PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\vprot.exe -> ERROR [5]

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUP.Gen0][Chrome:Addon] Default : imgur Extension by Metronomik [ehoopddfhgaehhmphfcooacjdpmbjlao] -> Deleted
    [PUP.Gen0][Chrome:Addon] Default : Hover Zoom [nonjdcjchghhkdoolnlbekcfllmednbl] -> ERROR [2]

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
    --- User ---
    [MBR] d6e5c82e2d7828297061f4c856568d1e
    [BSP] 18f9625dfb54a60bda0bb2dfbf755baf : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: KINGSTON SV300S37A240G ATA Device +++++
    --- User ---
    [MBR] ab9e2d687fedabef83bd283f2d9cbd0c
    [BSP] 29f263dd347b1542e965a2ff9c6d7fa3 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 3/25/17
    Scan Time: 5:30 AM
    Logfile: rapor.txt
    Administrator: Yes

    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.75
    Update Package Version: 1.0.1590
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Fire_Fist\Asce

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 359361
    Time Elapsed: 8 min, 11 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 1
    PUP.Optional.MalwareProtection, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\9953981C859EC2BF.VIR, Quarantined, [1190], [82505],1.0.1590

    Physical Sector: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v6.044 - Logfile created 25/03/2017 at 06:02:19
    # Updated on 28/02/2017 by Malwarebytes
    # Database : 2017-03-23.2 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Asce - FIRE_FIST
    # Running from : C:\Users\Asce\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service deleted: vToolbarUpdater3.5.0


    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Asce\AppData\LocalLow\avg web tuneup
    [-] Folder deleted: C:\ProgramData\AVG Secure Search
    [-] Folder deleted: C:\ProgramData\avg web tuneup
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
    [-] Folder deleted: C:\Program Files (x86)\avg web tuneup
    [-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
    [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
    [-] Folder deleted: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao
    [-] Folder deleted: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage
    [-] File deleted: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage-journal
    [-] File deleted: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage
    [-] File deleted: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage-journal


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    [-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweet-page.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweet-page.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweet-page.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweet-page.com
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    [-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
    [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol


    ***** [ Web browsers ] *****

    [-] [C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: hamachi.en.softonic.com
    [-] [C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: sweet-page
    [-] [C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Deleted: hxxp://www.sweet-page.com/webfavicon.ico
    [-] [C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ehoopddfhgaehhmphfcooacjdpmbjlao
    [-] [C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nonjdcjchghhkdoolnlbekcfllmednbl


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [6173 Bytes] - [25/03/2017 06:02:19]
    C:\AdwCleaner\AdwCleaner[S0].txt - [6058 Bytes] - [25/03/2017 05:57:42]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6319 Bytes] ##########

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  8. #8
    Join Date
    Mar 2017
    Posts
    17
    I have tried to run combofix it gave some errors, eventually it said redownload it. I did it like you stated and didn't execute.
    I rebooted in safemode tried to run rkill . There was a dos screen saying no malware and in the bottom it said checking other things.
    I assumed it didn't work and tried to run the iexplore. it didn't work aswell. same thing. I tried to run combofix anyway. It didn't work again.
    first error combofix gave was something like this
    Error opening file for writing c:\32788R22FWJFW\swxcads.3XE
    click abort retry skip.
    I tried to retry same error pressed skip.
    second error ERDNT.E_E not found.

    I tried to reformat the computer with usb stick iso. It didn't work... I need help

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  10. #10
    Join Date
    Mar 2017
    Posts
    17
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by Asce (administrator) on FIRE_FIST (28-03-2017 06:03:54)
    Running from C:\Users\Asce\Desktop
    Loaded Profiles: Asce (Available Profiles: Asce)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
    () C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
    (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    () C:\Windows\SysWOW64\XSrvSetup.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\Gigabyte\smart6\timelock\TimeMgmtDaemon.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    (Octoshape ApS) C:\Users\Asce\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    (Flux Software LLC) C:\Users\Asce\AppData\Local\FluxSoftware\Flux\flux.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
    (Spotify Ltd) C:\Users\Asce\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
    (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
    (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\Gigabyte\smart6\timelock\AlarmClock.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-03] (Logitech Inc.)
    HKLM\...\Run: [VMSnap3] => C:\Windows\VMSnap3.exe
    HKLM\...\Run: [Domino] => C:\Windows\Domino.exe
    HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5189176 2015-05-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
    HKLM-x32\...\Run: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [20480 2007-07-26] ()
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Asce\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [f.lux] => C:\Users\Asce\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [GNE_SwapScreen] => C:\Users\Asce\Desktop\SwapScreen.exe
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-19] (Voobly)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-05-28] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Steam] => C:\Steam\steam.exe [3019552 2017-03-24] (Valve Corporation)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Spotify Web Helper] => C:\Users\Asce\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-17] (Spotify Ltd)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\MountPoints2: {03f5a58e-0cdf-11e4-9364-fa05310c68ca} - F:\AutoRun.exe
    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\MountPoints2: {10963882-1014-11e4-ba5d-c05a936a09ba} - F:\setup.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-05-02]
    ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 139.179.30.24 139.179.10.13
    Tcpip\..\Interfaces\{DA2D582E-7FDF-4CC8-A295-2DB4EC3588B7}: [DhcpNameServer] 139.179.30.24 139.179.10.13

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
    BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-28] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-28] (Oracle Corporation)
    Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-26] (AO Kaspersky Lab)

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-26]
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2020-04-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2020-04-03] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1292172697-4276861399-4271014393-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Asce\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
    FF Plugin ProgramFiles/Appdata: C:\Users\Asce\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-07-30] (Octoshape ApS)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com.tr/"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default [2017-03-28]
    CHR Extension: (Google Translate) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
    CHR Extension: (Google Slides) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-25]
    CHR Extension: (Google Docs) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
    CHR Extension: (Google Drive) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
    CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-03-24]
    CHR Extension: (Google Sheets) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-25]
    CHR Extension: (Kaspersky Protection) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-03-25]
    CHR Extension: (Google Docs Offline) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-24]
    CHR Extension: (AdBlock) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-24]
    CHR Extension: (Document online) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdogoocenkoogpajficlnleblfoelph [2015-09-25]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-03-24]
    CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-03-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-24]
    CHR Extension: (Enhanced Steam) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-03-24]
    CHR Extension: (Gmail) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR Extension: (Chrome Media Router) - C:\Users\Asce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-24]
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
    R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1257504 2015-12-03] ()
    R2 DES2 Service; C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-12-25] (EasyAntiCheat Ltd)
    U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
    R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-08] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-10-08] ()
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [176264 2015-05-28] (Sandboxie Holdings, LLC)
    R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5189176 2015-05-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] ()
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-20] (Disc Soft Ltd)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
    R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
    R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
    R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-03-25] (AO Kaspersky Lab)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [313112 2017-03-25] (AO Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035488 2017-03-25] (AO Kaspersky Lab)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-26] (AO Kaspersky Lab)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
    R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-18] (AO Kaspersky Lab)
    R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-25] (AO Kaspersky Lab)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-03-25] (AO Kaspersky Lab)
    R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-28] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-28] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-28] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-28] (Malwarebytes)
    S3 msvad_simple; C:\Windows\System32\solicall.sys [40664 2010-10-30] (SoliCall)
    R3 Neo_braz; C:\Windows\System32\DRIVERS\Neo_0005.sys [28640 2015-05-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [188552 2015-05-28] (Sandboxie Holdings, LLC)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-25] ()
    S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2015-07-21] (ShiningMorning Inc.)
    S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
    S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-04-03 09:39 - 2020-04-03 09:41 - 00524288 ___SH C:\Users\Asce\ntuser.dat{da51557c-7575-11ea-8411-00aca320a6d8}.TMContainer00000000000000000002.regtrans-ms
    2020-04-03 09:39 - 2020-04-03 09:41 - 00524288 ___SH C:\Users\Asce\ntuser.dat{da51557c-7575-11ea-8411-00aca320a6d8}.TMContainer00000000000000000001.regtrans-ms
    2020-04-03 09:39 - 2020-04-03 09:41 - 00065536 ___SH C:\Users\Asce\ntuser.dat{da51557c-7575-11ea-8411-00aca320a6d8}.TM.blf
    2017-03-28 06:02 - 2017-03-28 06:04 - 00023648 _____ C:\Users\Asce\Desktop\FRST.txt
    2017-03-27 17:36 - 2017-03-27 17:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Asce\Desktop\rkill.exe
    2017-03-27 17:35 - 2017-03-27 17:35 - 05659269 _____ (Swearware) C:\Users\Asce\Desktop\asce.exe
    2017-03-27 17:35 - 2017-03-27 17:35 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Asce\Desktop\iExplore.exe
    2017-03-27 16:32 - 2017-03-27 16:35 - 00000000 ___SD C:\ComboFix
    2017-03-27 16:31 - 2017-03-27 16:31 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
    2017-03-27 16:26 - 2017-03-27 16:26 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
    2017-03-25 10:53 - 2017-03-25 10:53 - 00000948 _____ C:\Users\Public\Desktop\GPU Temp.lnk
    2017-03-25 10:53 - 2017-03-25 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPU Temp
    2017-03-25 10:53 - 2017-03-25 10:53 - 00000000 ____D C:\Program Files (x86)\GPU Temp
    2017-03-25 10:52 - 2017-03-25 10:52 - 00606048 _____ (gputemp.com ) C:\Users\Asce\Desktop\gputemp_setup.exe
    2017-03-25 10:49 - 2017-03-25 10:49 - 00004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-03-25 10:06 - 2017-03-28 05:41 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
    2017-03-25 08:20 - 2017-03-25 09:17 - 00000000 ____D C:\Users\Asce\Desktop\mbar
    2017-03-25 08:20 - 2017-03-25 08:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Asce\Desktop\mbar-1.09.3.1001.exe
    2017-03-25 08:01 - 2016-04-14 08:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2017-03-25 08:01 - 2016-04-14 08:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2017-03-25 08:01 - 2016-04-14 08:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2017-03-25 07:59 - 2017-03-25 07:59 - 00001488 _____ C:\Users\Asce\Desktop\Battle.net.lnk
    2017-03-25 07:50 - 2017-03-25 07:50 - 00000515 _____ C:\Users\Public\Desktop\Overwatch.lnk
    2017-03-25 07:41 - 2017-03-25 07:50 - 00000000 ____D C:\Windows\system32\MRT
    2017-03-25 07:40 - 2017-03-25 07:40 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-03-25 07:38 - 2017-03-25 07:38 - 00002091 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
    2017-03-25 07:38 - 2017-03-25 07:38 - 00001382 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
    2017-03-25 07:38 - 2017-03-25 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection

  11. #11
    Join Date
    Mar 2017
    Posts
    17
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-03-24 12:32 - 2017-02-09 19:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-03-24 12:32 - 2017-02-09 19:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-03-24 12:32 - 2017-02-09 19:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-03-24 12:32 - 2017-02-09 19:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-03-24 12:32 - 2017-02-09 19:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-03-24 12:32 - 2017-02-09 19:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-03-24 12:32 - 2017-02-09 18:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-03-24 12:32 - 2017-02-09 18:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-03-24 12:32 - 2017-02-09 18:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-03-24 12:32 - 2017-02-09 18:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-03-24 12:32 - 2017-02-09 18:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-03-24 12:32 - 2017-02-09 18:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-03-24 12:32 - 2017-02-09 18:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-03-24 12:32 - 2017-02-09 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-03-24 12:32 - 2017-02-09 18:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
    2017-03-24 12:32 - 2017-02-09 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-03-24 12:32 - 2017-02-09 18:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-03-24 12:32 - 2017-02-09 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-03-24 12:32 - 2017-02-09 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-03-24 12:32 - 2017-02-09 18:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-03-24 12:32 - 2017-02-09 18:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 18:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 17:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-03-24 12:32 - 2017-02-09 17:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-03-24 12:32 - 2017-02-06 19:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-03-24 12:32 - 2017-01-13 21:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-03-24 12:32 - 2017-01-13 21:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-03-24 12:32 - 2017-01-13 20:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2017-03-24 12:32 - 2017-01-13 20:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2017-03-24 12:32 - 2017-01-11 21:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2017-03-24 12:32 - 2017-01-11 21:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2017-03-24 12:32 - 2017-01-11 20:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2017-03-24 12:32 - 2017-01-11 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2017-03-24 12:32 - 2017-01-06 21:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-03-24 12:32 - 2017-01-06 20:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-03-24 12:32 - 2016-11-21 21:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2017-03-24 12:32 - 2016-11-20 19:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2017-03-24 12:32 - 2016-11-20 17:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2017-03-24 12:32 - 2016-11-17 19:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2017-03-24 12:32 - 2016-11-10 19:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2017-03-24 12:32 - 2016-11-10 19:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2017-03-24 12:32 - 2016-11-09 19:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2017-03-24 12:32 - 2016-11-09 19:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2017-03-24 12:32 - 2016-11-09 19:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2017-03-24 12:32 - 2016-11-09 19:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2017-03-24 12:32 - 2016-11-09 19:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2017-03-24 12:32 - 2016-11-09 19:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2017-03-24 12:32 - 2016-11-09 19:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-03-24 12:32 - 2016-11-09 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2017-03-24 12:32 - 2016-11-09 19:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2017-03-24 12:32 - 2016-11-09 19:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2017-03-24 12:32 - 2016-11-09 19:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2017-03-24 12:32 - 2016-11-09 19:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-03-24 12:32 - 2016-11-09 19:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2017-03-24 12:32 - 2016-11-09 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2017-03-24 12:32 - 2016-11-02 18:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-03-24 12:32 - 2016-11-02 18:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-03-24 12:32 - 2016-11-02 18:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-03-24 12:32 - 2016-11-02 18:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-03-24 12:32 - 2016-11-02 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-03-24 12:32 - 2016-11-02 18:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-03-24 12:32 - 2016-11-02 18:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-03-24 12:32 - 2016-11-02 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-03-24 12:32 - 2016-11-02 18:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-03-24 12:32 - 2016-11-02 17:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-03-24 12:32 - 2016-10-11 18:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2017-03-24 12:32 - 2016-10-11 18:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
    2017-03-24 12:32 - 2016-10-11 18:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2017-03-24 12:32 - 2016-10-11 18:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2017-03-24 12:32 - 2016-10-11 18:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
    2017-03-24 12:32 - 2016-10-11 18:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
    2017-03-24 12:32 - 2016-10-11 18:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
    2017-03-24 12:32 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
    2017-03-24 12:32 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
    2017-03-24 12:32 - 2016-10-11 18:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2017-03-24 12:32 - 2016-10-11 18:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2017-03-24 12:32 - 2016-10-11 18:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2017-03-24 12:32 - 2016-10-11 18:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
    2017-03-24 12:32 - 2016-10-11 18:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
    2017-03-24 12:32 - 2016-10-11 18:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2017-03-24 12:32 - 2016-10-11 17:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2017-03-24 12:32 - 2016-10-11 16:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2017-03-24 12:32 - 2016-10-11 16:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
    2017-03-24 12:32 - 2016-10-11 16:17 - 00419648 _____ C:\Windows\system32\locale.nls
    2017-03-24 12:32 - 2016-10-11 16:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2017-03-24 12:32 - 2016-10-08 16:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2017-03-24 12:32 - 2016-10-07 18:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2017-03-24 12:32 - 2016-10-07 18:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2017-03-24 12:32 - 2016-10-07 18:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-03-24 12:32 - 2016-10-07 18:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2017-03-24 12:32 - 2016-10-07 18:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2017-03-24 12:32 - 2016-10-07 18:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-03-24 12:32 - 2016-10-05 17:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2017-03-24 12:32 - 2016-10-04 18:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2017-03-24 12:32 - 2016-10-04 18:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2017-03-24 12:32 - 2016-10-04 18:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2017-03-24 12:32 - 2016-10-04 18:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2017-03-24 12:32 - 2016-10-04 18:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2017-03-24 12:32 - 2016-10-04 18:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2017-03-24 12:32 - 2016-10-04 18:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2017-03-24 12:32 - 2016-10-04 18:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2017-03-24 12:32 - 2016-09-15 17:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2017-03-24 12:32 - 2016-09-13 00:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2017-03-24 12:32 - 2016-09-12 23:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2017-03-24 12:32 - 2016-09-09 21:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-03-24 12:32 - 2016-09-09 21:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-03-24 12:32 - 2016-09-08 23:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2017-03-24 12:32 - 2016-09-08 23:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2017-03-24 12:32 - 2016-09-08 23:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2017-03-24 12:32 - 2016-09-08 23:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2017-03-24 12:32 - 2016-09-08 17:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2017-03-24 12:32 - 2016-09-08 17:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2017-03-24 12:32 - 2016-08-22 19:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2017-03-24 12:32 - 2016-08-12 20:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-03-24 12:32 - 2016-08-12 20:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2017-03-24 12:32 - 2016-08-12 20:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2017-03-24 12:32 - 2016-08-12 20:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2017-03-24 12:32 - 2016-08-12 20:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2017-03-24 12:32 - 2016-08-12 19:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2017-03-24 12:32 - 2016-08-12 19:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2017-03-24 12:32 - 2016-08-12 19:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2017-03-24 12:32 - 2016-08-12 19:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2017-03-24 12:32 - 2016-08-12 19:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2017-03-24 12:32 - 2016-08-12 19:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2017-03-24 12:32 - 2016-08-06 18:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2017-03-24 12:32 - 2016-08-06 18:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2017-03-24 12:32 - 2016-08-06 18:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2017-03-24 12:32 - 2016-08-06 18:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2017-03-24 12:32 - 2016-08-06 18:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2017-03-24 12:32 - 2016-08-06 18:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2017-03-24 12:32 - 2016-08-06 18:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2017-03-24 12:32 - 2016-08-06 18:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2017-03-24 12:32 - 2016-08-06 18:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2017-03-24 12:32 - 2016-08-06 18:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2017-03-24 12:32 - 2016-08-06 18:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2017-03-24 12:32 - 2016-08-06 18:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2017-03-24 12:32 - 2016-08-06 18:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2017-03-24 12:32 - 2016-08-06 17:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2017-03-24 12:32 - 2016-08-06 17:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2017-03-24 12:32 - 2016-08-06 17:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2017-03-24 12:32 - 2016-06-14 20:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-03-24 12:32 - 2016-06-14 20:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2017-03-24 12:32 - 2016-06-14 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2017-03-24 12:32 - 2016-06-14 20:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2017-03-24 12:32 - 2016-06-14 18:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2017-03-24 12:32 - 2016-06-14 18:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2017-03-24 12:32 - 2016-06-14 18:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2017-03-24 12:32 - 2016-06-14 18:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2017-03-24 12:32 - 2016-06-14 18:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2017-03-24 12:32 - 2016-06-14 18:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2017-03-24 12:32 - 2016-06-14 18:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2017-03-24 12:32 - 2016-06-14 18:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2017-03-24 12:32 - 2016-06-14 18:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2017-03-24 12:32 - 2016-05-12 16:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2017-03-24 12:32 - 2016-05-12 16:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2017-03-24 12:32 - 2016-04-09 10:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-03-24 12:32 - 2016-04-09 10:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-03-24 12:32 - 2016-04-09 09:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-03-24 12:32 - 2016-03-16 03:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-03-24 12:32 - 2016-03-16 03:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-03-24 12:32 - 2016-03-16 02:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2017-03-24 12:32 - 2016-02-12 21:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-03-24 12:32 - 2016-02-12 21:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-03-24 12:32 - 2016-02-12 21:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-03-24 12:32 - 2016-02-12 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-03-24 12:32 - 2016-02-12 21:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-03-24 12:32 - 2016-02-12 21:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-03-24 12:32 - 2016-02-12 21:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-03-24 12:32 - 2016-02-12 21:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-03-24 12:32 - 2016-02-12 21:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-03-24 12:32 - 2016-02-12 21:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-03-24 12:32 - 2016-02-12 21:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-03-24 12:32 - 2016-02-12 21:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-03-24 12:32 - 2016-02-12 21:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-03-24 12:32 - 2016-02-12 21:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-03-24 12:32 - 2016-02-12 21:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-03-24 12:32 - 2016-02-12 21:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-03-24 12:32 - 2016-02-05 04:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2017-03-24 12:32 - 2016-02-04 21:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
    2017-03-24 12:32 - 2016-02-03 21:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2017-03-24 12:31 - 2016-05-12 20:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
    2017-03-24 12:31 - 2016-05-12 20:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2017-03-24 12:31 - 2016-05-12 20:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2017-03-24 12:31 - 2016-05-12 20:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
    2017-03-24 12:31 - 2016-05-12 20:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
    2017-03-24 12:31 - 2016-05-12 20:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
    2017-03-24 12:31 - 2016-05-12 18:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
    2017-03-24 12:31 - 2016-05-12 18:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
    2017-03-24 12:31 - 2016-05-12 18:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
    2017-03-24 12:31 - 2016-05-12 18:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
    2017-03-24 12:31 - 2016-05-11 20:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2017-03-24 12:31 - 2016-05-11 20:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2017-03-24 12:31 - 2016-05-11 20:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2017-03-24 12:31 - 2016-05-11 20:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2017-03-24 12:31 - 2016-05-11 18:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2017-03-24 12:31 - 2016-05-11 18:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2017-03-24 12:31 - 2016-05-11 18:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2017-03-24 12:31 - 2016-05-11 18:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
    2017-03-24 12:31 - 2016-05-11 18:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2017-03-24 12:31 - 2016-05-11 18:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
    2017-03-24 12:31 - 2016-05-11 17:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2017-03-24 12:31 - 2016-04-14 16:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2017-03-24 12:31 - 2016-04-14 16:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2017-03-24 12:31 - 2016-02-09 12:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2017-03-24 12:31 - 2016-01-22 09:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2017-03-24 12:31 - 2016-01-22 09:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2017-03-24 12:31 - 2016-01-22 09:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2017-03-24 12:31 - 2016-01-22 09:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2017-03-24 12:31 - 2016-01-22 09:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2017-03-24 12:31 - 2016-01-22 09:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2017-03-24 12:31 - 2016-01-22 09:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2017-03-24 12:31 - 2015-12-09 00:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2017-03-24 12:31 - 2015-12-08 22:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2017-03-24 12:30 - 2016-04-09 07:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2017-03-24 12:30 - 2016-04-09 06:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2017-03-24 12:30 - 2016-04-06 18:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2017-03-24 12:25 - 2016-07-22 17:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2017-03-24 12:25 - 2016-07-22 17:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2017-03-24 12:10 - 2017-03-25 10:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2017-03-24 12:10 - 2017-03-24 12:10 - 00000000 ____D C:\NVIDIA
    2017-03-24 12:08 - 2017-03-24 12:09 - 385746880 _____ (NVIDIA Corporation) C:\Users\Asce\Downloads\361.75-desktop-win8-win7-winvista-64bit-international-whql.exe
    2017-03-24 12:08 - 2017-03-24 12:08 - 20647512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-04-03 19:38 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\wfp
    2020-04-03 19:38 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\config\systemprofile
    2020-04-03 19:37 - 2011-04-12 11:28 - 00000000 ___RD C:\Users\Public\Recorded TV
    2020-04-03 19:37 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\Drivers\UMDF
    2020-04-03 19:37 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
    2020-04-03 19:34 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\LogFiles
    2020-04-03 11:05 - 2014-07-12 09:43 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2020-04-03 11:05 - 2014-07-12 09:43 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2020-04-03 09:39 - 2014-07-12 09:23 - 00000000 ____D C:\Users\Asce
    2020-04-03 09:39 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\config\TxR
    2017-03-28 05:55 - 2014-08-06 00:24 - 00000000 ____D C:\Users\Asce\AppData\Roaming\Skype
    2017-03-28 05:52 - 2014-07-13 01:17 - 00000000 ____D C:\Steam
    2017-03-28 05:30 - 2009-07-14 08:13 - 00783062 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-03-28 05:30 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
    2017-03-28 05:27 - 2015-01-20 00:51 - 00000000 ____D C:\Users\Asce\AppData\Local\LogMeIn Hamachi
    2017-03-28 05:25 - 2015-05-02 16:26 - 00000000 ____D C:\Program Files\SoftEther VPN Client
    2017-03-28 05:24 - 2015-05-18 15:56 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2017-03-28 05:24 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-27 18:19 - 2009-07-14 07:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-27 18:19 - 2009-07-14 07:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-27 16:54 - 2015-10-03 03:41 - 00776868 _____ C:\Windows\ntbtlog.txt
    2017-03-27 16:31 - 2015-11-23 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
    2017-03-25 11:16 - 2015-05-04 22:23 - 00000080 _____ C:\Users\Asce\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    2017-03-25 10:52 - 2015-11-10 23:49 - 00000000 ____D C:\Users\Asce\AppData\Local\CrashDumps
    2017-03-25 10:51 - 2015-07-29 20:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-03-25 10:49 - 2015-10-04 23:42 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-03-25 10:49 - 2015-10-04 23:42 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-03-25 10:49 - 2015-10-04 23:42 - 00000000 ____D C:\Windows\system32\Macromed
    2017-03-25 10:48 - 2015-10-04 23:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-03-25 10:48 - 2015-02-09 00:28 - 00000000 ____D C:\Users\Asce\AppData\Local\Adobe
    2017-03-25 10:18 - 2015-12-24 04:05 - 00000000 ____D C:\Users\Asce\AppData\Local\UnrealEngine
    2017-03-25 10:18 - 2014-07-25 02:09 - 00000000 ____D C:\ProgramData\Package Cache
    2017-03-25 09:44 - 2014-11-20 23:11 - 00000000 ____D C:\Users\Asce\AppData\Local\Battle.net
    2017-03-25 09:39 - 2015-02-05 20:18 - 00000000 ____D C:\Users\Asce\AppData\Local\Steam
    2017-03-25 08:30 - 2015-05-04 21:40 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2017-03-25 08:29 - 2015-05-04 21:40 - 00000000 ____D C:\Program Files\Rockstar Games
    2017-03-25 08:10 - 2016-12-26 23:03 - 00313112 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
    2017-03-25 08:10 - 2016-12-26 23:03 - 00135904 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
    2017-03-25 08:10 - 2016-06-14 18:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
    2017-03-25 08:00 - 2014-11-20 23:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2017-03-25 07:56 - 2015-06-02 16:04 - 00001806 _____ C:\Windows\Sandboxie.ini
    2017-03-25 07:53 - 2015-11-23 23:18 - 00000000 ____D C:\ProgramData\Avg
    2017-03-25 07:53 - 2015-06-25 14:23 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-03-25 07:53 - 2014-11-28 13:11 - 00000000 ____D C:\Users\Asce\AppData\Local\Avg
    2017-03-25 07:53 - 2014-07-13 00:15 - 00000000 ____D C:\Program Files (x86)\AVG
    2017-03-25 07:53 - 2014-07-12 23:38 - 00000000 ____D C:\ProgramData\MFAData
    2017-03-25 07:12 - 2015-05-18 15:42 - 00000000 ____D C:\ProgramData\InstallShield
    2017-03-25 07:12 - 2014-11-09 02:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-03-25 06:10 - 2009-07-14 07:45 - 00268448 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-03-25 06:07 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\DVD Maker
    2017-03-25 06:07 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-03-25 06:07 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\Dism
    2017-03-25 06:06 - 2011-04-12 11:28 - 00000000 ____D C:\Program Files\Windows Journal
    2017-03-24 17:03 - 2014-07-19 23:09 - 00000000 ____D C:\Users\Asce\AppData\Roaming\vlc
    2017-03-24 13:48 - 2016-01-05 00:02 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1451941354
    2017-03-24 13:48 - 2016-01-05 00:02 - 00000000 ____D C:\Program Files (x86)\Opera
    2017-03-24 13:02 - 2014-11-20 23:12 - 00000000 ____D C:\Program Files (x86)\Hearthstone
    2017-03-24 12:52 - 2014-11-20 23:11 - 00000000 ____D C:\Users\Asce\AppData\Roaming\Battle.net
    2017-03-24 12:52 - 2014-11-20 23:08 - 00000000 ____D C:\ProgramData\Battle.net
    2017-03-24 12:51 - 2015-11-05 01:14 - 00007608 _____ C:\Users\Asce\AppData\Local\Resmon.ResmonCfg
    2017-03-24 12:48 - 2014-07-12 09:44 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-24 12:34 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Help

    ==================== Files in the root of some directories =======

    2015-11-05 01:14 - 2017-03-24 12:51 - 0007608 _____ () C:\Users\Asce\AppData\Local\Resmon.ResmonCfg
    2015-12-11 22:02 - 2015-12-11 22:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2015-10-23 20:47 - 2015-10-23 20:47 - 2892128 _____ (AVG Technologies) C:\Users\Asce\AppData\Local\Temp\avg-ae9d4a66-87be-4c57-9f03-a23b13fdc342.exe
    2016-01-05 21:18 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Asce\AppData\Local\Temp\avguirn_0899728453.exe
    2017-03-25 05:02 - 2015-10-20 04:09 - 1730496 _____ (Microsoft Corporation) C:\Users\Asce\AppData\Local\Temp\dllnt_dump.dll
    2015-10-08 20:45 - 2015-10-08 20:49 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Asce\AppData\Local\Temp\drm_dyndata_7400009.dll
    2015-11-10 22:16 - 2015-11-11 00:19 - 0035680 _____ () C:\Users\Asce\AppData\Local\Temp\i4jdel0.exe
    2015-07-18 16:30 - 2015-07-18 16:30 - 0011264 _____ ( ) C:\Users\Asce\AppData\Local\Temp\iuo4idyi.dll
    2015-10-24 22:18 - 2015-12-08 23:45 - 56061688 _____ (Rockstar Games) C:\Users\Asce\AppData\Local\Temp\Social%20Club%20v1.1.6.8%20Setup.exe
    2015-12-21 04:39 - 2015-12-21 04:39 - 56838704 _____ (Rockstar Games) C:\Users\Asce\AppData\Local\Temp\Social%20Club%20v1.1.6.9%20Setup.exe
    2017-03-24 12:48 - 2017-03-24 12:48 - 14456872 _____ (Microsoft Corporation) C:\Users\Asce\AppData\Local\Temp\vc_redist.x86.exe
    2015-08-03 02:58 - 2015-08-03 02:58 - 0118784 _____ () C:\Users\Asce\AppData\Local\Temp\xmlUpdater.exe
    2017-03-25 07:46 - 2017-03-25 07:46 - 0503808 _____ () C:\Users\Asce\AppData\Local\Temp\xuninst.exe
    2017-03-25 07:09 - 2015-02-08 18:49 - 0455600 _____ (Macrovision Corporation) C:\Users\Asce\AppData\Local\Temp\_isFB2F.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-03-24 14:35

    ==================== End of FRST.txt ============================

  12. #12
    Join Date
    Mar 2017
    Posts
    17
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by Asce (28-03-2017 06:04:16)
    Running from C:\Users\Asce\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2014-07-12 06:23:31)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1292172697-4276861399-4271014393-500 - Administrator - Disabled)
    Asce (S-1-5-21-1292172697-4276861399-4271014393-1000 - Administrator - Enabled) => C:\Users\Asce
    Guest (S-1-5-21-1292172697-4276861399-4271014393-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1292172697-4276861399-4271014393-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @BIOS Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
    µTorrent (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Aegisub 3.0.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.0.2 - Aegisub Team)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AoE II HD Compatibility Patch version 1.0c (HKLM-x32\...\AoE II HD Compatibility Patch_is1) (Version: 1.0c - )
    AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
    AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
    AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
    Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
    Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
    Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
    Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
    Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
    Commandos 2: Men of Courage (HKLM-x32\...\Steam App 6830) (Version: - Pyro Studios)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
    Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
    Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
    DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
    Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
    Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version: - )
    Easy Tune 6 B10.0420.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
    Easy Tune 6 B10.0420.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley)
    Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
    f.lux (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Flux) (Version: - )
    Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
    FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Geometry Dash (HKLM-x32\...\Steam App 322170) (Version: - RobTop Games)
    Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
    Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
    Grand Theft Auto III (HKLM-x32\...\Steam App 12100) (Version: - Rockstar Games)
    Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
    Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version: - Rockstar Games)
    Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version: - Double Fine Productions)
    GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
    Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
    Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\Steam App 275390) (Version: - DrinkBox Studios)
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)
    H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Daybreak Games)
    Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
    HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
    Hurtworld (HKLM-x32\...\Steam App 393420) (Version: - Bankroll Studios)
    InstallShieldHiRezCurrent (HKLM-x32\...\{9433FC1C-7405-433C-A26D-81076293BBCE}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - Avalanche Studios)
    Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Anti-Virus (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    King's Quest (HKLM-x32\...\Steam App 345390) (Version: - The Odd Gentlemen)
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Lethal League (HKLM-x32\...\Steam App 261180) (Version: - Team Reptile)
    Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
    Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
    Lua for Windows 5.1.4-46 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.46 - The Lua for Windows Project and Lua and Tecgraf, PUC-Rio)
    Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    MAMEUIFX32 (HKLM-x32\...\MAMEUIFX32) (Version: 0.145 - Mamesick)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Minecraft1.7.8 (HKLM-x32\...\Minecraft1.7.8) (Version: - )
    Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - )
    MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
    Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
    NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
    Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - )
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Octoshape Streaming Services (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
    ON_OFF Charge B10.0422.2 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Opera Stable 44.0.2510.857 (HKLM-x32\...\Opera 44.0.2510.857) (Version: 44.0.2510.857 - Opera Software)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
    osu! (HKLM-x32\...\{dd2cc895-8ae6-4b9e-b42a-9aa908c1dca5}) (Version: latest - ppy Pty Ltd)
    Outlast (HKLM-x32\...\Outlast_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    Power MP3 Recorder Cutter v6.5 (HKLM-x32\...\Power MP3 Recorder Cutter_is1) (Version: 6.5 - CooolSoft, Inc.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
    Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
    Quake Live (HKLM-x32\...\Steam App 282440) (Version: - id Software)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Reflex (HKLM-x32\...\Steam App 328070) (Version: - Turbo Pixel Studios)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
    RogueKiller version 12.10.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.1.0 - Adlice Software)
    Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
    Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
    Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
    Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - Croteam)
    Serious Sam 2 Dedicated Server Utility (HKLM-x32\...\SS2DedServerUtility) (Version: - )
    Shadow Warrior Classic Redux (HKLM-x32\...\Steam App 225160) (Version: - 3D Realms)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
    ShiftWindow 1.02 (HKLM-x32\...\ShiftWindow_is1) (Version: - Grismar)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Simply Chess (HKLM-x32\...\Steam App 312280) (Version: - BlueLine Games)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
    SMITE (HKLM-x32\...\Steam App 386360) (Version: - Hi-Rez Studios)
    Snaz version 1.9.4.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.9.4.0 - JimsApps)
    SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.15.9546 - SoftEther VPN Project)
    Source Dedicated Server (HKLM-x32\...\Steam App 205) (Version: - Valve)
    SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
    Spotify (HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
    Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
    Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
    SWF Extractor 2.2 (HKLM-x32\...\SWF Extractor_is1) (Version: 2.2 - GlobFX Technologies)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
    Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.7.0.9 - GOG.com)
    The Crew Trial (HKLM-x32\...\Steam App 366310) (Version: - Ivory Tower in collaboration with Ubisoft Reflections)
    The Mean Greens - Plastic Warfare (HKLM-x32\...\Steam App 360940) (Version: - Virtual Basement LLC)
    The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version: - )
    The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED)
    Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    Uplay (HKLM-x32\...\Uplay) (Version: 5.2 - Ubisoft)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
    WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
    WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
    Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Digital Ltd)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {103C58DC-6A11-4132-B128-61354501B69A} - System32\Tasks\{A3DE1E29-CB5E-436B-872E-BB799B0C8DF1} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.105&amp;LastError=404
    Task: {1C19EF2B-55CE-4B9A-9751-508F7C410743} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {275442C4-D16A-4192-AF24-7596AD12785C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
    Task: {28BB728F-23D1-4B05-920F-7E52ECBF1D92} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
    Task: {316804F2-ABEA-4E91-840A-33A1AA0FBE0C} - System32\Tasks\Opera scheduled Autoupdate 1451941354 => C:\Program Files (x86)\Opera\launcher.exe [2017-03-21] (Opera Software)
    Task: {4377BAD7-A1FF-459D-96C7-1313B870D5B4} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
    Task: {7336F5F1-868C-4651-96B7-E0A2FE1108BB} - System32\Tasks\{533EB031-BF25-4683-BA64-C3FE54B89C09} => pcalua.exe -a "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCCInstall.exe" -d "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static"
    Task: {86AA7017-6FEB-478D-8EBC-CF6531AF3297} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {88532493-8D42-4E75-9103-E36AC36EDDE5} - System32\Tasks\{136F545B-0559-4304-96C4-F4550D4EB7AF} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.105&amp;LastError=404
    Task: {9EB9F456-028D-4948-BD25-F0D547AEB831} - System32\Tasks\{9920CA20-B02B-48F7-80EB-96FBB5119F13} => pcalua.exe -a C:\Windows\rm303b.exe -c usb\vid_0ac8&amp;pid_303B
    Task: {ABEDF6F5-C1DC-4CF9-9135-14D209677214} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
    Task: {D9DB1260-259C-49D3-8DC4-DCC47C5390EC} - System32\Tasks\{07F404C9-2511-4B82-AB56-2D81B19FE727} => pcalua.exe -a C:\Users\Asce\Downloads\lgs510.exe -d C:\Users\Asce\Downloads
    Task: {E1B3A64A-77D7-4D99-BDD7-7F9D27C5E5D8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-25] (Adobe Systems Incorporated)
    Task: {FCB7ED30-AA59-4222-9914-0D20871C1F89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Asce\Desktop\Hand + Wrist Exercises For Gamers - YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.youtube.com/watch?v=EiRC80FJbHU
    ShortcutWithArgument: C:\Users\Asce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg

    ==================== Loaded Modules (Whitelisted) ==============

    2017-03-24 12:34 - 2016-01-23 04:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-05-18 15:41 - 2009-06-17 16:13 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EnergySaver2\des2svr.exe
    2015-05-18 15:45 - 2010-01-19 05:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
    2017-03-25 08:02 - 2016-06-15 04:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2017-03-25 08:02 - 2016-06-15 04:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2017-03-25 08:02 - 2016-06-15 04:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2017-03-24 12:36 - 2016-06-15 04:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2015-10-08 01:47 - 2015-10-08 18:56 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2017-03-24 13:09 - 2017-02-24 07:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-03-24 13:09 - 2017-02-24 07:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-03-25 08:02 - 2016-06-15 04:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2017-03-25 08:02 - 2016-06-15 04:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2017-03-25 08:02 - 2016-06-15 04:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2017-03-24 12:37 - 2016-06-15 04:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2017-03-25 08:02 - 2016-06-15 04:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2017-03-25 08:02 - 2016-06-15 04:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2015-10-16 13:02 - 2015-10-16 13:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
    2015-05-18 15:42 - 2009-05-04 17:56 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\EnergySaver2\ycc.dll
    2017-03-24 12:36 - 2016-06-15 04:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2017-03-27 16:25 - 2017-03-27 16:24 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
    2017-03-24 13:47 - 2017-03-21 09:53 - 63944280 _____ () C:\Program Files (x86)\Opera\44.0.2510.857\opera_browser.dll
    2017-03-24 13:47 - 2017-03-21 09:53 - 02101336 _____ () C:\Program Files (x86)\Opera\44.0.2510.857\libglesv2.dll
    2017-03-24 13:47 - 2017-03-21 09:53 - 00087128 _____ () C:\Program Files (x86)\Opera\44.0.2510.857\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\...\sony.com -> sony.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1292172697-4276861399-4271014393-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 139.179.30.24 - 139.179.10.13
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

  13. #13
    Join Date
    Mar 2017
    Posts
    17
    ==================== MSCONFIG/TASK MANAGER disabled items ==



    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{458A164A-2A83-40A9-9CF6-F09DEB5C42F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{1B9BD2ED-A2F3-4669-9678-CB099CADDAB3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{B92839D7-E05D-4DEE-8FBA-520A41FF0AE5}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{BAA787D1-92B7-4D3F-B05F-073A0C3FB212}] => (Allow) C:\Steam\Steam.exe
    FirewallRules: [{790DD38B-2D8C-465B-95D4-6249283345C9}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{06424155-76A8-442F-B0E2-346B71524333}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{453E5431-9948-44F6-B71F-030129F475B3}] => (Allow) C:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{0B711E6A-71F6-4981-8A00-4BEF21486E5B}] => (Allow) C:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{12D57C11-4036-480D-8628-06C3DAB5D7F2}] => (Allow) C:\Steam\SteamApps\common\Spacewar\SteamworksExample.exe
    FirewallRules: [{F2A34E0E-A7E3-4978-9FC7-7545C750967D}] => (Allow) C:\Steam\SteamApps\common\Spacewar\SteamworksExample.exe
    FirewallRules: [{B24E8689-9375-4979-9F58-9556DFDD7FE7}] => (Allow) C:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{32EA9E2F-F816-44BA-ADA7-5F8B1FDE2B6A}] => (Allow) C:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{B8ABE8D7-5376-477C-8A90-D4B5F592ABA3}] => (Allow) C:\Users\Asce\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{D46BA8D8-D7AC-48FE-9F6C-708180DF7F6E}] => (Allow) C:\Users\Asce\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{75FD7C1B-D0C9-4085-ADE9-BF37F93A5D53}] => (Allow) C:\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{AE8E5E33-7B66-415E-84FA-1642DA83A2CF}] => (Allow) C:\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{9287F43D-18EB-46BD-A913-37FD1BC1FF29}] => (Allow) C:\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
    FirewallRules: [{884E7D36-4B6B-4D3E-8D80-CAD1B60CCEFC}] => (Allow) C:\Steam\SteamApps\common\Call of Duty Black Ops II\t6mp.exe
    FirewallRules: [{8A6B68FF-0820-4845-9BF3-F3DB3C3F304F}] => (Allow) C:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
    FirewallRules: [{13579D56-CA61-4549-B417-482C6BD3C6F7}] => (Allow) C:\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
    FirewallRules: [{0AAD6341-F368-4FAB-B66C-817FF697BA9C}] => (Allow) C:\Steam\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
    FirewallRules: [{FDAF864E-C168-49D1-8D38-37692F42C572}] => (Allow) C:\Steam\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
    FirewallRules: [TCP Query User{768D7918-BAE8-456C-94ED-11EE827FBC68}C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [UDP Query User{F538583C-9828-4C5B-A80C-544AF6AC1D02}C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\asce\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [{E83EB416-9480-48F0-B4C1-4906165AF845}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
    FirewallRules: [{482EF486-1DB9-463A-B689-30230EF651A5}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
    FirewallRules: [{63E62E53-04C2-4159-946D-780877E67A53}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{E0EA29A9-FAAC-479C-8C17-9DECC449766F}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{D1360145-78D8-4529-B7C6-58CB74D8A9E9}] => (Allow) C:\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{65778332-9DF7-4531-AB4E-87620C256401}C:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\game.exe
    FirewallRules: [UDP Query User{97158542-D407-4939-A8F9-30EDA29DCD95}C:\program files (x86)\origin games\command and conquer red alert ii\game.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\game.exe
    FirewallRules: [TCP Query User{50AE6C6D-1F9C-42F5-B1A6-2C0234462B74}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{5AAC0DEE-0AF7-4937-8946-30C4901D1D8C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [{9DFC48D2-942F-4E37-897C-329190B5BCB6}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
    FirewallRules: [{37563006-1568-43B9-B42F-CF30A98DAB87}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
    FirewallRules: [{FA4C023D-27E3-46A6-94D0-6480170087F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{7784A54E-6C08-4034-8024-AF8AA49A8F64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{627B7053-78CE-4024-8534-37A1941E7C53}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{50E11F07-1D4D-4714-A917-E0B427FB9D4D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{2E9B195F-C120-4732-AB75-E5D9B91AC561}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{21EB7C6D-561D-4AA1-87F8-B187160F0CE7}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{8CEAC588-0974-4388-AE41-6A92077AF354}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{85D49392-4EC9-49D7-BDC9-08479635021C}] => (Allow) C:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{A891EF7A-AD93-473F-9AAF-A5CC84E1CD98}] => (Allow) C:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{A8A09009-989F-444F-A192-5B391A25BC20}] => (Allow) C:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{0C0AB31E-BF19-4E69-8C98-5911AF046FEF}] => (Allow) C:\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [{14908FA5-273F-439C-8C30-A267B52B0222}] => (Allow) C:\Steam\SteamApps\common\Terraria\Terraria.exe
    FirewallRules: [TCP Query User{845A900A-6D0D-4608-AB2E-66CE50C7CCB1}C:\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\steam\steamapps\common\war thunder\launcher.exe
    FirewallRules: [UDP Query User{356874B1-6180-4C84-87A8-0E5B4651CEEA}C:\steam\steamapps\common\war thunder\launcher.exe] => (Allow) C:\steam\steamapps\common\war thunder\launcher.exe
    FirewallRules: [{CBE7D417-75D2-4327-B789-0EBC0E25DB39}] => (Allow) C:\Steam\SteamApps\common\Age2HD\Launcher.exe
    FirewallRules: [{348873A4-7388-40EA-A6A6-1CC2A615CB2B}] => (Allow) C:\Steam\SteamApps\common\Age2HD\Launcher.exe
    FirewallRules: [TCP Query User{D3C85D33-E008-4269-AADC-3D8403C8B26C}C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe] => (Allow) C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe
    FirewallRules: [UDP Query User{BB7ADB34-833F-4734-9609-189E9B43CF72}C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe] => (Allow) C:\steam\steamapps\common\age2hd\age2_x1\age2_x1.exe
    FirewallRules: [TCP Query User{A08EE83E-FD86-4F98-AD8C-CD0D45F2E7C1}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
    FirewallRules: [UDP Query User{DF08D976-FAF6-43AF-BCBA-C131F3016B41}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
    FirewallRules: [TCP Query User{839BB445-A274-4919-88EF-D036D5855D79}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [UDP Query User{B2333D85-D96E-4A70-8571-2E3F3F996556}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [TCP Query User{5CF18D48-96B1-48EB-B1A5-2EA725EA6E0A}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3715\agent.exe
    FirewallRules: [UDP Query User{8E12136B-DC50-4AA2-8B90-AB95AB7F545B}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3715\agent.exe
    FirewallRules: [TCP Query User{5E48CF9B-3A6C-48A4-92EB-0C046617D9EB}C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
    FirewallRules: [UDP Query User{F47D2C14-5D86-4544-B219-7BB623201125}C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) C:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
    FirewallRules: [TCP Query User{D8C08E9A-6FCE-443E-BEA1-176DFF4A8922}C:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\steam\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [UDP Query User{607A5763-C6F7-467F-806E-5B124435373F}C:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\steam\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [{4CBA86BD-46D4-4137-AFDA-6C14BADCAB7B}] => (Allow) C:\Steam\SteamApps\common\Magicka\Magicka.exe
    FirewallRules: [{20553E12-A9A2-405D-BF6A-FC75A27D4BA0}] => (Allow) C:\Steam\SteamApps\common\Magicka\Magicka.exe
    FirewallRules: [{3FE5DB57-0CEF-4D11-89B2-9DED2F66604E}] => (Allow) C:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{064EA017-88CA-4CAC-B5FC-D13B43D029D0}] => (Allow) C:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{DCC914F5-0E9E-402E-B1BB-0C28F526D94B}] => (Allow) C:\Steam\SteamApps\common\Bastion\Bastion.exe
    FirewallRules: [{CC87A59B-86FA-4A28-A52E-FA12B2FC4FCD}] => (Allow) C:\Steam\SteamApps\common\Bastion\Bastion.exe
    FirewallRules: [{337D0EF2-F120-42CE-8CC5-62B392FB42DD}] => (Allow) C:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
    FirewallRules: [{A9A3592E-223C-4A6D-B5B0-1FAEB81437BA}] => (Allow) C:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
    FirewallRules: [{6D760926-C82D-420E-A861-F18D0AC677E1}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{3651B532-0C04-4917-9036-3C7C892052B5}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{A440F110-CF58-4FA0-919E-7DA6030B2B48}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
    FirewallRules: [{B3FBAD54-C776-48E5-96FC-8C59D7F51AB2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
    FirewallRules: [{39E13DC8-BD4C-4095-93EA-8C7027A83620}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
    FirewallRules: [{7A5C0495-050F-4100-BFF8-B90CC3A6F240}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
    FirewallRules: [{E9E309E2-E2E6-49BF-86B0-43F36EF54DD7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
    FirewallRules: [{F56DB718-D6DA-4D4C-A51C-B71D4C4F066C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
    FirewallRules: [TCP Query User{4EB4B49F-7C22-4EED-9A65-07A8435BE692}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{259A3B69-E6F3-4A3F-8379-06FF4D50FC0D}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [{E02CC463-48D1-420D-BCD0-948A83B0FB9A}] => (Allow) C:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{75B148F3-EDB5-46FC-BFD4-03ACECCAD858}] => (Allow) C:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{EBC98A17-83DE-4EA9-AE90-AFA020F78C98}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
    FirewallRules: [{26EB3412-85B3-4BD4-8543-E281738C45DC}] => (Allow) C:\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
    FirewallRules: [{4028C7BE-6823-4B7A-BF03-C0B5FDB2FC70}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{63F54E8A-464E-4C05-834F-53378A25565A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{7ECD9E37-E671-49C2-89CC-0CE1FCEA1D0B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{B9E11AA8-989B-457E-8412-FED0C09FAA7B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{52C178C9-9383-4E4D-AB6F-0EFACA21B481}] => (Allow) C:\Steam\SteamApps\common\H1Z1\LaunchPad.exe
    FirewallRules: [{EB8D9685-B910-4A3F-A3BA-22F09ED80BB1}] => (Allow) C:\Steam\SteamApps\common\H1Z1\LaunchPad.exe
    FirewallRules: [{1F653092-0193-4E9D-A4A9-D9BAB23A62B3}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
    FirewallRules: [{00E7DAF6-55C8-4464-AC17-9EAE73F5E4E3}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
    FirewallRules: [{F99637CA-952B-47AD-AD14-AF6DC74905AB}] => (Allow) C:\Steam\SteamApps\common\Half-Life 2\hl2.exe
    FirewallRules: [{A364DEA6-23BA-401C-B80C-CAD40B226383}] => (Allow) C:\Steam\SteamApps\common\Half-Life 2\hl2.exe
    FirewallRules: [{B5641A06-9510-4386-8D3B-9B965EFB5459}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{04E1DCA9-D488-4A35-9AF9-DB6F2FC757EB}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
    FirewallRules: [{44422A73-CAA9-4137-A451-384E7B7C1A22}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{40C4CD7D-3523-4B43-AF57-B73701C12215}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
    FirewallRules: [{12A921F1-2A9D-40CA-9456-FA194BFCB4F7}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
    FirewallRules: [{AA0A859B-07F0-4BA3-9E7A-A59240502D6B}] => (Allow) C:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
    FirewallRules: [{D39FD8B2-9260-4187-8BCD-180D1A121F24}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\BeatHazard.exe
    FirewallRules: [{9468B3F8-6539-4430-9E8F-7A56FC000EEA}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\BeatHazard.exe
    FirewallRules: [{5660E3DB-1CD1-4F30-BBC7-4D5BC135E208}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\runme.exe
    FirewallRules: [{793BB8AF-E93F-414D-B6DA-268BA0DA5ADD}] => (Allow) C:\Steam\SteamApps\common\Beat Hazard\runme.exe
    FirewallRules: [TCP Query User{1005A1D9-6A03-4EFA-A654-F3AAAC65B81A}C:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) C:\steam\steamapps\common\counter-strike source\hl2.exe
    FirewallRules: [UDP Query User{DA3D4B21-A3AC-491B-BBB2-09911F8ED5AF}C:\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) C:\steam\steamapps\common\counter-strike source\hl2.exe
    FirewallRules: [{977241C8-6B2A-43ED-99CD-251F5387F0A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{BB40CF8B-46CF-424C-9BEB-C3E69EA66CF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{7E06EBD3-8902-429D-96E9-4F4704626099}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{B28CDDCB-DB4E-4120-AC00-F74C750EAEA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{40477175-FB13-4A91-8F71-4C0863E7261A}C:\program files (x86)\jack\jackd.exe] => (Allow) C:\program files (x86)\jack\jackd.exe
    FirewallRules: [UDP Query User{00D46205-F72E-4088-93AE-69F501AC46C9}C:\program files (x86)\jack\jackd.exe] => (Allow) C:\program files (x86)\jack\jackd.exe
    FirewallRules: [{F8105125-8BA8-4A51-8E57-93B087A3DFE0}] => (Allow) C:\Steam\SteamApps\common\Gotham City Impostors F2P\Engine.exe
    FirewallRules: [{F96FEC7E-5A55-43BA-817D-7678852B4247}] => (Allow) C:\Steam\SteamApps\common\Gotham City Impostors F2P\Engine.exe
    FirewallRules: [TCP Query User{F6369E5B-2513-4ECD-969E-FE348930B4EA}C:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [UDP Query User{B9CD162F-7332-44EF-829F-152DC5664223}C:\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [{9DCBFD6F-2999-4FBC-BA55-AF1BF04B1488}] => (Allow) C:\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
    FirewallRules: [{ED753236-A68E-4324-BBA7-64AC97142180}] => (Allow) C:\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
    FirewallRules: [{53ACA7E4-2CF2-4D1B-A6B1-3944E1442245}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\sw.exe
    FirewallRules: [{C1391A5A-991E-44F6-8A08-1D6D8B94D319}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\sw.exe
    FirewallRules: [{21609DDB-E13E-424C-BA99-562DC521697F}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
    FirewallRules: [{163A9E33-7DA5-4B92-B5D7-146A89D1017D}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe
    FirewallRules: [{89F8D722-ED46-49BC-88E7-79EC3D18ED84}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\build.exe
    FirewallRules: [{54B6E249-05C8-4DF3-A11E-533A4B0630B2}] => (Allow) C:\Steam\SteamApps\common\Shadow Warrior Classic\bin\build.exe
    FirewallRules: [{91BD5A96-25B6-469B-8214-045D3D45E0AB}] => (Allow) C:\Steam\SteamApps\common\Serious Sam 2\Bin\Sam2.exe
    FirewallRules: [{D76CF486-0176-486E-8E63-D89919DD2C4F}] => (Allow) C:\Steam\SteamApps\common\Serious Sam 2\Bin\Sam2.exe
    FirewallRules: [TCP Query User{E79AEF5B-CDF5-4D93-B863-28426B8864DF}C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe] => (Allow) C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe
    FirewallRules: [UDP Query User{2EE07E21-D533-4262-9A98-ED26CC072427}C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe] => (Allow) C:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe
    FirewallRules: [{F8969FFB-6159-4A43-B0BB-05734FD1BBB5}] => (Allow) C:\Steam\SteamApps\common\Commandos 2 Men of Courage\comm2.exe
    FirewallRules: [{D63320BC-3121-4027-BA43-55BCF9AEDDEF}] => (Allow) C:\Steam\SteamApps\common\Commandos 2 Men of Courage\comm2.exe
    FirewallRules: [{A5648C60-C137-4E82-B8A6-4C7C44402AE3}] => (Allow) C:\Steam\SteamApps\common\Grand Theft Auto Vice City\gta-vc.exe
    FirewallRules: [{B4F72047-6506-4246-91ED-932D9E6AB248}] => (Allow) C:\Steam\SteamApps\common\Grand Theft Auto Vice City\gta-vc.exe
    FirewallRules: [{25FE4756-9D28-47DE-91A2-47AED6C8D3F4}] => (Allow) C:\Steam\SteamApps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{5C7295D5-8895-477A-A561-0CD5A5E28DF2}] => (Allow) C:\Steam\SteamApps\common\Europa Universalis IV\eu4.exe
    FirewallRules: [{BD2BB551-17DB-4F57-AD9A-A407C6C9ED68}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{FEE3A5B0-87D2-4CEC-8A2B-F4F4608181AC}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{2DF41A9A-25EB-4EF2-BE02-621B5742448F}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{19D82A3F-6D85-4DE5-A0D9-494896E22E55}] => (Allow) C:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [TCP Query User{4FC09390-68F5-44A3-AE5C-DC9CBECB5CBF}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
    FirewallRules: [UDP Query User{BCFC344D-0FAA-4581-9D72-FDF142AA8F06}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
    FirewallRules: [{E82AAA06-A582-4049-BE22-2F7B4CE6EDAC}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
    FirewallRules: [{2C449822-5CFE-467F-92C0-E18790451F8E}] => (Allow) C:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
    FirewallRules: [TCP Query User{30D5AB24-1CEA-4142-9A25-6CF3F14E8E07}C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Allow) C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
    FirewallRules: [UDP Query User{CD2B38B6-00E4-4CE3-A83F-A7769712EC2F}C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Allow) C:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
    FirewallRules: [{F1DE7916-2403-43E6-981A-16398A49CF26}] => (Allow) C:\Steam\SteamApps\common\The Crew\TheCrew.exe
    FirewallRules: [{8A3392D1-C171-4102-86EB-FCDFFCD4566E}] => (Allow) C:\Steam\SteamApps\common\The Crew\TheCrew.exe
    FirewallRules: [TCP Query User{9BD545FF-621A-4652-B07B-B8F63FDAA3BF}C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe] => (Allow) C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe
    FirewallRules: [UDP Query User{D97670D7-40C8-4411-8BA2-5614DF28E8DD}C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe] => (Allow) C:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe
    FirewallRules: [{9A3D033A-FCD6-4FBD-921D-AFC138AB1FB2}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{92A8D395-8F33-464A-BC17-7115E1DE793F}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{14D86838-3752-48AF-989D-5E5A42CF3788}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
    FirewallRules: [{12379673-21C0-465D-A44D-78D53B36A81A}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
    FirewallRules: [{D0F6C4AE-F57E-4EC9-8BDF-87D8D4950EAF}] => (Allow) C:\Steam\SteamApps\common\AirMech\AirMech.exe
    FirewallRules: [{A4A6D63A-E11D-445A-B0D8-B7D3A6115A2A}] => (Allow) C:\Steam\SteamApps\common\AirMech\AirMech.exe
    FirewallRules: [TCP Query User{D403AD49-AEA0-4C63-9BF5-16F1BDDC701C}C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe
    FirewallRules: [UDP Query User{12D09060-16DB-44BB-A094-7725AF3CC4EE}C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\outlast\binaries\win64\olgame.exe
    FirewallRules: [{C69DF29F-F81E-4265-8ACC-92A85E08EDFD}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{EFAE076E-AEF6-47E7-95EA-A835E2BBB425}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{FC4E9CEB-A979-454F-A1FF-C8A98F699476}] => (Allow) C:\Steam\SteamApps\common\Medal of Honor\MP\mohmpgame.exe
    FirewallRules: [{C5385961-ED96-40FD-A3C1-D6F29ECE5904}] => (Allow) C:\Steam\SteamApps\common\Medal of Honor\MP\mohmpgame.exe
    FirewallRules: [{ABEEC177-9161-4546-83B5-D09D820A3999}] => (Allow) D:\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{1E441118-B489-47A1-83A2-E3DFF93C5798}] => (Allow) D:\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{7DB421E5-9D8B-4BDE-AF0A-CEFA08DCB8BE}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
    FirewallRules: [{3B3E78BA-5353-4B0B-9FA0-55AFFDBDAFDC}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
    FirewallRules: [{4796D9DA-8E27-4597-9653-3A14889D8F57}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{418656AB-1D20-44EC-BEDB-E29EA925C85F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
    FirewallRules: [{AAE20059-60B3-4B80-8D00-3295B2C2B0E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{4A466575-55FC-4D2C-B2AA-4D3660566503}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{B87F36AA-842A-40EF-B6E8-27548798E9C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{A8555116-534A-428D-B04C-636A71E24141}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{0EDBC1A7-923D-4FD2-BF33-FE783C7B8904}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
    FirewallRules: [{A9BD6E62-3F3F-49C9-91DA-48AE22A97E21}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
    FirewallRules: [TCP Query User{BC0D9FB8-87BE-476D-9F44-9ADA26398327}C:\users\asce\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asce\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{7C06F8F0-F62B-4781-AB2E-F3AED079BA0A}C:\users\asce\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asce\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{79DAE8A2-005F-4664-81F3-638F983ABA34}] => (Allow) D:\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{4632AB5C-9892-4C41-B459-95F9D2C9F23E}] => (Allow) D:\Steam\steamapps\common\Besiege\Besiege.exe
    FirewallRules: [{BF4E11DC-8684-456B-9BF5-9BDFAAC81F4F}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{3AD1EF6F-E286-4E94-B6FC-242CB9CB2680}] => (Allow) D:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{C152F5B1-83A3-4782-B426-6A4F10E8F7A0}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{9980EB2B-52CC-4000-A12F-16DF86E1215E}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{8A31570E-B9A6-4F32-AA89-0D4B82BE23BC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
    FirewallRules: [{F4B49610-13E0-4433-B5D3-A2E9BA3D8848}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
    FirewallRules: [TCP Query User{F3C73510-4E31-4969-807C-0A9CAA20E395}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [UDP Query User{BA230D1B-712D-47BA-B8E7-570C1CB997F7}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
    FirewallRules: [TCP Query User{0B12062F-ED8A-426D-8C34-9C1B55949527}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe
    FirewallRules: [UDP Query User{05AE1AC8-DD09-4CF9-837B-2EE0231AF0F8}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd-spawn.exe
    FirewallRules: [{B020C7DA-D5D0-4233-AEDD-7169A8E4BB52}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [{FE62A208-9F35-4442-976D-2FEEDA4445D7}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{4E45818F-FED2-49A6-9CBD-51D5CC162753}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
    FirewallRules: [UDP Query User{B454EA65-1E22-486F-8A36-8CEC156E7D24}C:\program files (x86)\hlsw\hlsw.exe] => (Allow) C:\program files (x86)\hlsw\hlsw.exe
    FirewallRules: [{B454E9C7-03B1-4B93-8E94-0359454D7D22}] => (Allow) D:\Steam\steamapps\common\Chess\Chess.exe
    FirewallRules: [{C88A73B2-8CAF-4C03-8882-3C61E8D1BA29}] => (Allow) D:\Steam\steamapps\common\Chess\Chess.exe
    FirewallRules: [{B83943CE-D73A-4598-8DD4-4F5D5AE7248C}] => (Allow) D:\Steam\steamapps\common\Emily is Away\emily is away.exe
    FirewallRules: [{7B75273B-A9B8-4F2A-805E-47DD6C574767}] => (Allow) D:\Steam\steamapps\common\Emily is Away\emily is away.exe
    FirewallRules: [{A2F396A7-B2CF-42CA-AFD9-95D562155303}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{BD86AFE3-7A08-4CBD-8E3C-70F275EC7633}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{FB1DB392-1FBB-470E-A284-A14C21B77E2F}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
    FirewallRules: [{6E4E64A9-BD73-48AB-B9CA-D5069F57BD02}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
    FirewallRules: [TCP Query User{C0584E31-3065-4474-AA88-C3D2CED601E7}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
    FirewallRules: [UDP Query User{12453E44-3186-4CE2-A32F-0D8D5B419BA8}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
    FirewallRules: [{080F8DDD-54E9-43D3-836E-6EBFB404542C}] => (Allow) D:\Steam\steamapps\common\Hurtworld\Hurtworld.exe
    FirewallRules: [{331F7D72-D517-49C1-B759-60B72E382F3D}] => (Allow) D:\Steam\steamapps\common\Hurtworld\Hurtworld.exe
    FirewallRules: [{10BF1FEB-6697-49DB-8595-E4D1E2E8B83D}] => (Allow) D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{A62301DE-D76B-4513-B3E3-A17BAEDF9566}] => (Allow) D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{03614493-9155-4642-8BCD-76B5E4E58C06}] => (Allow) D:\Steam\steamapps\common\insurgency2\insurgency.exe
    FirewallRules: [{A82C9D23-53BF-4AA1-95D0-69CFEDF188AC}] => (Allow) D:\Steam\steamapps\common\insurgency2\insurgency.exe
    FirewallRules: [{9392E0AC-BA83-4155-999C-15EB4741B59C}] => (Allow) C:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{037A7B93-0AC1-4E8E-95CB-E1EAFD0947A2}] => (Allow) C:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{A17C01CD-8D5D-4417-A7EE-445BB4F45D49}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{83CA53FF-A8E9-4C1C-9061-4E09E4B68BA7}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
    FirewallRules: [{AD60D0CB-D079-40B7-AB63-A9DFA29B12B9}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{81CB5D6C-2744-431F-8A83-34309192E094}] => (Allow) D:\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
    FirewallRules: [{95C4C220-2428-4436-87C7-331BE8F96D80}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{46D42169-680A-4110-80D5-C8F381764AF5}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{F3C6CB40-EBA7-46F7-A5A4-5077C91240FE}] => (Allow) D:\Steam\steamapps\common\Hurtworld\HurtworldClient.exe
    FirewallRules: [{B987E40A-2C59-4489-B0C1-0B408DEB8521}] => (Allow) D:\Steam\steamapps\common\Hurtworld\HurtworldClient.exe
    FirewallRules: [{33E3B8C7-D825-40D4-B88E-26C9C9E26D8C}] => (Allow) D:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{1E4EE38F-AC94-4307-901E-DA37617F72DE}] => (Allow) D:\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
    FirewallRules: [{B5D7C706-2A1B-429F-90A7-E0220107A5CD}] => (Allow) D:\Steam\steamapps\common\Rust\Rust.exe
    FirewallRules: [{4C03A861-6A96-4C12-B277-300070550356}] => (Allow) D:\Steam\steamapps\common\Rust\Rust.exe
    FirewallRules: [{324A5F0A-2635-4A82-BD38-F34624679746}] => (Allow) D:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{E862CBC5-EFB8-4398-A891-354D4DA629EC}] => (Allow) D:\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{1F801F28-19EA-46A0-B39F-28F144AF3F61}] => (Allow) D:\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
    FirewallRules: [{528F2B1E-E34E-4E4C-B767-0C993677A83B}] => (Allow) D:\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
    FirewallRules: [{92B7EAB7-A8C0-4A30-9E7D-F90A1CFB1F59}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
    FirewallRules: [{B694DBF6-C326-4C3B-9863-1C59EAD89BA4}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
    FirewallRules: [{EBE38983-40BD-4F75-BD97-CC6E2B112299}] => (Allow) D:\Steam\steamapps\common\lethalleague\LethalLeague.exe
    FirewallRules: [{1EC91F64-C926-4A17-BE09-D4AAA1CE2DE8}] => (Allow) D:\Steam\steamapps\common\lethalleague\LethalLeague.exe
    FirewallRules: [{736DEABA-05F3-4543-8315-47A10349735F}] => (Allow) D:\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
    FirewallRules: [{E70C31A8-AD26-47B4-A688-C9F944865EF5}] => (Allow) D:\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
    FirewallRules: [{31B84675-81BF-4394-947F-815AD32A6288}] => (Allow) D:\Steam\steamapps\common\DrinkBox_Game4\Game.exe
    FirewallRules: [{D9BC3167-5066-43F0-9FD7-7CDD7910DA8E}] => (Allow) D:\Steam\steamapps\common\DrinkBox_Game4\Game.exe
    FirewallRules: [{D4ECB153-C424-4CD0-A70D-401F67D30A5D}] => (Allow) D:\Steam\steamapps\common\Guacamelee\Guac.exe
    FirewallRules: [{C00B9462-0FC5-4A42-95C1-1E15D4C62618}] => (Allow) D:\Steam\steamapps\common\Guacamelee\Guac.exe
    FirewallRules: [{29DD87A8-F8FC-4BC4-B8D3-E7B2DD2F3D01}] => (Allow) D:\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
    FirewallRules: [{C54E50EF-498D-4683-AC04-FAAE44EBD024}] => (Allow) D:\Steam\steamapps\common\Grim Fandango Remastered\GrimFandango.exe
    FirewallRules: [{5E70CF38-D185-4002-B7BE-4B443D898E0B}] => (Allow) D:\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
    FirewallRules: [{03B1D084-A9F2-4B6F-A0EF-EF3FB6635E23}] => (Allow) D:\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
    FirewallRules: [{2B991ECD-52B7-42EE-96D9-84554DE21821}] => (Allow) D:\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{3F46213D-A04D-443E-8290-D3120206002D}] => (Allow) D:\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{48708460-942D-40F8-BB4B-8ECBB4A35B88}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{A591C18D-231C-4A0B-B179-192968E526C3}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{8CD86956-F917-418A-A12D-6F18519E71E9}] => (Allow) C:\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{28DBF86F-8E00-4FFA-94DA-CD3B0A53A87E}] => (Allow) C:\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{430AD443-9620-473B-AB15-DCF9A7FC71EE}] => (Allow) D:\Steam\steamapps\common\reflexfps\reflex.exe
    FirewallRules: [{F979A09A-9AC2-48BC-B7E4-CAADB4F65927}] => (Allow) D:\Steam\steamapps\common\reflexfps\reflex.exe
    FirewallRules: [{C2F0BBC3-A299-46B1-86B2-451BDDD55AE0}] => (Allow) C:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{FDEDC4C5-44BB-4930-B0E4-D33F88B22B5E}] => (Allow) C:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{E82311DF-100B-4D06-B9F9-88964D641101}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{ED9FA859-D372-4FAD-B2F7-6AD001F63E47}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{77D5DD51-D142-4054-9894-DBD4EC410A3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{12A6A3CA-AB57-46C7-A81A-F608F506D56A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{09D96CB5-E737-49C2-A555-9537B8E7BFF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{B7251954-FBB2-4B13-9B8D-CCBB3D232548}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{75719BF4-A39A-4CFA-A06B-F6CD00557C9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0A7FC381-B8ED-46DD-A6E5-D01F427F135E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{0B89F618-F543-47B1-A5ED-218FC68B5732}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
    FirewallRules: [{563A0BB8-703F-4E57-8260-B5B696CB0014}] => (Allow) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe
    FirewallRules: [TCP Query User{6F3DB904-B82C-46FA-8C66-A9E01D6DCB0E}D:\ow\overwatch\overwatch.exe] => (Allow) D:\ow\overwatch\overwatch.exe
    FirewallRules: [UDP Query User{D63BB14E-CD94-4310-9696-37C2BB06A177}D:\ow\overwatch\overwatch.exe] => (Allow) D:\ow\overwatch\overwatch.exe
    FirewallRules: [{7AF4F977-4977-4BB6-B518-9BCE476995EA}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{D4E3A1E6-490D-4E2B-A62B-90308146D692}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe

    ==================== Restore Points =========================

    24-03-2017 17:14:26 Automatic creation
    25-03-2017 10:22:06 Automatic creation
    27-03-2017 17:59:52 Automatic creation
    28-03-2017 05:55:56 Automatic creation

    ==================== Faulty Device Manager Devices =============

    Name: Marvell 91xx Config ATA Device
    Description: Marvell 91xx Config ATA Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/28/2017 05:55:56 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {d6814828-49f9-49a0-a49d-c7c9bb31b339}

    Error: (03/28/2017 05:26:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/27/2017 05:59:52 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {5996f260-61ff-4735-a7c0-c774b818d91b}

    Error: (03/27/2017 05:30:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/27/2017 05:10:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/27/2017 04:58:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/27/2017 04:54:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/27/2017 04:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/27/2017 04:42:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/27/2017 04:28:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program CCC.exe version 4.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 14c8

    Start Time: 01d2a6fd68245436

    Termination Time: 7

    Application Path: C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe

    Report Id: 3d46833c-12f1-11e7-9ba3-00aca320a6d8


    System errors:
    =============
    Error: (03/27/2017 05:29:20 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:12:31 PM on ‎3/‎27/‎2017 was unexpected.

    Error: (03/27/2017 04:56:46 PM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!

    Error: (03/27/2017 04:53:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (03/27/2017 04:53:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (03/27/2017 04:53:25 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
    {9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (03/27/2017 04:53:25 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
    {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (03/27/2017 04:53:24 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server:
    {A47979D2-C419-11D9-A5B4-001185AD2B89}

    Error: (03/27/2017 04:53:24 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (03/27/2017 04:53:23 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (03/27/2017 04:53:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    AFD
    AppleCharger
    DfsC
    discache
    ESProtectionDriver
    klbackupflt
    klhk
    KLIF
    KLIM6
    klpd
    kltdi
    Klwtp
    kneps
    NetBIOS
    NetBT
    nsiproxy
    Psched
    rdbss
    spldr
    tdx
    vwififlt
    Wanarpv6
    WfpLwf
    ws2ifsl


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
    Percentage of memory in use: 46%
    Total physical RAM: 6142.43 MB
    Available physical RAM: 3304.15 MB
    Total Virtual: 12283.04 MB
    Available Virtual: 9110.91 MB

    ==================== Drives ================================

    Drive c: (HDD Main) (Fixed) (Total:931.41 GB) (Free:247.51 GB) NTFS
    Drive d: (SSD) (Fixed) (Total:223.57 GB) (Free:46.9 GB) NTFS
    Drive f: (Fallout 4) (CDROM) (Total:24.47 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C232954D)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: E9CEE9B3)
    Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  14. #14
    Join Date
    Mar 2017
    Posts
    17
    I have realized my computer is constantly using 3gbs of ram even while idle. and cpu fan is making sounds all the time i guess because of trojan.

  15. #15
    Join Date
    Mar 2017
    Posts
    17
    2017-03-25 07:38 - 2017-03-25 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
    2017-03-25 07:37 - 2017-03-25 07:37 - 00000000 ____D C:\Windows\ELAMBKUP
    2017-03-25 07:37 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
    2017-03-25 07:36 - 2017-03-28 05:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2017-03-25 07:36 - 2017-03-25 08:10 - 01035488 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
    2017-03-25 07:36 - 2017-03-25 08:10 - 00195296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
    2017-03-25 07:36 - 2017-03-25 07:38 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
    2017-03-25 07:34 - 2017-03-25 07:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2017-03-25 07:31 - 2017-03-25 07:32 - 175941664 _____ (Kaspersky Lab) C:\Users\Asce\Desktop\kav17.0.0.611en_11479.exe
    2017-03-25 07:11 - 2017-03-25 07:11 - 01663904 _____ (Malwarebytes) C:\Users\Asce\Desktop\JRT.exe
    2017-03-25 07:09 - 2017-03-25 07:09 - 00003094 _____ C:\Windows\System32\Tasks\{9920CA20-B02B-48F7-80EB-96FBB5119F13}
    2017-03-25 06:54 - 2017-03-25 07:14 - 00000000 ____D C:\AdwCleaner
    2017-03-25 05:03 - 2017-03-25 05:03 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-03-25 05:02 - 2017-03-25 05:02 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-03-25 04:58 - 2017-03-25 05:01 - 00001023 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-03-25 04:58 - 2017-03-25 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-03-25 04:58 - 2017-03-25 04:58 - 00000000 ____D C:\Program Files\RogueKiller
    2017-03-25 04:56 - 2017-03-25 04:56 - 04031440 _____ C:\Users\Asce\Desktop\AdwCleaner.exe
    2017-03-24 17:02 - 2017-03-24 17:02 - 00000000 ____D C:\Users\Asce\Desktop\resimler yedek
    2017-03-24 16:10 - 2017-03-24 16:18 - 00000000 ____D C:\Users\Asce\Documents\Overwatch
    2017-03-24 15:08 - 2017-03-28 06:03 - 00000000 ____D C:\FRST
    2017-03-24 15:08 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
    2017-03-24 15:08 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
    2017-03-24 15:08 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-03-24 15:08 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-03-24 15:08 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-03-24 15:08 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
    2017-03-24 15:08 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
    2017-03-24 15:08 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
    2017-03-24 14:05 - 2017-03-24 14:05 - 02424832 _____ (Farbar) C:\Users\Asce\Desktop\FRST64.exe
    2017-03-24 13:58 - 2017-03-24 15:07 - 00000000 ____D C:\Qoobox
    2017-03-24 13:57 - 2017-03-27 16:54 - 00000000 ___SD C:\32788R22FWJFW
    2017-03-24 13:57 - 2017-03-27 16:33 - 00000000 ____D C:\Windows\erdnt
    2017-03-24 13:57 - 2017-03-24 13:57 - 05659269 _____ (Swearware) C:\Users\Asce\Downloads\ComboFix.exe
    2017-03-24 13:38 - 2017-03-24 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
    2017-03-24 13:10 - 2017-03-28 05:34 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-03-24 13:10 - 2017-03-28 05:25 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-03-24 13:10 - 2017-03-27 16:41 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-03-24 13:09 - 2017-03-28 05:25 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-03-24 13:09 - 2017-03-28 05:25 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2017-03-24 13:09 - 2017-03-25 09:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-03-24 13:09 - 2017-03-25 07:46 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-03-24 13:09 - 2017-03-25 06:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-24 13:09 - 2017-03-24 13:10 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-03-24 13:09 - 2017-03-24 13:09 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-03-24 13:09 - 2017-02-24 07:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-03-24 13:07 - 2017-03-24 13:07 - 57131432 _____ (Malwarebytes ) C:\Users\Asce\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-24 13:06 - 2017-03-24 13:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Asce\Downloads\mbar-1.09.3.1001.exe
    2017-03-24 13:05 - 2017-03-24 13:05 - 05788712 _____ C:\Users\Asce\Downloads\qssetup.exe
    2017-03-24 12:58 - 2017-03-24 12:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-03-24 12:55 - 2015-07-18 16:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-03-24 12:55 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-03-24 12:43 - 2017-03-27 16:20 - 00000000 ____D C:\Users\Asce\AppData\Local\NVIDIA Corporation
    2017-03-24 12:37 - 2017-03-27 16:20 - 00000000 ____D C:\Users\Asce\AppData\Local\NVIDIA
    2017-03-24 12:37 - 2017-03-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-03-24 12:35 - 2017-03-28 05:24 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-03-24 12:35 - 2016-01-23 04:12 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2017-03-24 12:34 - 2017-03-25 10:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-03-24 12:34 - 2016-01-23 04:04 - 06368312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2017-03-24 12:34 - 2016-01-23 04:04 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2017-03-24 12:34 - 2016-01-23 04:04 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2017-03-24 12:34 - 2016-01-23 04:04 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2017-03-24 12:34 - 2016-01-23 04:04 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2017-03-24 12:34 - 2016-01-23 04:04 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2017-03-24 12:34 - 2016-01-23 04:04 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2017-03-24 12:34 - 2016-01-23 04:04 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2017-03-24 12:34 - 2016-01-23 00:07 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
    2017-03-24 12:33 - 2016-06-26 03:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-03-24 12:33 - 2016-06-26 03:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2017-03-24 12:33 - 2016-06-26 03:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2017-03-24 12:33 - 2016-06-26 03:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
    2017-03-24 12:33 - 2016-06-25 22:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
    2017-03-24 12:33 - 2016-06-25 22:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
    2017-03-24 12:33 - 2016-06-25 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
    2017-03-24 12:33 - 2016-06-25 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
    2017-03-24 12:33 - 2016-03-18 01:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-03-24 12:33 - 2016-03-18 01:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 37614528 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 31079992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 24911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 21193544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 18758400 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 17626352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 16995064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 16327896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 12379072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2017-03-24 12:33 - 2016-01-23 06:42 - 03683560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 03258664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 02721216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2017-03-24 12:33 - 2016-01-23 06:42 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2017-03-24 12:33 - 2016-01-23 06:42 - 00034905 _____ C:\Windows\system32\nvinfo.pb
    2017-03-24 12:33 - 2016-01-06 22:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2017-03-24 12:33 - 2016-01-06 21:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2017-03-24 12:33 - 2015-12-09 00:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2017-03-24 12:33 - 2015-12-09 00:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
    2017-03-24 12:33 - 2015-12-09 00:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
    2017-03-24 12:33 - 2015-12-09 00:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2017-03-24 12:33 - 2015-12-09 00:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
    2017-03-24 12:33 - 2015-12-09 00:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2017-03-24 12:33 - 2015-12-09 00:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
    2017-03-24 12:33 - 2015-12-09 00:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
    2017-03-24 12:33 - 2015-12-09 00:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
    2017-03-24 12:33 - 2015-12-09 00:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2017-03-24 12:33 - 2015-12-08 22:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2017-03-24 12:33 - 2015-12-08 22:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
    2017-03-24 12:33 - 2015-12-08 22:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2017-03-24 12:33 - 2015-12-08 21:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2017-03-24 12:33 - 2015-12-08 21:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2017-03-24 12:33 - 2015-12-08 21:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
    2017-03-24 12:33 - 2015-11-14 02:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
    2017-03-24 12:33 - 2015-11-14 02:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
    2017-03-24 12:33 - 2015-11-14 02:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
    2017-03-24 12:33 - 2015-11-14 01:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
    2017-03-24 12:33 - 2015-11-14 01:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
    2017-03-24 12:33 - 2015-11-14 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
    2017-03-24 12:32 - 2017-03-04 20:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-03-24 12:32 - 2017-03-04 19:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-03-24 12:32 - 2017-03-04 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-03-24 12:32 - 2017-03-04 11:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-03-24 12:32 - 2017-03-04 11:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-03-24 12:32 - 2017-03-04 11:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-03-24 12:32 - 2017-03-04 11:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-03-24 12:32 - 2017-03-04 11:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-03-24 12:32 - 2017-03-04 11:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-03-24 12:32 - 2017-03-04 10:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-03-24 12:32 - 2017-03-04 10:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-03-24 12:32 - 2017-03-04 10:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-03-24 12:32 - 2017-03-04 10:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-03-24 12:32 - 2017-03-04 10:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-03-24 12:32 - 2017-03-04 10:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-03-24 12:32 - 2017-03-04 10:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-03-24 12:32 - 2017-03-04 10:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-03-24 12:32 - 2017-03-04 10:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-03-24 12:32 - 2017-03-04 10:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-03-24 12:32 - 2017-03-04 10:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-03-24 12:32 - 2017-03-04 10:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-03-24 12:32 - 2017-03-04 10:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-03-24 12:32 - 2017-03-04 10:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-03-24 12:32 - 2017-03-04 10:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-03-24 12:32 - 2017-03-04 10:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-03-24 12:32 - 2017-03-04 10:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-03-24 12:32 - 2017-03-04 10:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-03-24 12:32 - 2017-03-04 09:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-03-24 12:32 - 2017-03-04 09:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-03-24 12:32 - 2017-03-04 09:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-03-24 12:32 - 2017-03-04 09:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-03-24 12:32 - 2017-03-04 09:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-03-24 12:32 - 2017-03-04 09:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-03-24 12:32 - 2017-03-04 09:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-03-24 12:32 - 2017-03-04 09:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-03-24 12:32 - 2017-03-04 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-03-24 12:32 - 2017-03-04 07:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-03-24 12:32 - 2017-03-02 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-03-24 12:32 - 2017-03-02 21:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-03-24 12:32 - 2017-03-02 21:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-03-24 12:32 - 2017-03-02 21:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-03-24 12:32 - 2017-03-02 21:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-03-24 12:32 - 2017-03-02 21:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-03-24 12:32 - 2017-03-02 20:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-03-24 12:32 - 2017-03-02 20:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-03-24 12:32 - 2017-03-02 20:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-03-24 12:32 - 2017-03-02 20:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-03-24 12:32 - 2017-03-02 20:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-03-24 12:32 - 2017-03-02 20:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-03-24 12:32 - 2017-03-02 20:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-03-24 12:32 - 2017-03-02 20:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-03-24 12:32 - 2017-03-02 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-03-24 12:32 - 2017-03-02 20:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-03-24 12:32 - 2017-03-02 20:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-03-24 12:32 - 2017-03-02 20:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-03-24 12:32 - 2017-03-02 20:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-03-24 12:32 - 2017-03-02 20:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-03-24 12:32 - 2017-03-02 20:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-03-24 12:32 - 2017-03-02 20:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-03-24 12:32 - 2017-03-02 20:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-03-24 12:32 - 2017-03-02 20:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-03-24 12:32 - 2017-03-02 20:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-03-24 12:32 - 2017-03-02 20:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-03-24 12:32 - 2017-03-02 19:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-03-24 12:32 - 2017-03-02 19:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-03-24 12:32 - 2017-03-02 19:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-03-24 12:32 - 2017-02-11 18:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-03-24 12:32 - 2017-02-11 18:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-03-24 12:32 - 2017-02-11 18:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-03-24 12:32 - 2017-02-10 19:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-03-24 12:32 - 2017-02-10 19:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-03-24 12:32 - 2017-02-10 19:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-03-24 12:32 - 2017-02-10 19:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-03-24 12:32 - 2017-02-10 17:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-03-24 12:32 - 2017-02-09 19:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-03-24 12:32 - 2017-02-09 19:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-03-24 12:32 - 2017-02-09 19:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-03-24 12:32 - 2017-02-09 19:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-03-24 12:32 - 2017-02-09 19:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-03-24 12:32 - 2017-02-09 19:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-03-24 12:32 - 2017-02-09 19:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-03-24 12:32 - 2017-02-09 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •