Malware infected computer/browser cannot remove need help!

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Malware infected computer/browser cannot remove need help!

Postby Heinrich6745 » Fri Mar 10, 2017 4:10 am

This morning i was not fully awake and downloaded a file and me not paying attention i ran the file which listed itself as a codec for Windows Media Player (I use VLC anyways so once again i was not fully thinking due to being tired) which infected my computer but i pretty much cleaned them except 1 thing remains which is my browser (Google Chrome)is infected with "Nova.rambler.ru" search engine and i get popups and annoying things with it. I go to search anything and it will pop up most of the time instead of my default search engine which is google. I Had a friend help me a few hours ago which made things worse when he had me get a program called "Reimage" because he used it in the past and it fixed his problems but i got even more infections from the links which i got rid of after awhile. I have also noticed that even though i currently have all my extensions disabled right now, when i do enable them they do not even work, nor do my skins or scripts. Really sucks cause i cannot stand all the bright colors and white, i have all my main websites i visit dark colors or simply black, facebook included. My popup blocker as well is not working and i keep getting popups because of this stupid ramber virus.

I have tried going back to a restore point of 2 days ago but i got an error saying the following

"System restore did not complete Successfully. Your computer's system files and settings were not changed.

Details:
System restore failed while restoring the directory from the restore point.
Source: AppxStaging
Destination: %ProgramdFiles%\WindowsApps
An unspecified error occurred during system restore. (0x80070091)

You can try system restore again and choose a different restore point. If you continue to see this error , you can try an advanced recovery method."


I did just this and went back to the 1st of the month hoping it would work this however it didn't and i started looking into this issue with WindowsApps but nothing i did actually worked in the end so i started searching other ways to get rid of the russian crap in my browser which led me to HijackThis after everything else i have searched for and done myself over the whole day had not worked. I am new to HijackThis so i have no clue what i am looking for when reading logs and was told to come here and make this post with my log for help but it seems dead around here so i hope i get a reply soon because i want this stuff out of my browser ASAP, plus i'm tempted to format but i do not want to spend a whole week getting everything back setup cause it's a pain and i want to avoid a format. :/

Code: Select all
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:40:04 PM, on 3/9/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)

FIREFOX: 52.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinZip\WZUpdateNotifier.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\morro\Downloads\HijackThis.exe
C:\WINDOWS\SysWoW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKCU\..\Run: [OneDrive] "C:\Users\morro\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Discord] C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\morro\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\morro\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: MEGAsync.lnk = C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAHConsole.exe
O4 - Global Startup: Update Notifier.lnk = C:\Program Files\WinZip\WZUpdateNotifier.exe
O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link Explorer - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12677 bytes
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am

Re: Malware infected computer/browser cannot remove need hel

Postby patrik » Sat Mar 11, 2017 12:53 am

Hello, welcome to the Myantispyware forum.

Please do a scan with FRST. Download Farbar Recovery Scan Tool from here.
* Save it to your desktop.
* Double click on the icon on your desktop.
* Push the "Scan" button.
* The scan should take just a few minutes.
* Two reports will open (FRST.txt and Addition.txt).


Post back with both FRST logs. Post each log in separate post.
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: Malware infected computer/browser cannot remove need hel

Postby Heinrich6745 » Mon Mar 13, 2017 1:07 am

Thank you for replying, i was not sure anybody would reply and i am still very much having these issues. Slowly been backing things up in clouds because i was seriously considering formatting and wiping everything. Also i have noticed i did not fully get rid of Reimage virus either so both of these different viruses keep messing me up constantly, have no idea how many times i have tried getting rid of them and i swear i have never entered safe mode this much in my life in such a short time to solve problems.

Here is the first file "FRST"

Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Heinrich6745 (administrator) on HEINRICHS-RIG (12-03-2017 20:53:05)
Running from C:\Users\morro\Desktop
Loaded Profiles: Heinrich6745 (Available Profiles: Heinrich6745)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Hammer & Chisel, Inc.) C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mega Limited) C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Hammer & Chisel, Inc.) C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Hammer & Chisel, Inc.) C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
(erengy) C:\Users\morro\AppData\Roaming\Taiga\Taiga.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-01] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-01] (Saitek)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-03-07] (Electronic Arts)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [4013120 2017-03-10] (GOG.com)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Discord] => C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3122152 2016-08-26] (Blizzard Entertainment)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [GoogleChromeAutoLaunch_624DE7B3101AB73B048EF9D70AD55E12] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\RunOnce: [Uninstall C:\Users\morro\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\morro\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-02-28]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-02-28]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-02-28]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\morro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-14]
ShortcutTarget: MEGAsync.lnk -> C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\morro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-14]
ShortcutTarget: MEGAsync.lnk -> C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1bdccecb-e1ce-4704-a89b-38ed019b48e0}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{5c74bcab-b6b8-487b-b482-f0160b697cbc}: [DhcpNameServer] 75.75.75.75 75.75.76.76
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8gd3k09a.default
FF ProfilePath: C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default [2017-03-12]
FF user.js: detected! => C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\user.js [2016-03-24]
FF Keyword.URL: Mozilla\Firefox\Profiles\8gd3k09a.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B0DD305D5-2B3B-4970-8C45-B430A66FEFDF%7D&gp=811014
FF Extension: (Firefox All Aboard 1.6) - C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\Extensions\@all-aboard-v1-6 [2017-03-09]
FF Extension: (Danbooru Downloader) - C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\Extensions\danbooru_downloader@cuberocks.net.xpi [2016-06-10]
FF Extension: (Firefox Hotfix) - C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-03-10]
FF HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (BetterMyAnimeList) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdjkblmldgbpnhmidonolhokollgfa [2016-08-11]
CHR Extension: (Google Drive) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-28]
CHR Extension: (Session Manager) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2016-04-23]
CHR Extension: (MEGA) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09]
CHR Extension: (YouTube) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-28]
CHR Extension: (Sad Panda) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2016-08-24]
CHR Extension: (DownAlbum) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2017-03-11]
CHR Extension: (OneTab) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-21]
CHR Extension: (uBlock Origin) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-07]
CHR Extension: (Steam Inventory Helper) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-03-11]
CHR Extension: (Google Search) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28]
CHR Extension: (Tampermonkey) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-15]
CHR Extension: (High Contrast) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-11-09]
CHR Extension: (Video Downloader professional) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-20]
CHR Extension: (Steam Market Filter) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdpoeanmcbopmmdomongbohbmiolmom [2016-07-03]
CHR Extension: (Bulk Image Downloader) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2016-06-10]
CHR Extension: (PSO2 Extension) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2016-02-28]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-03-07]
CHR Extension: (Search Anime by Screenshot) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkamnldpllcbiidlfacaccdoadedncfp [2016-11-17]
CHR Extension: (Refresh for Twitter) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpiilkeoldobfomlhipnnfanmgfllmp [2016-06-06]
CHR Extension: (Steam Ninja!) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iafjcapblconlangblamhojmlpbdebhn [2016-07-03]
CHR Extension: (AutoPagerize) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2016-04-10]
CHR Extension: (New Tab Reloaded) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliilhbdldnjbdbpajaakhpjpahnopbn [2016-06-28]
CHR Extension: (The Great Suspender) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-04-23]
CHR Extension: (Image Search Options) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2016-10-24]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2016-10-25]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Enhanced Steam) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-02-01]
CHR Extension: (Facebook Auto Poke) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklhkdfpcaljlnheehfkoloofoebhknp [2016-02-28]
CHR Extension: (Speed-Uploader for Google Drive) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmiihfmefkhkdidneofcjklgjebknda [2016-03-29]
CHR Extension: (Gmail) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284736 2017-03-10] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-08-15] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-03-11] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-03-07] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10155792 2016-11-07] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.)
S3 cpuz138; C:\Users\morro\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-11-12] (CPUID) <==== ATTENTION
S3 cpuz139; C:\Users\morro\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43328 2016-09-09] (CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-05] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 MpKsl3f28874e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E25A51E-A39C-4180-AC7D-6E62F059B2DA}\MpKsl3f28874e.sys [44928 2017-03-12] (Microsoft Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2016-03-23] (SoftEther Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek                                            )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2015-10-01] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2015-10-01] (Saitek)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2016-03-23] (SoftEther Corporation)
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [40568 2015-12-04] (Tunngle.net)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-11] (Zemana Ltd.)
R3 _hid_0738_1708; C:\WINDOWS\system32\DRIVERS\_hid_0738_1708.sys [180928 2015-10-01] (Saitek)
R3 _usb_0738_1708; C:\WINDOWS\System32\drivers\_usb_0738_1708.sys [46528 2015-10-01] (Saitek)
S3 WinRing0_1_2_0; \??\C:\Users\morro\Desktop\Stuff\New folder\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 20:53 - 2017-03-12 20:53 - 00027283 _____ C:\Users\morro\Desktop\FRST.txt
2017-03-12 20:53 - 2017-03-12 20:53 - 00000000 ____D C:\FRST
2017-03-12 20:52 - 2017-03-12 20:52 - 02424832 _____ (Farbar) C:\Users\morro\Desktop\FRST64.exe
2017-03-11 21:33 - 2017-03-11 21:34 - 00001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-11 21:33 - 2017-03-11 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-03-11 21:30 - 2017-03-11 21:34 - 00000000 ____D C:\Users\morro\Desktop\hitman pro
2017-03-11 19:46 - 2017-03-11 19:46 - 04031440 _____ C:\Users\morro\Downloads\adwcleaner_6.044.exe
2017-03-11 19:44 - 2017-03-12 20:53 - 00265816 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-11 19:44 - 2017-03-12 20:53 - 00216459 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-11 19:44 - 2017-03-11 19:44 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-11 19:44 - 2017-03-11 19:44 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-11 19:44 - 2017-03-11 19:44 - 00001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-11 19:44 - 2017-03-11 19:44 - 00000000 ____D C:\Users\morro\AppData\Local\Zemana
2017-03-11 19:44 - 2017-03-11 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-11 19:44 - 2017-03-11 19:44 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-10 14:14 - 2017-03-11 23:25 - 00000000 ____D C:\Users\morro\Desktop\Stylish skins screenshos and code
2017-03-10 13:35 - 2017-03-10 15:13 - 00000000 ___RD C:\Users\morro\Documents\MEGA
2017-03-10 13:31 - 2017-03-10 13:31 - 00000461 _____ C:\Users\morro\Documents\chrome march 2017 extensions.txt
2017-03-10 11:33 - 2017-03-10 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\morro\Desktop\HijackThis.exe
2017-03-10 11:08 - 2017-03-10 11:08 - 00001401 _____ C:\Users\morro\Desktop\CCleaner64 - Shortcut.lnk
2017-03-10 10:41 - 2017-03-10 10:41 - 00001550 _____ C:\Users\morro\Desktop\mbam - Shortcut.lnk
2017-03-10 10:38 - 2017-03-10 10:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-10 03:21 - 2017-03-10 03:27 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-03-09 21:03 - 2017-03-09 21:03 - 00000000 ___HD C:\$SysReset
2017-03-09 19:35 - 2017-03-12 14:27 - 00000000 ____D C:\Users\morro\AppData\LocalLow\Mozilla
2017-03-09 19:35 - 2017-03-09 19:35 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-09 19:35 - 2017-03-09 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 19:35 - 2017-03-09 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-09 19:28 - 2017-03-09 19:29 - 00000000 ____D C:\Users\morro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-03-09 19:28 - 2017-03-09 19:28 - 00000000 ____D C:\Users\morro\AppData\Local\Package Cache
2017-03-09 17:34 - 2017-03-09 23:03 - 00000000 ____D C:\AdwCleaner
2017-03-09 17:15 - 2017-03-11 21:33 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-09 17:11 - 2017-03-09 17:11 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-03-09 17:11 - 2017-03-09 17:11 - 00007984 _____ C:\WINDOWS\system32\bootdelete.lst
2017-03-09 15:39 - 2017-03-09 17:11 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-09 14:50 - 2017-03-09 14:51 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-09 14:34 - 2017-03-09 14:34 - 00000000 ___HD C:\ProgramData\2329b7941b1410p3152
2017-03-09 14:06 - 2017-03-09 19:12 - 00000000 ____D C:\MyGames
2017-03-08 16:40 - 2017-03-08 16:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-03-07 16:52 - 2017-03-07 16:52 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-03-07 16:52 - 2017-03-07 16:52 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-03-07 02:37 - 2017-03-07 02:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-07 02:37 - 2017-03-07 02:37 - 00000000 ____D C:\ProgramData\Skype
2017-03-07 02:37 - 2017-03-07 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-07 02:29 - 2017-03-07 02:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-03-07 02:27 - 2017-03-07 02:28 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-07 02:27 - 2017-03-07 02:27 - 00000000 ____D C:\Users\morro\AppData\Local\Microsoft Help
2017-03-07 02:27 - 2017-03-07 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-07 02:26 - 2017-03-07 02:26 - 00000000 __RHD C:\MSOCache
2017-03-07 02:25 - 2017-03-07 02:25 - 00000009 _____ C:\Users\morro\Documents\megan laptop password caps A.txt
2017-03-05 17:29 - 2017-03-05 17:29 - 00000325 _____ C:\Users\morro\Documents\mal gotm march 2017.txt
2017-03-02 14:04 - 2017-03-02 14:04 - 00007231 _____ C:\Users\morro\AppData\Local\recently-used.xbel
2017-03-01 04:44 - 2017-03-01 04:44 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-24 14:50 - 2017-02-24 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path of Diablo Launcher
2017-02-22 18:14 - 2017-02-22 18:14 - 00000000 ____D C:\Users\morro\AppData\Roaming\dvdcss
2017-02-22 02:21 - 2017-02-22 02:21 - 04599728 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2017-02-17 23:02 - 2017-02-17 23:15 - 00000000 ____D C:\Users\morro\AppData\Roaming\StardewValley
2017-02-15 21:29 - 2017-02-15 21:29 - 00000000 ____D C:\Users\morro\Documents\AutoHotKey

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 20:51 - 2016-02-28 01:58 - 00000000 ____D C:\Users\morro\AppData\Roaming\Origin
2017-03-12 18:09 - 2016-02-28 04:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-12 16:34 - 2016-08-02 15:17 - 00000000 ____D C:\Users\morro
2017-03-12 16:34 - 2016-02-28 01:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-12 14:24 - 2016-08-02 15:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-12 12:21 - 2016-02-28 01:34 - 00000000 ____D C:\Users\morro\AppData\Roaming\Azureus
2017-03-12 12:15 - 2016-02-28 01:34 - 00000000 ____D C:\Users\morro\Documents\Vuze Downloads
2017-03-12 11:25 - 2016-02-28 01:50 - 00000000 ____D C:\Users\morro\AppData\Roaming\Raptr
2017-03-12 04:01 - 2016-03-07 17:42 - 00000000 ____D C:\Users\morro\AppData\Roaming\vlc
2017-03-11 23:27 - 2016-03-13 20:21 - 00000000 ____D C:\Users\morro\AppData\Local\Battle.net
2017-03-11 23:26 - 2016-03-13 20:21 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-11 23:26 - 2016-02-28 01:51 - 00000000 ____D C:\ProgramData\Origin
2017-03-11 23:23 - 2016-08-02 15:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 23:23 - 2016-08-02 15:13 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-11 23:23 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-11 23:23 - 2016-04-23 14:50 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-03-11 23:22 - 2016-07-16 02:04 - 03407872 _____ C:\WINDOWS\system32\config\BBI
2017-03-11 16:15 - 2016-08-25 14:13 - 00000000 ____D C:\Users\morro\AppData\Roaming\Skype
2017-03-11 13:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-11 11:40 - 2016-06-04 22:43 - 00000000 ___RD C:\Users\morro\Desktop\Stuff
2017-03-10 23:38 - 2016-03-14 01:25 - 00000000 ___RD C:\Users\morro\Documents\MEGAsync
2017-03-10 11:24 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\WindowsApps
2017-03-10 11:15 - 2016-08-02 19:04 - 00352596 _____ C:\WINDOWS\system32\perfh011.dat
2017-03-10 11:15 - 2016-08-02 19:04 - 00105108 _____ C:\WINDOWS\system32\perfc011.dat
2017-03-10 11:15 - 2016-02-28 03:32 - 01576688 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-10 11:13 - 2016-06-01 12:24 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2017-03-10 11:08 - 2017-01-04 23:21 - 00000000 ____D C:\Program Files\CCleaner
2017-03-10 11:06 - 2016-07-16 07:43 - 00001180 _____ C:\Users\morro\Desktop\Windows Defender.lnk
2017-03-10 10:41 - 2016-02-28 04:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-09 23:49 - 2016-11-07 20:42 - 00000000 ____D C:\Users\morro\AppData\Roaming\Mediatronic
2017-03-09 23:11 - 2016-02-28 03:29 - 00000000 ____D C:\Users\morro\AppData\Local\VirtualStore
2017-03-09 23:08 - 2016-03-13 20:34 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-03-09 22:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 22:28 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-09 21:49 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\registration
2017-03-09 20:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\tracing
2017-03-09 19:28 - 2016-02-28 01:50 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-09 18:43 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-09 18:43 - 2016-06-05 19:28 - 00000000 ____D C:\Users\morro\AppData\Roaming\DAEMON Tools Lite
2017-03-09 17:38 - 2016-08-02 15:10 - 00268184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-07 13:06 - 2016-02-28 01:49 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 13:05 - 2016-07-08 20:22 - 00000000 ____D C:\Users\morro\AppData\Roaming\discord
2017-03-07 02:28 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-02 14:04 - 2016-03-01 23:04 - 00000000 ____D C:\Users\morro\AppData\Local\gtk-2.0
2017-03-02 14:04 - 2016-03-01 23:03 - 00000000 ____D C:\Users\morro\.gimp-2.8
2017-03-01 02:14 - 2016-07-13 17:47 - 00617368 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
2017-02-24 15:42 - 2016-11-07 02:46 - 00000000 ____D C:\Program Files (x86)\Diablo II
2017-02-23 04:29 - 2016-02-28 03:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 04:27 - 2016-02-28 03:50 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 04:40 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-19 01:54 - 2016-02-28 02:44 - 00000000 ____D C:\Users\morro\AppData\Local\ElevatedDiagnostics
2017-02-17 15:59 - 2017-02-01 01:26 - 00002441 _____ C:\Users\morro\Documents\japanese english teaching cover letter.txt
2017-02-10 13:40 - 2016-02-28 03:33 - 00000000 ___RD C:\Users\morro\OneDrive

==================== Files in the root of some directories =======

2016-11-07 18:34 - 2016-11-07 18:34 - 0000128 ____H () C:\Users\morro\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-04-02 11:19 - 2016-04-02 11:19 - 0000036 _____ () C:\Users\morro\AppData\Local\housecall.guid.cache
2017-03-02 14:04 - 2017-03-02 14:04 - 0007231 _____ () C:\Users\morro\AppData\Local\recently-used.xbel
2017-01-20 00:13 - 2017-01-20 00:13 - 0007605 _____ () C:\Users\morro\AppData\Local\Resmon.ResmonCfg
2016-08-02 15:13 - 2016-08-02 15:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-07 18:34 - 2016-11-07 18:34 - 0000128 ____H () C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-08-12 00:14 - 2016-08-12 00:14 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2016-10-28 00:37 - 2000-04-06 06:00 - 0263168 ____N () C:\Users\morro\AppData\Local\Temp\binkw32.dll
2017-03-09 14:31 - 2017-03-09 14:32 - 1850712 _____ () C:\Users\morro\AppData\Local\Temp\cpa.exe
2016-10-28 00:37 - 2001-05-09 20:19 - 0352256 ____N (Blizzard Entertainment) C:\Users\morro\AppData\Local\Temp\d2l_Install.exe
2016-08-24 12:49 - 2016-08-24 12:50 - 0041472 _____ () C:\Users\morro\AppData\Local\Temp\ddxx_MesHoooooook.dll
2017-03-09 14:32 - 2017-03-09 14:32 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\morro\AppData\Local\Temp\fox.exe
2016-11-05 13:50 - 2016-11-05 13:50 - 0294912 _____ () C:\Users\morro\AppData\Local\Temp\hac.dll
2016-08-20 14:54 - 2016-06-09 09:42 - 0037376 _____ (Microsoft) C:\Users\morro\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2016-08-20 14:54 - 2015-10-14 14:50 - 0020480 _____ (Microsoft) C:\Users\morro\AppData\Local\Temp\HiRezLauncherControls.dll
2017-03-09 16:17 - 2017-03-09 15:41 - 11581544 _____ (SurfRight B.V.) C:\Users\morro\AppData\Local\Temp\HitmanPro.exe
2017-02-14 12:26 - 2017-03-12 12:21 - 0035680 _____ () C:\Users\morro\AppData\Local\Temp\i4jdel0.exe
2016-08-03 14:01 - 2017-02-24 20:46 - 0035680 _____ () C:\Users\morro\AppData\Local\Temp\i4jdel1.exe
2016-09-29 13:22 - 2016-09-29 13:22 - 0035680 _____ () C:\Users\morro\AppData\Local\Temp\i4jdel2.exe
2016-10-22 12:24 - 2016-10-22 12:24 - 0737856 _____ (Oracle Corporation) C:\Users\morro\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-21 14:15 - 2017-01-21 14:15 - 0739904 _____ (Oracle Corporation) C:\Users\morro\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-03-09 14:32 - 2017-03-09 14:32 - 0016384 _____ (DoxX) C:\Users\morro\AppData\Local\Temp\kube.exe
2016-10-29 18:57 - 1999-12-20 09:04 - 0056832 _____ () C:\Users\morro\AppData\Local\Temp\mpegc.dll
2016-10-29 18:57 - 1999-12-20 09:04 - 0056832 _____ () C:\Users\morro\AppData\Local\Temp\mpegm.dll
2016-11-03 23:03 - 2016-11-03 23:03 - 2842320 _____ () C:\Users\morro\AppData\Local\Temp\npp.7.1.Installer.exe
2017-01-06 23:52 - 2017-01-06 23:52 - 2858376 _____ () C:\Users\morro\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-03-09 14:32 - 2017-03-09 14:33 - 4558753 _____ () C:\Users\morro\AppData\Local\Temp\start.exe
2017-03-09 14:33 - 2017-03-09 14:33 - 1199825 _____ () C:\Users\morro\AppData\Local\Temp\unins000.exe
2016-10-22 16:10 - 2016-10-21 20:41 - 0527285 _____ () C:\Users\morro\AppData\Local\Temp\Uninstall.exe
2017-03-09 14:33 - 2017-03-09 14:33 - 1248563 _____ (VideoBox                                                    ) C:\Users\morro\AppData\Local\Temp\vbsetup.exe
2017-03-07 02:36 - 2017-03-07 02:36 - 14456872 _____ (Microsoft Corporation) C:\Users\morro\AppData\Local\Temp\vc_redist.x86.exe
2016-10-08 22:47 - 2016-10-08 22:47 - 30533688 _____ () C:\Users\morro\AppData\Local\Temp\vlc-2.2.4-win32.exe
2017-03-09 14:32 - 2017-03-09 14:33 - 0011273 _____ () C:\Users\morro\AppData\Local\Temp\wowrr.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-03 15:31

==================== End of FRST.txt ============================
Last edited by Heinrich6745 on Mon Mar 13, 2017 1:09 am, edited 1 time in total.
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am

Re: Malware infected computer/browser cannot remove need hel

Postby Heinrich6745 » Mon Mar 13, 2017 1:07 am

Here is "Addition"

Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Heinrich6745 (12-03-2017 20:54:05)
Running from C:\Users\morro\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-02 19:37:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2592823536-3088522126-1080417239-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2592823536-3088522126-1080417239-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2592823536-3088522126-1080417239-503 - Limited - Disabled)
Guest (S-1-5-21-2592823536-3088522126-1080417239-501 - Limited - Disabled)
Heinrich6745 (S-1-5-21-2592823536-3088522126-1080417239-1001 - Administrator - Enabled) => C:\Users\morro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Skybox Labs)
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version:  - Ensemble Studios)
Age of Mythology: Extended Edition (HKLM\...\Steam App 266840) (Version:  - SkyBox Labs)
AutoHotkey 1.1.24.00 (HKLM\...\AutoHotkey) (Version: 1.1.24.00 - Lexikos)
Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version:  - Beamdog)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Beamdog)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Betrayer (HKLM\...\Steam App 243120) (Version:  - Blackpowder Games)
Bionic Dues (HKLM\...\Steam App 238910) (Version:  - Arcen Games, LLC)
bit Dungeon II (HKLM\...\Steam App 331440) (Version:  - KintoGames)
BloodRayne: Betrayal (HKLM\...\Steam App 281220) (Version:  - Abstraction Games)
Bulk Image Downloader v4.96.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version:  - Antibody Software)
Capsized (HKLM\...\Steam App 95300) (Version:  - Alientrap)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)
Club Life (HKLM\...\Steam App 404180) (Version:  - Dharker Studio)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID HWMonitor Pro 1.25 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Crusaders of the Lost Idols (HKLM\...\Steam App 402840) (Version:  - Codename Entertainment Inc.)
D2SE V2.2.0 (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Delicious! Pretty Girls Mahjong Solitaire (HKLM\...\Steam App 540610) (Version:  - Zoo Corporation)
Destiny Warriors (HKLM\...\Steam App 399790) (Version:  - ninjalex)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diehard Dungeon (HKLM\...\Steam App 277870) (Version:  - Tricktale)
Digimon Masters Online (HKLM\...\Steam App 537180) (Version:  - Move Games Co., Ltd.)
Discord (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DOOM II: Hell on Earth (HKLM\...\Steam App 2300) (Version:  - id Software)
Duke Nukem 3D: Megaton Edition (HKLM\...\Steam App 225140) (Version:  - 3D Realms)
Dungeon Siege (HKLM-x32\...\Steam App 39190) (Version:  - Gas Powered Games)
Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version:  - Gas Powered Games)
Enemy Mind (HKLM\...\Steam App 285840) (Version:  - Schell Games)
Epic Battle Fantasy 3 (HKLM\...\Steam App 521200) (Version:  - Matt Roszak)
Everlasting Summer (HKLM\...\Steam App 331470) (Version:  - Soviet Games)
Fancy Skulls (HKLM\...\Steam App 307090) (Version:  - tequibo)
Final DOOM (HKLM\...\Steam App 2290) (Version:  - id Software)
FINAL FANTASY IV (HKLM\...\Steam App 312750) (Version:  - Square Enix)
FINAL FANTASY IX (HKLM\...\Steam App 377840) (Version:  - SQUARE ENIX)
FINAL FANTASY VI (HKLM-x32\...\Steam App 382900) (Version:  - SQUARE ENIX)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version:  - Panoramik Inc)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GoldenEye: Source (HKLM-x32\...\gesource) (Version: 5.0 - The GoldenEye: Source Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
Grabber 4.5.3 (HKLM-x32\...\{8C007AE6-3F7D-41CC-AB7C-75C08C276EC8}_is1) (Version: 4.5.3 - Bionus)
Greyfox (HKLM\...\Steam App 341310) (Version:  - Lesley Dodd)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Hatoful Boyfriend (HKLM\...\Steam App 310080) (Version:  - Mediatonic)
Hell Yeah! (HKLM\...\Steam App 205230) (Version:  - Arkedo)
Hero Siege (HKLM\...\Steam App 269210) (Version:  - Elias Viglione)
Higurashi When They Cry - Ch.1 Onikakushi (HKLM\...\Steam App 310360) (Version:  - 07th Expansion)
Higurashi When They Cry - Ch.2 Watanagashi (HKLM\...\Steam App 410890) (Version:  - 07th Expansion)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HuniePop (HKLM-x32\...\Steam App 339800) (Version:  - HuniePot)
Icewind Dale: Enhanced Edition (HKLM\...\Steam App 321800) (Version:  - Beamdog)
Insanity Clicker (HKLM\...\Steam App 393530) (Version:  - PlayFlock)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Iron Grip: Warlord (HKLM\...\Steam App 31700) (Version:  - ISOTX)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version:  - insayn)
Killer is Dead (HKLM\...\Steam App 261110) (Version:  - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
King's Quest (HKLM\...\Steam App 345390) (Version:  - The Odd Gentlemen)
Labyronia RPG (HKLM\...\Steam App 391260) (Version:  - Labyrinthine)
Labyronia RPG 2 (HKLM\...\Steam App 397500) (Version:  - Labyrinthine)
Learn Japanese To Survive - Hiragana Battle (HKLM\...\Steam App 438270) (Version:  - Sleepy Duck Educational Games)
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Legend of Mysteria (HKLM\...\Steam App 407230) (Version:  - Labyrinthine)
Loadout (HKLM\...\Steam App 208090) (Version:  - Edge of Reality)
Lucid9 (HKLM\...\Steam App 439940) (Version:  - Fallen Snow Studios)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mark of the Ninja (HKLM\...\Steam App 214560) (Version:  - Klei Entertainment)
Master Levels for DOOM II (HKLM\...\Steam App 9160) (Version:  - id Software)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Murasaki (HKLM\...\Steam App 392030) (Version:  - Katatema)
Murder Miners (HKLM\...\Steam App 274900) (Version:  - JForce Games)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Node.js (HKLM\...\{8434AEA1-1294-47E3-9137-848F546CD824}) (Version: 4.4.7 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
Path of Diablo Launcher (HKLM-x32\...\{DE70C6E8-1803-4AF4-8F94-B39062688E21}) (Version: 1.0.0 - Path of Diablo)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
Phantasy Star Online 2: EPISODE 4 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version:  - SEGA)
Pid  (HKLM\...\Steam App 218740) (Version:  - Might and Delight)
poi (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\poi) (Version: 7.0.2 - Magica)
POSTAL 2 (HKLM\...\Steam App 223470) (Version:  - Running With Scissors)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\{8ba65a8c-cb48-4716-bc24-47c148808015}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Relic Hunters Zero (HKLM\...\Steam App 382490) (Version:  - Rogue Snail)
Rise of Nations: Extended Edition (HKLM\...\Steam App 287450) (Version:  - SkyBox Labs)
Sacred 2 Gold (HKLM\...\Steam App 225640) (Version:  - Ascaron)
Sacred Gold (HKLM-x32\...\Steam App 12320) (Version:  - Ascaron Entertainment ltd.)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version:  - Volition)
Sakura Swim Club (HKLM\...\Steam App 402180) (Version:  - Winged Cloud)
Serious Sam HD: The First Encounter (HKLM\...\Steam App 41000) (Version:  - Croteam)
Serious Sam HD: The Second Encounter (HKLM\...\Steam App 41010) (Version:  - Croteam)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
ShipLord (HKLM\...\Steam App 422250) (Version:  - Just1337 Studio)
Sins Of The Demon RPG (HKLM\...\Steam App 461640) (Version:  - Chandler Rounsley)
Skyborn (HKLM\...\Steam App 278460) (Version:  - Dancing Dragon Games)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.45.2 (HKLM\...\{431DEFDE-6862-4CBC-AA44-112164825D73}) (Version: 7.0.45.2 - Mad Catz)
SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
StarBreak (HKLM\...\Steam App 420790) (Version:  - Crunchy Games)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Storm of Spears (HKLM\...\Steam App 463350) (Version:  - Warfare Studios)
Super 3-D Noah's Ark (HKLM\...\Steam App 371180) (Version:  - Wisdom Tree, Inc.)
Taiga (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Taiga) (Version: 1.2 - erengy)
Tales of Maj'Eyal (HKLM\...\Steam App 259680) (Version:  - DarkGod)
Tales of Symphonia (HKLM\...\Steam App 372360) (Version:  - BANDAI NAMCO Entertainment Inc.)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.70155 Beta - TeamViewer)
Terra Incognita ~ Chapter One: The Descendant (HKLM\...\Steam App 347560) (Version:  - Back To Basics Gaming)
The Albino Hunter (HKLM\...\Steam App 355520) (Version:  - Cherry Co. Studios)
The Legend of Heroes: Trails in the Sky (HKLM-x32\...\Steam App 251150) (Version:  - Nihon Falcom)
The Lord of the Rings Online™ (HKLM\...\Steam App 212500) (Version:  - Turbine, Inc.)
The Lord of the Rings Online™ v03.08.00.8029 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8029 - Turbine, Inc.)
The Ultimate DOOM (HKLM\...\Steam App 2280) (Version:  - id Software)
Time Clickers (HKLM\...\Steam App 385770) (Version:  - Proton Studio Inc)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version:  - Iron Lore Entertainment)
Torchlight (HKLM\...\Steam App 41500) (Version:  - Runic Games)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
TS Compatibility Fix (HKLM\...\{3f4535f8-e996-4cf1-bb6d-66eb87969155}.sdb) (Version:  - )
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Uplay (HKLM-x32\...\Uplay) (Version: 17.0 - Ubisoft)
Urban Trial Freestyle (HKLM\...\Steam App 243450) (Version:  - Tate Multimedia)
VidCoder 1.5.34 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.34 - RandomEngy)
Viscera Cleanup Detail: Shadow Warrior (HKLM\...\Steam App 255520) (Version:  - RuneStorm)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Woodle Tree Adventures (HKLM\...\Steam App 299460) (Version:  - Fabio Ferrara)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Zeno Clash (HKLM\...\Steam App 22200) (Version:  - ACE Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20C2CBC3-D37A-4622-9D27-FBF37D24169D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {20E4D54D-DF86-4D2D-A8E4-91805CC27725} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)
Task: {333A7DC9-50E5-4820-9AF2-DC9BB434F96C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {4DD13E5D-B9F4-4D69-97B5-8EB407E880E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {5EDE92AA-40F9-460D-A413-DD1886DF979D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)
Task: {67E30E93-9088-4A3A-B7E4-1A96BCC5F678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {77BB012E-9661-4FC4-944A-0E34C161AB46} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-23] (Microsoft Corporation)
Task: {80A3B9FC-F735-4EB4-88DC-53CF61BE1175} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {B74BC4A6-C76D-470C-BAC2-0ACEB9B30155} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {CB21F3F9-5BD3-4DDE-B47D-910512A1D711} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 10:14 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-27 15:50 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-14 10:14 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2014-05-01 10:13 - 2016-11-13 18:22 - 00592384 _____ () C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll
2017-03-11 19:44 - 2017-03-11 19:44 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-11-27 13:55 - 2016-11-27 13:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-13 17:31 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 17:06 - 2016-12-21 03:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 17:06 - 2016-12-21 03:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-04 23:22 - 2015-06-24 21:23 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2017-02-13 16:56 - 2017-03-07 13:05 - 00022024 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-01-10 17:06 - 2016-12-21 02:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 17:06 - 2016-12-21 02:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 17:06 - 2016-12-21 02:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 17:06 - 2016-12-21 02:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 17:06 - 2016-12-21 02:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 17:06 - 2016-12-21 02:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-05-01 10:15 - 2016-11-13 18:22 - 00564736 _____ () C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll
2016-02-28 01:04 - 2017-02-02 21:42 - 00668960 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-28 01:04 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-28 01:04 - 2017-03-09 18:37 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-28 01:04 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-28 01:04 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-28 01:04 - 2017-03-09 18:37 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 02:18 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-02-13 16:56 - 2017-03-07 13:05 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2017-02-13 16:56 - 2017-03-07 13:05 - 00012288 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2016-02-28 01:57 - 2016-06-10 18:50 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-01-11 16:59 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\morro\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 18:17 - 2017-01-11 18:17 - 01082880 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 18:17 - 2017-01-11 18:17 - 03750400 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 18:17 - 2017-01-11 18:17 - 00914432 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 18:17 - 2017-01-11 18:17 - 01127424 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-07-20 22:44 - 2016-07-20 22:44 - 00482304 _____ () C:\Users\morro\AppData\Local\MEGAsync\libsodium.dll
2016-06-01 12:24 - 2016-09-19 13:06 - 53018112 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00507968 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 01076800 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 01854528 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00393280 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 01589312 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00307776 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00330816 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00104000 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00520768 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00272448 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00680000 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00425536 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00157760 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
2016-06-01 12:24 - 2017-03-10 11:13 - 00152128 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 16:29 - 2015-10-21 16:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2016-09-28 17:53 - 2016-09-28 17:53 - 02620112 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\ltc_host_ex.DLL
2015-06-26 19:09 - 2015-06-26 19:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 13:08 - 2016-04-19 13:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2016-06-01 12:24 - 2016-09-19 13:06 - 01738752 _____ () C:\Program Files (x86)\GalaxyClient\libglesv2.dll
2016-06-01 12:24 - 2016-09-19 13:06 - 00078848 _____ () C:\Program Files (x86)\GalaxyClient\libegl.dll
2017-02-06 18:02 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\morro\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-02-06 18:02 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\morro\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2017-01-11 16:59 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\morro\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 16:59 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\morro\AppData\Local\Discord\app-0.0.297\libegl.dll
2016-12-13 03:25 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-02-28 01:04 - 2017-03-09 18:37 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-01-11 18:25 - 2017-01-11 18:25 - 00148992 _____ () \\?\C:\Users\morro\AppData\Local\Discord\app-0.0.297\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-01-11 18:17 - 2017-01-11 18:17 - 02658304 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 18:17 - 2017-01-11 18:17 - 02130432 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-02-28 01:04 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\morro\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\morro\AppData\Roaming:iSpring Solutions [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-03-11 20:41 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morro\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f57e09d8-23e7-4275-a4c2-ca1e866a636d}.png
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{14DF7838-CC14-438F-BF63-2C9EBB6276CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Insanity Clicker\Insanity Clicker.exe
FirewallRules: [{8E0B8445-6384-41A8-AF44-5352F9C2252E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Insanity Clicker\Insanity Clicker.exe
FirewallRules: [{CD65FD4C-873C-4DD9-B51A-096E366CB9D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{DB77598F-EA70-4A5C-84A0-C35FD15C359E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{76431161-28FB-491A-94E5-CE0007BFE5A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Rayne Betrayal\bin\bloodrayne.exe
FirewallRules: [{6ED9C24F-B250-4F7A-9C16-547B6C26F291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Rayne Betrayal\bin\bloodrayne.exe
FirewallRules: [{F971540A-7271-4BDE-9BF9-B9E9FDC8F057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Storm of Spears\Storm of Spears.exe
FirewallRules: [{0ADA899A-C355-4CC1-BE17-EA6DB1B8FAE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Storm of Spears\Storm of Spears.exe
FirewallRules: [{9824F799-43D1-45E5-B9C1-53B248FE9217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{7637FD14-80C5-4AAC-A461-7C1972380C03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{E8E1AC56-41AF-44B2-BEE9-F24111100870}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{0293E75E-800C-423B-8481-7E01E470DB7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{0E8B8AB0-E69A-4363-B0DF-3B9EE5E79DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{D7F84B94-6BC2-4343-A6E6-A1649AFC2D78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{BA55F88A-08EB-4644-B9D7-BBF2D92816B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{03447EE8-C23F-4DD6-8B1F-AE3A73760909}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{62F420D3-C6DA-464C-85F4-E6763487DC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{79E80E6D-A1AE-4069-BF83-C185B2F7E34A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{B210DF78-4B39-4FD5-8847-A551DB28DD83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{B6766D59-EACB-44B7-B4A7-BF70E8313988}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{1C5C4FDA-3425-4EF2-9AF8-DC60BEC5D257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{41C7B8F6-0449-47D8-8193-7535EBCFC0D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{AAAA81BC-F1FA-4DD6-BE1B-23D14084A362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{1557C2E3-5F03-45ED-A175-346B94F99F0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{DBE678BB-087C-4304-AD18-162BD0F14C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WoodleTreeAdventures\WoodleTreeAdventures.exe
FirewallRules: [{0F795B17-C415-49D0-9AA8-9103CD184362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WoodleTreeAdventures\WoodleTreeAdventures.exe
FirewallRules: [{19E1C6C2-DD1C-43C5-A060-F93FB000595D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{71C2BBD1-F3B0-4CDD-88F0-58C8FC73D226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{8FE96BC8-DA07-4E17-BB6A-4C17B0425C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{44023F65-9D4C-46F6-9C47-23ECECBD19B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{957E0E12-5D49-4272-B0F2-DB2463B712B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins Of The Demon\Game.exe
FirewallRules: [{114C8DA0-3129-4192-A1A0-BF9DE5C570CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins Of The Demon\Game.exe
FirewallRules: [{51297D77-528D-4094-BE7F-0DE668DE79C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{78B2685B-4AE2-4A94-8028-638EC30F9AB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{793D2518-F225-4676-BE64-15DE0A58DE96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{ECEEF3D6-53D5-4B0A-9CFA-62ABDEF99B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{15BC6766-FADE-4101-A074-7FEA0D73846B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{EEEBEE76-7C15-4212-A440-EEEC952AB284}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{1D6B0C24-99AE-4AD0-8B44-C34732AACB58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{E2D924E1-96F5-49D6-A6FE-1A1E74B8C96A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{A790030D-F6A1-40E9-8D0B-ED72D7F74521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D94BEA94-6E67-4200-B3DD-CAB0127E30CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A5ECF482-0C43-4439-B1E8-AC68C3FA14A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{668D7671-4B07-4DCA-B28C-DB8CFD873524}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{B7B0C245-2CD3-4B05-9A55-E2BAA8F99BDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{B61D0254-79E3-4899-A39E-C08E904E19D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{6107241F-E90E-4CA8-97E9-D1230307B610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{3F2E3B6B-41C0-49E3-ACC2-CCEAA3F0D045}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{B72A3B4A-A876-4CC7-8A58-BD9E732DCC1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{A72CDE33-F462-4004-AC76-37E43F136809}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{FF83AF4E-7660-4BFC-903B-7AA093AEF4A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{85651990-57FC-4A82-89B8-31E3BA54CE50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [UDP Query User{64B04BCE-92D5-4EEC-B4BE-162F09C9061E}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{C2449F5A-5996-4583-99F5-0683E423C120}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{8098407E-D993-4273-A5FA-07EA5069D5BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{DF58AAB0-4888-4527-95A3-B8AB7AA31657}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{AAE7EF8A-971B-4710-863E-6E1F63C2AE46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{09D05C13-BBAF-4D58-9A35-5F86B287B01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{A9B5030F-667B-4008-851C-DC61CD82D4E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{AC734FDA-386C-496E-8B41-609F538531BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{09C1C898-C68E-41B0-B683-09FB466BEE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{6DA2AAF4-E58A-4381-B231-29D6EC2B3983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{6871A653-EACC-479C-90D3-7F9A6456C703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarBreak\mvmmoclient.exe
FirewallRules: [{B6392718-DB00-485B-995E-B77C7CF19946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarBreak\mvmmoclient.exe
FirewallRules: [{993A7C7A-FBA5-45E9-B498-C041DC9FED36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{513A3946-5DC2-4373-BF57-19992BB1B8BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{B38139CF-E1DB-419E-ACC9-BADDC3755758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{8400371D-61B0-4FBF-960A-33557B12A2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{752B0BD6-858A-41DA-81E1-A8DF7B20D3C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{39CE3A83-EAA7-49E7-8ACA-5DCB775610F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{501A648F-9CFB-4BC5-A007-DD40E77F5759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pid\Pid.exe
FirewallRules: [{C988FE05-1D3B-4D8B-8F29-6BAA1B2DE7E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pid\Pid.exe
FirewallRules: [{04AB80C4-EDDF-41A1-B7AE-4ACFC6CD5D60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia\Game.exe
FirewallRules: [{C8020C9A-3FD0-49EB-BC0D-221A0530CC02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia\Game.exe
FirewallRules: [{8EF0B2FF-8C7A-49B4-A802-FDE1B33A66B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [{71DC3663-351F-418A-966E-4F45A6761284}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [{0F270E91-1DA0-4007-8232-2B701FD2FEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elements of Power\EQLauncher.exe
FirewallRules: [{FAA70A38-35D5-42E1-A572-B4533E4B24B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elements of Power\EQLauncher.exe
FirewallRules: [{643D2C15-6FD9-448E-A0E0-550C49687B61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Capsized\Capsized.exe
FirewallRules: [{5DCB37F6-91C6-47F7-854F-99E732F95620}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Capsized\Capsized.exe
FirewallRules: [{E8ECB637-83E1-478F-8D96-7FA21C2CED3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia RPG 2\Game.exe
FirewallRules: [{FDBAE1E1-F72A-4BA0-90FA-EAC4C013CEA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia RPG 2\Game.exe
FirewallRules: [{6103424D-1314-48F2-949F-DA62C55D06C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Mysteria\EQLauncher.exe
FirewallRules: [{FBC83C78-BB5F-45EF-A893-F63E96F6E86B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Mysteria\EQLauncher.exe
FirewallRules: [{2BB31536-6C32-4D5C-862A-8EFBAA334B0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FancySkulls\fancy_skulls.exe
FirewallRules: [{4A975D8F-4375-44DF-AA1F-5B3F47254CFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FancySkulls\fancy_skulls.exe
FirewallRules: [{D9E10FC6-BB59-46D5-9D60-C5F4A2468F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [{FB448159-C843-48E1-AE86-5125BB2D4DED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [{761C6F97-92A6-492B-A494-CC9F59732128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{3A92F6BC-F053-4181-AE6B-EDE29009E092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{17696229-C3C8-4F03-B8DA-5C1ACB1E794E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Grip Warlord\igwarlord.exe
FirewallRules: [{7856FA27-3D28-448F-A050-A2A9C6CF9173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Grip Warlord\igwarlord.exe
FirewallRules: [{16378512-67CD-48E1-A6B6-AEAE8331AB95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{C4A5A445-414D-43E1-9CD6-D4B567EEAA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{67C33EF1-497E-40D7-9EDC-EB247907DB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super 3-D Noah's Ark\noah3d.exe
FirewallRules: [{F2FB38D6-C2CA-492D-9CE2-3CC3E91959F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super 3-D Noah's Ark\noah3d.exe
FirewallRules: [{25B3990C-3B3E-4419-BBDF-3F2F644C3090}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{18DCBE58-9AAC-4B2E-A542-7FF1370FE31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{2773C07A-4C1A-494B-A528-7AB0003DA17C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{7B802AE6-F8D8-4C0F-9406-9D9574F56C4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{92EA8B8A-8612-485B-B70D-A66C95BC329C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{09D899F5-FDC5-44FE-8246-AD1EA9721E41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{E76078D2-897D-4449-8BB9-1986CDB0DEA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Albino Hunter\Game.exe
FirewallRules: [{2BD0C39C-9EA9-4110-B31A-6BC1453E5347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Albino Hunter\Game.exe
FirewallRules: [{3DCFE6DB-EA9B-44AA-8671-F97F632A8CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry\HigurashiEp01.exe
FirewallRules: [{23EFFC83-B028-4505-9318-5BB5F83CDC28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry\HigurashiEp01.exe
FirewallRules: [{B0F7EB22-8BA9-4838-9198-CBD4ECCCC97C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi 02 - Watanagashi\HigurashiEp02.exe
FirewallRules: [{02F1598E-16A3-44FC-B21A-B8E0A423530C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi 02 - Watanagashi\HigurashiEp02.exe
FirewallRules: [{6C06AD60-41D0-4956-8712-43BF312C5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{9AE80D3D-9B5B-4DEB-A79E-DF04640F5D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{E074D7CE-76D2-4508-8A2C-33426E8630E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{6872D831-DF4F-45CB-88C4-2DD6955EB174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{F4F122FB-3087-4C29-9122-CC22E9C3775B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucid9\Lucid9.exe
FirewallRules: [{15D6B332-1726-43BB-B93B-23AC06658064}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucid9\Lucid9.exe
FirewallRules: [{0A26F551-627E-423F-8157-233469B45335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{EF96A102-8F7C-4A89-93D6-C1E24B4A33E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{18FFB2BB-02CC-4DB1-A30A-D1BEDBCF1FD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{4A5B385E-7823-48EA-BCBB-B4482521BA3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{34774207-F1A8-43F2-81EB-47AB8DFFB62B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{03E4B6A6-B8CF-476F-801D-40DE630E8A09}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3C47BCD5-88FB-4395-8844-3E05C4A41949}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{621D7838-488E-412C-B9FC-1A9EC1D8A8EB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{A3AEA5A6-327D-40A8-86F9-776FB3E92715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe
FirewallRules: [{20DD9AE7-11B4-4933-A85C-387147FAAB13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe
FirewallRules: [{E9756903-C3C7-43F9-B577-29E38D46F93D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{141A28E7-42D3-41DF-8186-ED605A085DFA}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{FAB6D294-009E-4098-AEEB-CF1D51A49E7E}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{B351FD23-56AC-4C19-BDA9-915E9302561A}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{4CD49F80-DFCD-4EF0-9D3B-B85922C1E6D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{F3A628E8-E1E9-4691-916F-32EB631BEAD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{4768472E-BFB4-4AB4-AD08-BC09F1056556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{646A996D-D0C2-4791-AD0A-EAA9D6DF9D39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{6CFBA595-0856-4499-9A0C-9C24EDDBEDC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{55073CCA-2CF1-4673-8977-2584AF6BFFE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{F7CF1F34-9F47-4BC2-8784-94C0C05F6485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{7F597FD8-D3A4-4D2E-9C8D-F23E86C004A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{C1F4DC4A-119A-445D-A4D8-317C0F0C7DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 1\DungeonSiege.exe
FirewallRules: [{A8520588-77B1-466D-948F-D4F661EA3BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 1\DungeonSiege.exe
FirewallRules: [{135A7729-C0C5-4812-983B-56C0595BC554}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{AC4E2027-490A-4EB4-9020-3403E7C98D81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{60348096-C35A-418E-A419-AA3FCE27CD23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{CB348C3E-00B9-40C1-A05A-F586A4D637BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7D7AD7C7-640C-4D60-BD80-5F231DDFFBDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{ECA2C254-6FBD-4920-A809-648666CCA523}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{C852FE81-9C70-4181-B1A9-0D23360044BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{579160DA-20CD-45BD-964A-5BEE93829958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{CC9F3681-B57D-47ED-9CA0-7F97AE2E8776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{CECCF139-5ECF-4512-9A5A-D3BC9CC0DEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{6C8AD074-39E0-447C-900D-5E5572357681}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3D8C4FA2-A036-4A6F-81B7-698AC04DF413}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{A67D06A6-39A2-479C-B62E-590F0A6F9A86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{C4FD315F-429C-4F59-A49D-9C4B809F14D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{A653D5A0-EEF4-4A13-953F-141D14638ED0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe
FirewallRules: [{2E1D1271-B16F-4DB0-95B9-BE2928289854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe
FirewallRules: [{13301C52-C6F9-40AF-9CF4-C3C0528FF2F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe
FirewallRules: [{12D81426-FB4E-4F1C-8323-85A235782550}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe
FirewallRules: [{91DBD87D-EB73-49AF-B5B2-237B49756B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{F46AB497-08CA-40A1-BC43-0B7BCA2205A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{DFDC2F40-F635-4BFF-B597-08C1564A0D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{93F63066-B616-4A11-AFA5-9A011012E313}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{C8027F2C-A2E8-44DA-AB60-09E726C24AA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred Gold\Sacred.exe
FirewallRules: [{25288FAE-E2EB-4C4C-B0EA-A3B8F61AEB5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred Gold\Sacred.exe
FirewallRules: [{E06F3D75-9249-4098-8DA8-BE0DD035A044}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0D736B0-81FF-484E-9062-36E43C0CDF03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4E6A6925-57A3-4557-AF64-8F7CE2119FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShipLord\Shiplord.exe
FirewallRules: [{5FEE5D9E-2F53-45AC-BF90-B73F3A836CEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShipLord\Shiplord.exe
FirewallRules: [{B2052368-6B65-4EF4-8E87-464DB2576154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{185B40D0-62B7-468C-99CB-FE906755A903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{FCA78936-0839-4D59-BD01-2AAF2A9AB516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\mu.exe
FirewallRules: [{29A241C6-8144-46B6-8826-7ED9A4F4F8E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\mu.exe
FirewallRules: [{3BBE0F92-B627-4CEE-8FFE-1CF17C8C7F50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\config.exe
FirewallRules: [{4EC02066-988A-4DE6-B7D7-DDBC0BEDB2F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\config.exe
FirewallRules: [{A9E7251F-D8E3-49DB-BD39-CB0E660A1CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Epic Battle Fantasy 3\Epic Battle Fantasy 3.exe
FirewallRules: [{C0A2E076-0365-4170-A037-69406BDE3D01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Epic Battle Fantasy 3\Epic Battle Fantasy 3.exe
FirewallRules: [{8197FF05-3DCF-45B5-9AB6-E51CCF4A32F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Club Life\Club Life.exe
FirewallRules: [{5F3C88F7-D366-4A7E-A958-2BB17100F3E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Club Life\Club Life.exe
FirewallRules: [{4C3511DB-D876-4134-B7FF-307D29FCB6A5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{BF64B52E-6F1C-48C6-A2F5-9A1D1709CE7F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D2C1DCB1-9A77-4AC6-9B40-9AADC042CBDC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{28B65E77-386C-41E5-9480-9975D6ADC0B2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9AC5DA12-39FC-4F67-AF3B-9D0A56B1FB3F}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{79C3BC14-0E75-4743-8011-B8A6DE6BA04A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{70F072D1-50DE-4858-9CBF-A9D27F5E2FA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{7BFF33B5-FDEB-405B-81C3-2451544C63C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [TCP Query User{958E4ADA-9276-4BB5-925B-0329DD341174}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{89646624-C4AD-4BD3-852E-9D9B87A41AC4}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{5544634D-6E14-4811-875E-C06D6EAE5F6F}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{E88F498A-6981-4E2D-AB63-57547C7415FF}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{BD387038-504D-4E78-8947-8CB8EACDDAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{CF6D0807-7EC3-415E-BF24-D31C0C9E7FAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{D6950AD6-CB2F-47F3-B040-5255FF3A5820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{3828410F-13DA-435B-860B-5CD9F5D1C399}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{3531A0FB-659B-4B98-972D-0E80533126E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{541A856A-FFED-4FAA-A9EB-73771F766FD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{EE974871-5CC8-4C8B-B24D-6125D4B3ACA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{DA1916B5-06E5-4DF7-8712-B17514DE3555}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{E76596EA-E5CC-409C-83A7-E94774F745C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{36BF5E71-1DAA-4554-ABCE-8B92F6CDA987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D01EA9A8-FEBF-46ED-A88F-5109B52D981C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E8BFFF89-9936-49A7-8D7E-DFBCAF137EE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{713DDAC7-2610-4F0C-91BF-8003446E8E2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F6A951A-6B79-446F-9D4A-C0F3EF861AF9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5AA77D97-6E7A-4F17-8B2D-31F8B8877968}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Swim Club\Sakura Swim Club.exe
FirewallRules: [{413AFC08-1046-4277-97A2-38AD665A0D0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Swim Club\Sakura Swim Club.exe
FirewallRules: [{60D2B9F7-D33C-437A-94AE-5D9BAF09F3AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{8B0B5DC7-B39B-4519-AB5E-57961B00C7C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [TCP Query User{6AE633A3-7F49-4445-B941-E60CEE1B91F8}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [UDP Query User{7402F6A0-5964-45EC-97BC-E66E252B12DB}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [{B514C114-DBC7-4AB1-B171-B86364C5F357}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{29FA3915-9EA2-4692-9AED-E048B24BAA49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [TCP Query User{14F9DF95-7EBA-4653-AE39-C5F4167326A4}C:\westwood\twisted insurrection 0.6\game.exe] => (Allow) C:\westwood\twisted insurrection 0.6\game.exe
FirewallRules: [UDP Query User{5FAE93F2-23C1-47D6-A8B0-09DE977D7D63}C:\westwood\twisted insurrection 0.6\game.exe] => (Allow) C:\westwood\twisted insurrection 0.6\game.exe
FirewallRules: [TCP Query User{83FB3AAD-DA2B-4DCA-AA64-E00810FEF23E}C:\westwood\dawn of the tiberium age\game.exe] => (Allow) C:\westwood\dawn of the tiberium age\game.exe
FirewallRules: [UDP Query User{9057AFF0-4C73-481D-9FD2-4A663FCB0333}C:\westwood\dawn of the tiberium age\game.exe] => (Allow) C:\westwood\dawn of the tiberium age\game.exe
FirewallRules: [{4359033C-F8A9-42D4-9990-69030E6A0B89}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{A65EE59D-D68A-4ED4-B164-7E79396989A7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [TCP Query User{C6FA3D06-372F-4171-90ED-90D81B753368}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe
FirewallRules: [UDP Query User{C7C544AD-C56C-4141-9CA8-7F6FD7EE53DC}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe
FirewallRules: [{ABD4EAC3-D23E-43D1-8C85-35CF234620FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4FAF5B98-DED4-4677-B40C-609936E9770F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{62C9A575-FD75-41DA-9FE6-E6778D1F6CA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiehardDungeon\DiehardDungeon.exe
FirewallRules: [{94DBB4EB-569C-40AF-BBD8-EB86B6574F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiehardDungeon\DiehardDungeon.exe
FirewallRules: [{D284E705-198C-43FA-9906-015D0E1471AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit Dungeon II\bitDungeonII.exe
FirewallRules: [{70CF18A4-5488-43E5-B160-1475F04EEAEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit Dungeon II\bitDungeonII.exe
FirewallRules: [{23E8DD62-7536-4705-A840-E9B487D3EDE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Delicious! Pretty Girls Mahjong Solitaire\DeliciousPGMS.exe
FirewallRules: [{71E2A05F-3E97-4543-ADFF-A2F58D7BB3EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Delicious! Pretty Girls Mahjong Solitaire\DeliciousPGMS.exe
FirewallRules: [{B6EF8EA7-C1A2-4E1B-92B9-7ECAE2D83038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{C73F4E6A-9BAC-4697-B197-306D16C7F79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{E6F6A126-1BA3-4833-A4ED-2B31D9D7047D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{95A5A84A-D34E-4F70-920D-5DA45B656011}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{B26A389E-AAA5-417F-A748-AD97ADB19CEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{09799705-E635-4206-80E0-77B259ED7C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{3D6EF1B7-7D6C-4A02-B964-AD52E4B3A7EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{C5D20181-6B83-4BBB-ADF6-8A0E7DC43BC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{1997ABEA-C719-4F01-BC27-DD5AD300F820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{4F8732F9-4D25-499B-9BB3-5E47E60E53AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{096B0DC3-0D28-4DEE-B789-38102E98301E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe
FirewallRules: [{9B85116E-09FD-475F-BB60-E590BB342EA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe
FirewallRules: [{67E7DF6E-DD67-48B2-841B-8804F2DE3222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{9555614E-8A5D-4379-BA31-07029D3A90DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{B555D5B9-493A-494E-AD41-9E96C79AC121}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{106C2DEC-45E1-43B0-87D0-C5F81CDDA241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{C4832942-3F0B-4602-AAD1-FC4D54A311A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
FirewallRules: [{5793C9B5-33C1-4208-AA87-76124594D73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
FirewallRules: [{F67F43B7-F61B-4B26-B690-7C439A3831C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{C4D8795E-4EEC-41AC-968A-D1C8788A570F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{CC7E77CF-545B-4D41-B65D-7356EE760C65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{32697B97-3D70-4AE4-B3BA-0A7561EC0B4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{680B05B7-E220-400C-A1E7-EF9F904D809B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{F6D6EBA4-E202-4F20-BCCC-2BE9A85C6F27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{98F9AEE7-D862-4622-B7A0-4BF35B78D80B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{6DF23AFA-18A0-4694-AE1B-12E2DF578F8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{9F687E10-090B-4812-91F3-565F3E059B85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B21F110B-3EF5-4E13-B05A-3D6731568EA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{972D8AF8-847A-48F3-9BBA-22A75D8FCC87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6EFA9D49-BACA-4372-AC3B-0C3ADA49C128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{AA951E28-E9A5-45C0-8460-29C036BC0B3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{8964AACE-CECE-46AD-A2C7-8C96AACD484F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91459799-90AC-430B-837E-77FA678CC56C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{CF00B14D-D445-4AD5-AC82-922176E905CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 11:47:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/11/2017 11:24:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.14393.0, time stamp: 0x57899bb2
Faulting module name: twinapi.appcore.dll, version: 10.0.14393.206, time stamp: 0x57daca78
Exception code: 0xc000027b
Fault offset: 0x000000000006d1c4
Faulting process id: 0x103c
Faulting application start time: 0x01d29ae00ffd2204
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 227bfe80-fcce-437a-9fa0-334ddd4cdb78
Faulting package full name: Microsoft.People_10.2.431.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x

Error: (03/10/2017 10:38:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEINRICHS-RIG)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/10/2017 12:37:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/10/2017 12:29:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x0018f432
Faulting process id: 0xdcc
Faulting application start time: 0x01d29956cb0885f0
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\Qt5Widgets.dll
Report Id: 3938b9be-eb12-40f0-b1ce-ae7fd6d91e82
Faulting package full name:
Faulting package-relative application ID:

Error: (03/09/2017 11:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x0018f3ed
Faulting process id: 0xf88
Faulting application start time: 0x01d2994b124a16ff
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\Qt5Widgets.dll
Report Id: a4efda5c-1c73-41b0-9153-0654c8699456
Faulting package full name:
Faulting package-relative application ID:

Error: (03/09/2017 09:58:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070091.

Error: (03/09/2017 09:31:51 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (4316) WebCacheLocal: An attempt to open the file "C:\Users\morro\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (03/09/2017 09:31:41 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (4316) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

Error: (03/09/2017 09:31:41 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (4316) WebCacheLocal: An attempt to open the file "C:\Users\morro\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (03/12/2017 04:16:56 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEINRICHS-RIG)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2592823536-3088522126-1080417239-1001-0-ntuser.dat

Error: (03/12/2017 04:16:51 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEINRICHS-RIG)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2592823536-3088522126-1080417239-1001-0-ntuser.dat

Error: (03/11/2017 11:23:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 11:23:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 11:23:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 11:22:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 08:42:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEINRICHS-RIG)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2592823536-3088522126-1080417239-1001-0-ntuser.dat

Error: (03/11/2017 08:42:13 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEINRICHS-RIG)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2592823536-3088522126-1080417239-1001-0-ntuser.dat

Error: (03/11/2017 06:37:41 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/11/2017 04:19:41 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEINRICHS-RIG)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2592823536-3088522126-1080417239-1001-0-ntuser.dat


CodeIntegrity:
===================================
  Date: 2017-03-12 15:24:56.206
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-11 22:23:46.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.

  Date: 2017-03-11 22:23:46.026
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe that did not meet the Microsoft signing level requirements.

  Date: 2017-03-10 16:02:56.731
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-10 10:12:12.690
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.

  Date: 2017-03-10 10:12:12.556
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe that did not meet the Microsoft signing level requirements.

  Date: 2017-03-09 23:44:58.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 23:29:00.118
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.

  Date: 2017-03-09 23:28:59.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe that did not meet the Microsoft signing level requirements.

  Date: 2017-03-09 22:05:02.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 16300.94 MB
Available physical RAM: 9592.33 MB
Total Virtual: 17324.94 MB
Available Virtual: 8945.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.82 GB) (Free:246.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 564126B4)

Partition: GPT.

==================== End of Addition.txt ============================
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am

Re: Malware infected computer/browser cannot remove need hel

Postby patrik » Thu Mar 16, 2017 1:47 am

1. Open "Control Panel", then "Uninstall a program". Scroll through the all list, and uninstall any unknown programs.
2. Run Firefox, open menu, click Add-ons. Remove all unused, unknown and suspicious add-ons.
3. Run Chrome, open menu, click More tools, click Extensions. Remove all unused, unknown and suspicious extensions.
4. Run Notepad, copy/paste the text in the code box below into notepad:
Code: Select all
CreateRestorePoint:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-02-28]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-02-28]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-02-28]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
FF Keyword.URL: Mozilla\Firefox\Profiles\8gd3k09a.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B0DD305D5-2B3B-4970-8C45-B430A66FEFDF%7D&gp=811014
CHR Extension: (Google Search) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 cpuz138; C:\Users\morro\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-11-12] (CPUID) <==== ATTENTION
S3 cpuz139; C:\Users\morro\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43328 2016-09-09] (CPUID) <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\morro\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\morro\AppData\Roaming:iSpring Solutions [128]
EmptyTemp:
Reboot:

Name the Notepad file as fixlist and Save it to a folder where FRST is located.
Run FRST and press the Fix button. When the tool is finished, it will produce a report for you.

Post back with the fix log + new "scan" logs (Run FRST, click Scan).
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: Malware infected computer/browser cannot remove need hel

Postby Heinrich6745 » Thu Mar 16, 2017 5:11 am

Fixlog

Code: Select all
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Heinrich6745 (16-03-2017 00:32:16) Run:1
Running from C:\Users\morro\Desktop
Loaded Profiles: Heinrich6745 (Available Profiles: Heinrich6745)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-02-28]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-02-28]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-02-28]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
FF Keyword.URL: Mozilla\Firefox\Profiles\8gd3k09a.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B0DD305D5-2B3B-4970-8C45-B430A66FEFDF%7D&gp=811014
CHR Extension: (Google Search) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 cpuz138; C:\Users\morro\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-11-12] (CPUID) <==== ATTENTION
S3 cpuz139; C:\Users\morro\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43328 2016-09-09] (CPUID) <==== ATTENTION
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\morro\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\morro\AppData\Roaming:iSpring Solutions [128]
EmptyTemp:
Reboot:
*****************

Restore point was successfully created.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk => moved successfully
C:\Program Files\WinZip\FAHConsole.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk => moved successfully
C:\Program Files\WinZip\WZUpdateNotifier.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk => moved successfully
C:\Program Files\WinZip\WzPreloader.exe => moved successfully
Firefox "Keyword.URL" removed successfully
C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
HKLM\System\CurrentControlSet\Services\cpuz138 => key removed successfully
cpuz138 => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz139 => key removed successfully
cpuz139 => service removed successfully
C:\ProgramData => ":iSpring Solutions" ADS removed successfully.
"C:\Users\All Users" => ":iSpring Solutions" ADS not found.
"C:\ProgramData\Application Data" => ":iSpring Solutions" ADS not found.
C:\Users\morro\Application Data => ":iSpring Solutions" ADS removed successfully.
"C:\Users\morro\AppData\Roaming" => ":iSpring Solutions" ADS not found.

=========== EmptyTemp: ==========

BITS transfer queue => 817521 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 218979865 B
Java, Flash, Steam htmlcache => 224654241 B
Windows/system/drivers => 164675249 B
Edge => 5318 B
Chrome => 863106807 B
Firefox => 138306444 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
morro => 2220991050 B

RecycleBin => 193832 B
EmptyTemp: => 3.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:35:49 ====
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am

Re: Malware infected computer/browser cannot remove need hel

Postby Heinrich6745 » Thu Mar 16, 2017 5:11 am

FRST

Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Heinrich6745 (administrator) on HEINRICHS-RIG (16-03-2017 01:03:39)
Running from C:\Users\morro\Desktop
Loaded Profiles: Heinrich6745 (Available Profiles: Heinrich6745)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Hammer & Chisel, Inc.) C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mega Limited) C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(Hammer & Chisel, Inc.) C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Hammer & Chisel, Inc.) C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(erengy) C:\Users\morro\AppData\Roaming\Taiga\Taiga.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.237.1247.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-01] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-01] (Saitek)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044816 2017-03-10] (Electronic Arts)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [4026432 2017-03-16] (GOG.com)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Discord] => C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3122152 2016-08-26] (Blizzard Entertainment)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Run: [GoogleChromeAutoLaunch_624DE7B3101AB73B048EF9D70AD55E12] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\RunOnce: [Uninstall C:\Users\morro\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\morro\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
Startup: C:\Users\morro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-14]
ShortcutTarget: MEGAsync.lnk -> C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\morro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-14]
ShortcutTarget: MEGAsync.lnk -> C:\Users\morro\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1bdccecb-e1ce-4704-a89b-38ed019b48e0}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{5c74bcab-b6b8-487b-b482-f0160b697cbc}: [DhcpNameServer] 75.75.75.75 75.75.76.76
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8gd3k09a.default
FF ProfilePath: C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default [2017-03-16]
FF user.js: detected! => C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\user.js [2016-03-24]
FF Extension: (Firefox All Aboard 1.6) - C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\Extensions\@all-aboard-v1-6 [2017-03-09]
FF Extension: (Danbooru Downloader) - C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\Extensions\danbooru_downloader@cuberocks.net.xpi [2016-06-10]
FF Extension: (Firefox Hotfix) - C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-03-10]
FF Extension: (uBlock Origin) - C:\Users\morro\AppData\Roaming\Mozilla\Firefox\Profiles\8gd3k09a.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-16]
FF HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default [2017-03-16]
CHR Extension: (BetterMyAnimeList) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdjkblmldgbpnhmidonolhokollgfa [2016-08-11]
CHR Extension: (Google Drive) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-28]
CHR Extension: (Session Manager) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2016-04-23]
CHR Extension: (MEGA) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-09]
CHR Extension: (YouTube) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-28]
CHR Extension: (Sad Panda) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2016-08-24]
CHR Extension: (DownAlbum) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2017-03-11]
CHR Extension: (OneTab) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-21]
CHR Extension: (uBlock Origin) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-16]
CHR Extension: (Steam Inventory Helper) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-03-11]
CHR Extension: (Tampermonkey) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-15]
CHR Extension: (High Contrast) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-11-09]
CHR Extension: (Video Downloader professional) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-20]
CHR Extension: (Steam Market Filter) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdpoeanmcbopmmdomongbohbmiolmom [2016-07-03]
CHR Extension: (Bulk Image Downloader) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2016-06-10]
CHR Extension: (PSO2 Extension) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2016-02-28]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-03-16]
CHR Extension: (Search Anime by Screenshot) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkamnldpllcbiidlfacaccdoadedncfp [2016-11-17]
CHR Extension: (Refresh for Twitter) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpiilkeoldobfomlhipnnfanmgfllmp [2016-06-06]
CHR Extension: (Steam Ninja!) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iafjcapblconlangblamhojmlpbdebhn [2016-07-03]
CHR Extension: (AutoPagerize) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2016-04-10]
CHR Extension: (New Tab Reloaded) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliilhbdldnjbdbpajaakhpjpahnopbn [2016-06-28]
CHR Extension: (The Great Suspender) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-04-23]
CHR Extension: (Image Search Options) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2016-10-24]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2016-10-25]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Enhanced Steam) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-02-01]
CHR Extension: (Facebook Auto Poke) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oklhkdfpcaljlnheehfkoloofoebhknp [2016-02-28]
CHR Extension: (Speed-Uploader for Google Drive) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmiihfmefkhkdidneofcjklgjebknda [2016-03-29]
CHR Extension: (Gmail) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\morro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284736 2017-03-16] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-08-15] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-03-11] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-10] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-10] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10155792 2016-11-07] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-05] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2016-03-23] (SoftEther Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek                                            )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2015-10-01] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2015-10-01] (Saitek)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2016-03-23] (SoftEther Corporation)
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [40568 2015-12-04] (Tunngle.net)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-11] (Zemana Ltd.)
R3 _hid_0738_1708; C:\WINDOWS\system32\DRIVERS\_hid_0738_1708.sys [180928 2015-10-01] (Saitek)
R3 _usb_0738_1708; C:\WINDOWS\System32\drivers\_usb_0738_1708.sys [46528 2015-10-01] (Saitek)
S3 WinRing0_1_2_0; \??\C:\Users\morro\Desktop\Stuff\New folder\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-16 01:03 - 2017-03-16 01:04 - 00026399 _____ C:\Users\morro\Desktop\FRST.txt
2017-03-16 00:32 - 2017-03-16 00:35 - 00004147 _____ C:\Users\morro\Desktop\Fixlog.txt
2017-03-16 00:31 - 2017-03-16 00:31 - 00000000 ____D C:\Users\morro\Desktop\FRST-OlderVersion
2017-03-15 11:41 - 2017-03-15 11:41 - 00003166 _____ C:\Users\morro\Downloads\A0AA2490D199C726817DCE522F3724DA46F1C6DE.torrent
2017-03-15 02:51 - 2017-03-04 03:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-03-15 02:51 - 2017-03-04 03:57 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-03-15 02:51 - 2017-03-04 03:44 - 01470816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-03-15 02:51 - 2017-03-04 03:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-03-15 02:51 - 2017-03-04 03:24 - 00090976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-03-15 02:51 - 2017-03-04 03:19 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-03-15 02:51 - 2017-03-04 03:09 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-15 02:51 - 2017-03-04 03:09 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-15 02:51 - 2017-03-04 03:09 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-03-15 02:51 - 2017-03-04 03:09 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-15 02:51 - 2017-03-04 03:08 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-03-15 02:51 - 2017-03-04 03:07 - 00557400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-03-15 02:51 - 2017-03-04 03:04 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-03-15 02:51 - 2017-03-04 03:04 - 01362512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-03-15 02:51 - 2017-03-04 03:02 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2017-03-15 02:51 - 2017-03-04 02:56 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-03-15 02:51 - 2017-03-04 02:56 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-15 02:51 - 2017-03-04 02:54 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-15 02:51 - 2017-03-04 02:54 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-15 02:51 - 2017-03-04 02:53 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-03-15 02:51 - 2017-03-04 02:53 - 02256080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-15 02:51 - 2017-03-04 02:53 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-03-15 02:51 - 2017-03-04 02:53 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-03-15 02:51 - 2017-03-04 02:53 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-03-15 02:51 - 2017-03-04 02:53 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-03-15 02:51 - 2017-03-04 02:53 - 00493912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-15 02:51 - 2017-03-04 02:53 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-03-15 02:51 - 2017-03-04 02:53 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-03-15 02:51 - 2017-03-04 02:52 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-03-15 02:51 - 2017-03-04 02:52 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-03-15 02:51 - 2017-03-04 02:51 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-03-15 02:51 - 2017-03-04 02:51 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-03-15 02:51 - 2017-03-04 02:50 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 06667528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 04023000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 01853224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 01202384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00981376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-03-15 02:51 - 2017-03-04 02:47 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-03-15 02:51 - 2017-03-04 02:46 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-15 02:51 - 2017-03-04 02:46 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-03-15 02:51 - 2017-03-04 02:45 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-03-15 02:51 - 2017-03-04 02:45 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2017-03-15 02:51 - 2017-03-04 02:42 - 01415240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-03-15 02:51 - 2017-03-04 02:42 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-15 02:51 - 2017-03-04 02:42 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-03-15 02:51 - 2017-03-04 02:42 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-03-15 02:51 - 2017-03-04 02:40 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-03-15 02:51 - 2017-03-04 02:36 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-15 02:51 - 2017-03-04 02:34 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-15 02:51 - 2017-03-04 02:30 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-15 02:51 - 2017-03-04 02:30 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-03-15 02:51 - 2017-03-04 02:30 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-03-15 02:51 - 2017-03-04 02:30 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-03-15 02:51 - 2017-03-04 02:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-03-15 02:51 - 2017-03-04 02:29 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2017-03-15 02:51 - 2017-03-04 02:29 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfp.dll
2017-03-15 02:51 - 2017-03-04 02:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInputUap.dll
2017-03-15 02:51 - 2017-03-04 02:29 - 00019968 _____ C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll
2017-03-15 02:51 - 2017-03-04 02:28 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-03-15 02:51 - 2017-03-04 02:27 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2017-03-15 02:51 - 2017-03-04 02:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-03-15 02:51 - 2017-03-04 02:27 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2017-03-15 02:51 - 2017-03-04 02:27 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddrawex.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-03-15 02:51 - 2017-03-04 02:26 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2017-03-15 02:51 - 2017-03-04 02:25 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-03-15 02:51 - 2017-03-04 02:25 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscandui.dll
2017-03-15 02:51 - 2017-03-04 02:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2017-03-15 02:51 - 2017-03-04 02:25 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2017-03-15 02:51 - 2017-03-04 02:25 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-03-15 02:51 - 2017-03-04 02:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2017-03-15 02:51 - 2017-03-04 02:25 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-03-15 02:51 - 2017-03-04 02:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfui.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-15 02:51 - 2017-03-04 02:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2017-03-15 02:51 - 2017-03-04 02:23 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-03-15 02:51 - 2017-03-04 02:23 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-03-15 02:51 - 2017-03-04 02:23 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2017-03-15 02:51 - 2017-03-04 02:22 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-03-15 02:51 - 2017-03-04 02:22 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\main.cpl
2017-03-15 02:51 - 2017-03-04 02:21 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi32.dll
2017-03-15 02:51 - 2017-03-04 02:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-03-15 02:51 - 2017-03-04 02:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-03-15 02:51 - 2017-03-04 02:19 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2017-03-15 02:51 - 2017-03-04 02:19 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-03-15 02:51 - 2017-03-04 02:18 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-03-15 02:51 - 2017-03-04 02:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-03-15 02:51 - 2017-03-04 02:17 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-03-15 02:51 - 2017-03-04 02:17 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2017-03-15 02:51 - 2017-03-04 02:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-03-15 02:51 - 2017-03-04 02:16 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-03-15 02:51 - 2017-03-04 02:15 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-03-15 02:51 - 2017-03-04 02:15 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-15 02:51 - 2017-03-04 02:15 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-03-15 02:51 - 2017-03-04 02:15 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-03-15 02:51 - 2017-03-04 02:14 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-03-15 02:51 - 2017-03-04 02:14 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-03-15 02:51 - 2017-03-04 02:13 - 04613120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-15 02:51 - 2017-03-04 02:13 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-03-15 02:51 - 2017-03-04 02:12 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-03-15 02:51 - 2017-03-04 02:12 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-03-15 02:51 - 2017-03-04 02:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-15 02:51 - 2017-03-04 02:12 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2017-03-15 02:51 - 2017-03-04 02:12 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-03-15 02:51 - 2017-03-04 02:12 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-03-15 02:51 - 2017-03-04 02:11 - 01357312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2017-03-15 02:51 - 2017-03-04 02:11 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-03-15 02:51 - 2017-03-04 02:11 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2017-03-15 02:51 - 2017-03-04 02:11 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-03-15 02:51 - 2017-03-04 02:11 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-03-15 02:51 - 2017-03-04 02:10 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-03-15 02:51 - 2017-03-04 02:10 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-03-15 02:51 - 2017-03-04 02:10 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-03-15 02:51 - 2017-03-04 02:10 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2017-03-15 02:51 - 2017-03-04 02:10 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-15 02:51 - 2017-03-04 02:09 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-03-15 02:51 - 2017-03-04 02:09 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-03-15 02:51 - 2017-03-04 02:09 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-03-15 02:51 - 2017-03-04 02:09 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2017-03-15 02:51 - 2017-03-04 02:08 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-03-15 02:51 - 2017-03-04 02:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-03-15 02:51 - 2017-03-04 02:07 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-03-15 02:51 - 2017-03-04 02:07 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-03-15 02:51 - 2017-03-04 02:07 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-03-15 02:51 - 2017-03-04 02:07 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-03-15 02:51 - 2017-03-04 02:07 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-15 02:51 - 2017-03-04 02:06 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-03-15 02:51 - 2017-03-04 02:06 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-15 02:51 - 2017-03-04 02:06 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-03-15 02:51 - 2017-03-04 02:06 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-03-15 02:51 - 2017-03-04 02:06 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-03-15 02:51 - 2017-03-04 02:06 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-03-15 02:51 - 2017-03-04 02:06 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-03-15 02:51 - 2017-03-04 02:05 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-03-15 02:51 - 2017-03-04 02:05 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2017-03-15 02:51 - 2017-03-04 02:04 - 00753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-03-15 02:51 - 2017-03-04 02:04 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-03-15 02:51 - 2017-03-04 02:04 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-03-15 02:51 - 2017-03-04 02:03 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-15 02:51 - 2017-03-04 02:03 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-15 02:51 - 2017-03-04 02:03 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-03-15 02:51 - 2017-03-04 02:03 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2017-03-15 02:51 - 2017-03-04 02:03 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-03-15 02:51 - 2017-03-04 02:03 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-03-15 02:51 - 2017-03-04 02:02 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-03-15 02:51 - 2017-03-04 02:01 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Pimstore.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-03-15 02:51 - 2017-03-04 02:01 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-03-15 02:51 - 2017-03-04 02:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 02996736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-03-15 02:51 - 2017-03-04 02:00 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 02003968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-03-15 02:51 - 2017-03-04 02:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-03-15 02:51 - 2017-03-04 01:59 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-15 02:51 - 2017-03-04 01:59 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-15 02:51 - 2017-03-04 01:57 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-03-15 02:51 - 2017-03-04 01:57 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-03-15 02:51 - 2017-03-04 01:57 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-03-15 02:51 - 2017-03-04 01:57 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-03-15 02:51 - 2017-03-04 01:36 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-03-15 02:50 - 2017-03-04 03:27 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-15 02:50 - 2017-03-04 03:26 - 00794416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-15 02:50 - 2017-03-04 03:24 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-15 02:50 - 2017-03-04 03:24 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-15 02:50 - 2017-03-04 03:24 - 00646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-15 02:50 - 2017-03-04 03:24 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-15 02:50 - 2017-03-04 03:23 - 02512304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-03-15 02:50 - 2017-03-04 03:22 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-15 02:50 - 2017-03-04 03:22 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-15 02:50 - 2017-03-04 03:19 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-15 02:50 - 2017-03-04 03:18 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-03-15 02:50 - 2017-03-04 03:18 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-15 02:50 - 2017-03-04 03:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-15 02:50 - 2017-03-04 03:17 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-03-15 02:50 - 2017-03-04 03:15 - 01000280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-03-15 02:50 - 2017-03-04 03:15 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-15 02:50 - 2017-03-04 03:11 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-15 02:50 - 2017-03-04 03:10 - 02828384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-15 02:50 - 2017-03-04 03:10 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-15 02:50 - 2017-03-04 03:10 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-15 02:50 - 2017-03-04 03:09 - 07220696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-15 02:50 - 2017-03-04 03:09 - 00635864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-03-15 02:50 - 2017-03-04 03:09 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-15 02:50 - 2017-03-04 03:09 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-15 02:50 - 2017-03-04 03:08 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-15 02:50 - 2017-03-04 03:08 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-15 02:50 - 2017-03-04 03:07 - 00432992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-15 02:50 - 2017-03-04 03:06 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-03-15 02:50 - 2017-03-04 03:04 - 08169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-03-15 02:50 - 2017-03-04 03:04 - 01063472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01989072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01723560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-03-15 02:50 - 2017-03-04 03:03 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01301112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-03-15 02:50 - 2017-03-04 03:03 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-03-15 02:50 - 2017-03-04 03:03 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-03-15 02:50 - 2017-03-04 03:01 - 00137936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-03-15 02:50 - 2017-03-04 02:57 - 02536288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-03-15 02:50 - 2017-03-04 02:57 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-03-15 02:50 - 2017-03-04 02:39 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-03-15 02:50 - 2017-03-04 02:37 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-15 02:50 - 2017-03-04 02:36 - 22565376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-03-15 02:50 - 2017-03-04 02:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2017-03-15 02:50 - 2017-03-04 02:36 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-03-15 02:50 - 2017-03-04 02:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2017-03-15 02:50 - 2017-03-04 02:36 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-03-15 02:50 - 2017-03-04 02:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-03-15 02:50 - 2017-03-04 02:35 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-03-15 02:50 - 2017-03-04 02:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2017-03-15 02:50 - 2017-03-04 02:35 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-03-15 02:50 - 2017-03-04 02:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-03-15 02:50 - 2017-03-04 02:34 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-03-15 02:50 - 2017-03-04 02:34 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-03-15 02:50 - 2017-03-04 02:34 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-03-15 02:50 - 2017-03-04 02:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dggpext.dll
2017-03-15 02:50 - 2017-03-04 02:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-03-15 02:50 - 2017-03-04 02:33 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-03-15 02:50 - 2017-03-04 02:33 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-03-15 02:50 - 2017-03-04 02:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll
2017-03-15 02:50 - 2017-03-04 02:33 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2017-03-15 02:50 - 2017-03-04 02:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2017-03-15 02:50 - 2017-03-04 02:32 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-03-15 02:50 - 2017-03-04 02:32 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-03-15 02:50 - 2017-03-04 02:32 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2017-03-15 02:50 - 2017-03-04 02:32 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-15 02:50 - 2017-03-04 02:31 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-03-15 02:50 - 2017-03-04 02:31 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2017-03-15 02:50 - 2017-03-04 02:31 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2017-03-15 02:50 - 2017-03-04 02:31 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-03-15 02:50 - 2017-03-04 02:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-15 02:50 - 2017-03-04 02:31 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-03-15 02:50 - 2017-03-04 02:31 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-03-15 02:50 - 2017-03-04 02:30 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2017-03-15 02:50 - 2017-03-04 02:30 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-03-15 02:50 - 2017-03-04 02:30 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-15 02:50 - 2017-03-04 02:30 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-03-15 02:50 - 2017-03-04 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2017-03-15 02:50 - 2017-03-04 02:29 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-03-15 02:50 - 2017-03-04 02:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-03-15 02:50 - 2017-03-04 02:28 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-03-15 02:50 - 2017-03-04 02:28 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-03-15 02:50 - 2017-03-04 02:27 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-03-15 02:50 - 2017-03-04 02:27 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-03-15 02:50 - 2017-03-04 02:27 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-15 02:50 - 2017-03-04 02:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-03-15 02:50 - 2017-03-04 02:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
2017-03-15 02:50 - 2017-03-04 02:24 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-03-15 02:50 - 2017-03-04 02:24 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-03-15 02:50 - 2017-03-04 02:24 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-03-15 02:50 - 2017-03-04 02:24 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 00820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2017-03-15 02:50 - 2017-03-04 02:23 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-03-15 02:50 - 2017-03-04 02:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-03-15 02:50 - 2017-03-04 02:23 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-03-15 02:50 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-03-15 02:50 - 2017-03-04 02:22 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-03-15 02:50 - 2017-03-04 02:21 - 06285824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-03-15 02:50 - 2017-03-04 02:21 - 01937920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2017-03-15 02:50 - 2017-03-04 02:21 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-03-15 02:50 - 2017-03-04 02:21 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-03-15 02:50 - 2017-03-04 02:21 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-03-15 02:50 - 2017-03-04 02:21 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-15 02:50 - 2017-03-04 02:20 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-03-15 02:50 - 2017-03-04 02:20 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-03-15 02:50 - 2017-03-04 02:20 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-03-15 02:50 - 2017-03-04 02:20 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 23676416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-03-15 02:50 - 2017-03-04 02:19 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-03-15 02:50 - 2017-03-04 02:19 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-15 02:50 - 2017-03-04 02:19 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2017-03-15 02:50 - 2017-03-04 02:18 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-15 02:50 - 2017-03-04 02:18 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2017-03-15 02:50 - 2017-03-04 02:18 - 01189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2017-03-15 02:50 - 2017-03-04 02:18 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-03-15 02:50 - 2017-03-04 02:18 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2017-03-15 02:50 - 2017-03-04 02:17 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-03-15 02:50 - 2017-03-04 02:17 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-03-15 02:50 - 2017-03-04 02:17 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-03-15 02:50 - 2017-03-04 02:17 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-03-15 02:50 - 2017-03-04 02:17 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-03-15 02:50 - 2017-03-04 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-03-15 02:50 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-03-15 02:50 - 2017-03-04 02:15 - 18362368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-03-15 02:50 - 2017-03-04 02:15 - 01837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-03-15 02:50 - 2017-03-04 02:15 - 01345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2017-03-15 02:50 - 2017-03-04 02:15 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-03-15 02:50 - 2017-03-04 02:14 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-03-15 02:50 - 2017-03-04 02:14 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 19411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00937472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-03-15 02:50 - 2017-03-04 02:13 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-03-15 02:50 - 2017-03-04 02:12 - 13085184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-15 02:50 - 2017-03-04 02:12 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-03-15 02:50 - 2017-03-04 02:12 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-03-15 02:50 - 2017-03-04 02:12 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-03-15 02:50 - 2017-03-04 02:12 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-03-15 02:50 - 2017-03-04 02:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-03-15 02:50 - 2017-03-04 02:12 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-03-15 02:50 - 2017-03-04 02:11 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-03-15 02:50 - 2017-03-04 02:11 - 03441664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-03-15 02:50 - 2017-03-04 02:11 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-03-15 02:50 - 2017-03-04 02:11 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-03-15 02:50 - 2017-03-04 02:11 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-15 02:50 - 2017-03-04 02:11 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-03-15 02:50 - 2017-03-04 02:11 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-03-15 02:50 - 2017-03-04 02:11 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-03-15 02:50 - 2017-03-04 02:10 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-15 02:50 - 2017-03-04 02:10 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-03-15 02:50 - 2017-03-04 02:10 - 01536000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 01399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-03-15 02:50 - 2017-03-04 02:10 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-03-15 02:50 - 2017-03-04 02:09 - 08125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-03-15 02:50 - 2017-03-04 02:09 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-15 02:50 - 2017-03-04 02:09 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-03-15 02:50 - 2017-03-04 02:09 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-03-15 02:50 - 2017-03-04 02:09 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-03-15 02:50 - 2017-03-04 02:09 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 01780224 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-03-15 02:50 - 2017-03-04 02:08 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 12178944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-03-15 02:50 - 2017-03-04 02:07 - 01512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 00935936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-03-15 02:50 - 2017-03-04 02:07 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-15 02:50 - 2017-03-04 02:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 02475008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-03-15 02:50 - 2017-03-04 02:06 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-03-15 02:50 - 2017-03-04 02:05 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-03-15 02:50 - 2017-03-04 02:05 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-03-15 02:50 - 2017-03-04 02:05 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-03-15 02:50 - 2017-03-04 02:04 - 01826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-15 02:50 - 2017-03-04 02:04 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-03-15 02:50 - 2017-03-04 02:04 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-03-15 02:50 - 2017-03-04 02:04 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-03-15 02:50 - 2017-03-04 02:04 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-03-15 02:50 - 2017-03-04 02:03 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-03-15 02:50 - 2017-03-04 02:03 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-15 02:50 - 2017-03-04 02:03 - 00119808 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-03-15 02:50 - 2017-03-04 02:02 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-03-15 02:50 - 2017-03-04 02:02 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2017-03-15 02:50 - 2017-03-04 02:01 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-03-15 02:50 - 2017-03-04 02:00 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-15 02:50 - 2017-02-21 22:17 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-03-15 02:49 - 2017-03-04 03:57 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-15 02:49 - 2017-03-04 03:35 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-15 02:49 - 2017-03-04 03:35 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-15 02:49 - 2017-03-04 03:27 - 02170720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-03-15 02:49 - 2017-03-04 03:25 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-15 02:49 - 2017-03-04 03:24 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-15 02:49 - 2017-03-04 03:24 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-15 02:49 - 2017-03-04 03:24 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-15 02:49 - 2017-03-04 03:22 - 01354312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-15 02:49 - 2017-03-04 03:22 - 01172984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-15 02:49 - 2017-03-04 03:21 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-15 02:49 - 2017-03-04 03:20 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-15 02:49 - 2017-03-04 03:20 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-15 02:49 - 2017-03-04 03:18 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-15 02:49 - 2017-03-04 03:15 - 00404320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-15 02:49 - 2017-03-04 03:13 - 00635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-15 02:49 - 2017-03-04 03:11 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-15 02:49 - 2017-03-04 03:09 - 00578392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-15 02:49 - 2017-03-04 03:09 - 00178520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-03-15 02:49 - 2017-03-04 03:08 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-15 02:49 - 2017-03-04 03:08 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-15 02:49 - 2017-03-04 03:08 - 00342456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-15 02:49 - 2017-03-04 03:07 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-03-15 02:49 - 2017-03-04 03:07 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-03-15 02:49 - 2017-03-04 03:07 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-03-15 02:49 - 2017-03-04 03:07 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-03-15 02:49 - 2017-03-04 03:07 - 00989016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-03-15 02:49 - 2017-03-04 03:07 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-03-15 02:49 - 2017-03-04 03:07 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-03-15 02:49 - 2017-03-04 03:07 - 00682808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-03-15 02:49 - 2017-03-04 03:07 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2017-03-15 02:49 - 2017-03-04 03:07 - 00110944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-03-15 02:49 - 2017-03-04 03:07 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-03-15 02:49 - 2017-03-04 03:03 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-15 02:49 - 2017-03-04 03:03 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-03-15 02:49 - 2017-03-04 03:03 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-03-15 02:49 - 2017-03-04 03:01 - 00201568 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-03-15 02:49 - 2017-03-04 03:01 - 00128648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-03-15 02:49 - 2017-03-04 02:59 - 01570208 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-03-15 02:49 - 2017-03-04 02:58 - 01416224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-15 02:49 - 2017-03-04 02:58 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-03-15 02:49 - 2017-03-04 02:58 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-03-15 02:49 - 2017-03-04 02:57 - 00372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-03-15 02:49 - 2017-03-04 02:42 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-03-15 02:49 - 2017-03-04 02:37 - 00025088 _____ C:\WINDOWS\system32\GamePanelExternalHook.dll
2017-03-15 02:49 - 2017-03-04 02:36 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-03-15 02:49 - 2017-03-04 02:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-03-15 02:49 - 2017-03-04 02:36 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-15 02:49 - 2017-03-04 02:35 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-03-15 02:49 - 2017-03-04 02:34 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-03-15 02:49 - 2017-03-04 02:34 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2017-03-15 02:49 - 2017-03-04 02:34 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-03-15 02:49 - 2017-03-04 02:33 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-03-15 02:49 - 2017-03-04 02:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-03-15 02:49 - 2017-03-04 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2017-03-15 02:49 - 2017-03-04 02:33 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2017-03-15 02:49 - 2017-03-04 02:33 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2017-03-15 02:49 - 2017-03-04 02:32 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-03-15 02:49 - 2017-03-04 02:32 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-03-15 02:49 - 2017-03-04 02:32 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-03-15 02:49 - 2017-03-04 02:32 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-03-15 02:49 - 2017-03-04 02:32 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-03-15 02:49 - 2017-03-04 02:31 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-15 02:49 - 2017-03-04 02:31 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-03-15 02:49 - 2017-03-04 02:30 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-03-15 02:49 - 2017-03-04 02:30 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-03-15 02:49 - 2017-03-04 02:30 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2017-03-15 02:49 - 2017-03-04 02:30 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-03-15 02:49 - 2017-03-04 02:30 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2017-03-15 02:49 - 2017-03-04 02:30 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-03-15 02:49 - 2017-03-04 02:29 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-15 02:49 - 2017-03-04 02:29 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-15 02:49 - 2017-03-04 02:28 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-03-15 02:49 - 2017-03-04 02:27 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-03-15 02:49 - 2017-03-04 02:27 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-03-15 02:49 - 2017-03-04 02:27 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-03-15 02:49 - 2017-03-04 02:27 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-03-15 02:49 - 2017-03-04 02:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-03-15 02:49 - 2017-03-04 02:27 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-03-15 02:49 - 2017-03-04 02:26 - 00643072 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2017-03-15 02:49 - 2017-03-04 02:26 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-03-15 02:49 - 2017-03-04 02:26 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2017-03-15 02:49 - 2017-03-04 02:26 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-03-15 02:49 - 2017-03-04 02:26 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-03-15 02:49 - 2017-03-04 02:26 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-03-15 02:49 - 2017-03-04 02:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-03-15 02:49 - 2017-03-04 02:25 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-03-15 02:49 - 2017-03-04 02:25 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-03-15 02:49 - 2017-03-04 02:25 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-03-15 02:49 - 2017-03-04 02:24 - 01092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-03-15 02:49 - 2017-03-04 02:24 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-03-15 02:49 - 2017-03-04 02:24 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-03-15 02:49 - 2017-03-04 02:24 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-03-15 02:49 - 2017-03-04 02:24 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-03-15 02:49 - 2017-03-04 02:24 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-03-15 02:49 - 2017-03-04 02:24 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-03-15 02:49 - 2017-03-04 02:23 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2017-03-15 02:49 - 2017-03-04 02:23 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-03-15 02:49 - 2017-03-04 02:23 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-03-15 02:49 - 2017-03-04 02:23 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-03-15 02:49 - 2017-03-04 02:23 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-03-15 02:49 - 2017-03-04 02:22 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-03-15 02:49 - 2017-03-04 02:22 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-03-15 02:49 - 2017-03-04 02:21 - 00776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2017-03-15 02:49 - 2017-03-04 02:21 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-15 02:49 - 2017-03-04 02:20 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-03-15 02:49 - 2017-03-04 02:20 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-03-15 02:49 - 2017-03-04 02:20 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-03-15 02:49 - 2017-03-04 02:20 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-03-15 02:49 - 2017-03-04 02:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2017-03-15 02:49 - 2017-03-04 02:19 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-03-15 02:49 - 2017-03-04 02:19 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-03-15 02:49 - 2017-03-04 02:19 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2017-03-15 02:49 - 2017-03-04 02:18 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-03-15 02:49 - 2017-03-04 02:18 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2017-03-15 02:49 - 2017-03-04 02:17 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-03-15 02:49 - 2017-03-04 02:17 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-03-15 02:49 - 2017-03-04 02:16 - 03289088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-03-15 02:49 - 2017-03-04 02:16 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-03-15 02:49 - 2017-03-04 02:16 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-03-15 02:49 - 2017-03-04 02:15 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-03-15 02:49 - 2017-03-04 02:15 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-03-15 02:49 - 2017-03-04 02:15 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-03-15 02:49 - 2017-03-04 02:14 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-03-15 02:49 - 2017-03-04 02:14 - 01562112 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-03-15 02:49 - 2017-03-04 02:14 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-03-15 02:49 - 2017-03-04 02:14 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-03-15 02:49 - 2017-03-04 02:14 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-03-15 02:49 - 2017-03-04 02:14 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-03-15 02:49 - 2017-03-04 02:13 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-03-15 02:49 - 2017-03-04 02:13 - 00961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-03-15 02:49 - 2017-03-04 02:13 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-03-15 02:49 - 2017-03-04 02:13 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-03-15 02:49 - 2017-03-04 02:13 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2017-03-15 02:49 - 2017-03-04 02:12 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-03-15 02:49 - 2017-03-04 02:12 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-03-15 02:49 - 2017-03-04 02:11 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-15 02:49 - 2017-03-04 02:11 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-03-15 02:49 - 2017-03-04 02:11 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-15 02:49 - 2017-03-04 02:11 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-03-15 02:49 - 2017-03-04 02:11 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2017-03-15 02:49 - 2017-03-04 02:11 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-03-15 02:49 - 2017-03-04 02:10 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-15 02:49 - 2017-03-04 02:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-03-15 02:49 - 2017-03-04 02:10 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-15 02:49 - 2017-03-04 02:10 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-03-15 02:49 - 2017-03-04 02:10 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-03-15 02:49 - 2017-03-04 02:09 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-03-15 02:49 - 2017-03-04 02:08 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-03-15 02:49 - 2017-03-04 02:08 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-03-15 02:49 - 2017-03-04 02:07 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-03-15 02:49 - 2017-03-04 02:07 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-03-15 02:49 - 2017-03-04 02:07 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-15 02:49 - 2017-03-04 02:07 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-03-15 02:49 - 2017-03-04 02:07 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-03-15 02:49 - 2017-03-04 02:07 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-15 02:49 - 2017-03-04 02:06 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-03-15 02:49 - 2017-03-04 02:06 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-15 02:49 - 2017-03-04 02:06 - 04060672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-03-15 02:49 - 2017-03-04 02:06 - 03614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-03-15 02:49 - 2017-03-04 02:06 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-15 02:49 - 2017-03-04 02:06 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-03-15 02:49 - 2017-03-04 02:06 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-03-15 02:49 - 2017-03-04 02:05 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-15 02:49 - 2017-03-04 02:05 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-03-15 02:49 - 2017-03-04 02:04 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-03-15 02:49 - 2017-03-04 02:03 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-03-15 02:49 - 2017-03-04 02:01 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-03-15 02:49 - 2016-07-15 22:29 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2017-03-15 02:49 - 2016-07-15 22:28 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-03-15 02:49 - 2016-07-15 22:26 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-03-15 02:49 - 2016-05-29 14:38 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSetup.exe
2017-03-14 18:00 - 2017-03-14 18:00 - 00022730 _____ C:\Users\morro\Downloads\[DeadFish] Little Witch Academia (2017) - 10 [720p][AAC].mp4.torrent
2017-03-13 23:22 - 2017-03-13 23:22 - 40213960 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 39246776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 33775616 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 15630704 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 13607808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 04316136 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 04284872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 02422512 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 01883368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 01841096 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 01838400 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00323744 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00308496 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00253024 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00233928 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00215864 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00194344 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00193320 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00192160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00170376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00170376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2017-03-13 23:22 - 2017-03-13 23:22 - 00064568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 29110288 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 19870224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 11750928 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 08740880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 05697552 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 05271568 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 04937240 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 04372496 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 03980304 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 01599504 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 01187344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 01035768 _____ C:\WINDOWS\system32\igfxSDK.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00976880 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00973304 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00713752 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00545272 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00475640 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00457208 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00448016 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00424984 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00398864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00397328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00358896 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00327184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00310264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00282128 _____ C:\WINDOWS\system32\igfxCPL.cpl
2017-03-13 23:20 - 2017-03-13 23:20 - 00274960 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00263704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00245752 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00241144 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00240632 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00234000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00201744 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00183800 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2017-03-13 23:20 - 2017-03-13 23:20 - 00182800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00120336 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00112656 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00112144 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00109584 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00108560 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00103952 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00093200 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00061456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00037912 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00037904 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00036368 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00036368 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00031248 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00031248 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2017-03-12 20:53 - 2017-03-16 01:03 - 00000000 ____D C:\FRST
2017-03-12 20:52 - 2017-03-16 00:31 - 02424832 _____ (Farbar) C:\Users\morro\Desktop\FRST64.exe
2017-03-11 21:33 - 2017-03-11 21:34 - 00001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-11 21:33 - 2017-03-11 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-03-11 21:30 - 2017-03-11 21:34 - 00000000 ____D C:\Users\morro\Desktop\hitman pro
2017-03-11 19:46 - 2017-03-11 19:46 - 04031440 _____ C:\Users\morro\Downloads\adwcleaner_6.044.exe
2017-03-11 19:44 - 2017-03-16 01:04 - 00075616 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-11 19:44 - 2017-03-16 01:04 - 00043531 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-11 19:44 - 2017-03-11 19:44 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-11 19:44 - 2017-03-11 19:44 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-11 19:44 - 2017-03-11 19:44 - 00001223 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-11 19:44 - 2017-03-11 19:44 - 00000000 ____D C:\Users\morro\AppData\Local\Zemana
2017-03-11 19:44 - 2017-03-11 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-11 19:44 - 2017-03-11 19:44 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-10 14:14 - 2017-03-11 23:25 - 00000000 ____D C:\Users\morro\Desktop\Stylish skins screenshos and code
2017-03-10 13:35 - 2017-03-13 17:31 - 00000000 ___RD C:\Users\morro\Documents\MEGA
2017-03-10 13:31 - 2017-03-10 13:31 - 00000461 _____ C:\Users\morro\Documents\chrome march 2017 extensions.txt
2017-03-10 11:33 - 2017-03-10 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\morro\Desktop\HijackThis.exe
2017-03-10 11:08 - 2017-03-10 11:08 - 00001401 _____ C:\Users\morro\Desktop\CCleaner64 - Shortcut.lnk
2017-03-10 10:41 - 2017-03-10 10:41 - 00001550 _____ C:\Users\morro\Desktop\mbam - Shortcut.lnk
2017-03-10 10:38 - 2017-03-10 10:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-10 03:21 - 2017-03-10 03:27 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-03-09 21:03 - 2017-03-09 21:03 - 00000000 ___HD C:\$SysReset
2017-03-09 19:35 - 2017-03-16 00:29 - 00000000 ____D C:\Users\morro\AppData\LocalLow\Mozilla
2017-03-09 19:35 - 2017-03-09 19:35 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-09 19:35 - 2017-03-09 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 19:35 - 2017-03-09 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-09 19:28 - 2017-03-09 19:29 - 00000000 ____D C:\Users\morro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-03-09 19:28 - 2017-03-09 19:28 - 00000000 ____D C:\Users\morro\AppData\Local\Package Cache
2017-03-09 17:34 - 2017-03-09 23:03 - 00000000 ____D C:\AdwCleaner
2017-03-09 17:15 - 2017-03-11 21:33 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-09 17:11 - 2017-03-09 17:11 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-03-09 17:11 - 2017-03-09 17:11 - 00007984 _____ C:\WINDOWS\system32\bootdelete.lst
2017-03-09 15:39 - 2017-03-09 17:11 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-09 14:50 - 2017-03-09 14:51 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-09 14:34 - 2017-03-09 14:34 - 00000000 ___HD C:\ProgramData\2329b7941b1410p3152
2017-03-09 14:06 - 2017-03-09 19:12 - 00000000 ____D C:\MyGames
2017-03-08 16:40 - 2017-03-08 16:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-03-07 16:52 - 2017-03-07 16:52 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-03-07 16:52 - 2017-03-07 16:52 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-03-07 02:37 - 2017-03-07 02:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-07 02:37 - 2017-03-07 02:37 - 00000000 ____D C:\ProgramData\Skype
2017-03-07 02:37 - 2017-03-07 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-07 02:29 - 2017-03-07 02:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2017-03-07 02:28 - 2017-03-07 02:28 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-03-07 02:27 - 2017-03-07 02:28 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-07 02:27 - 2017-03-07 02:27 - 00000000 ____D C:\Users\morro\AppData\Local\Microsoft Help
2017-03-07 02:27 - 2017-03-07 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-07 02:26 - 2017-03-07 02:26 - 00000000 __RHD C:\MSOCache
2017-03-07 02:25 - 2017-03-07 02:25 - 00000009 _____ C:\Users\morro\Documents\megan laptop password caps A.txt
2017-03-05 17:29 - 2017-03-05 17:29 - 00000325 _____ C:\Users\morro\Documents\mal gotm march 2017.txt
2017-03-02 14:04 - 2017-03-02 14:04 - 00007231 _____ C:\Users\morro\AppData\Local\recently-used.xbel
2017-02-24 14:50 - 2017-02-24 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path of Diablo Launcher
2017-02-22 18:14 - 2017-02-22 18:14 - 00000000 ____D C:\Users\morro\AppData\Roaming\dvdcss
2017-02-22 02:21 - 2017-02-22 02:21 - 04599728 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2017-02-17 23:02 - 2017-02-17 23:15 - 00000000 ____D C:\Users\morro\AppData\Roaming\StardewValley
2017-02-15 21:29 - 2017-02-15 21:29 - 00000000 ____D C:\Users\morro\Documents\AutoHotKey

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-16 01:05 - 2016-02-28 01:58 - 00000000 ____D C:\Users\morro\AppData\Roaming\Origin
2017-03-16 01:01 - 2016-02-28 01:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-16 00:56 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-16 00:56 - 2016-02-28 01:34 - 00000000 ____D C:\Users\morro\AppData\Roaming\Azureus
2017-03-16 00:55 - 2016-03-13 20:21 - 00000000 ____D C:\Users\morro\AppData\Local\Battle.net
2017-03-16 00:55 - 2016-02-28 01:51 - 00000000 ____D C:\ProgramData\Origin
2017-03-16 00:54 - 2016-06-01 12:24 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2017-03-16 00:54 - 2016-03-13 20:21 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-16 00:53 - 2016-08-02 19:04 - 00379652 _____ C:\WINDOWS\system32\perfh011.dat
2017-03-16 00:53 - 2016-08-02 19:04 - 00113480 _____ C:\WINDOWS\system32\perfc011.dat
2017-03-16 00:53 - 2016-02-28 03:32 - 01648888 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-16 00:52 - 2016-02-28 01:50 - 00000000 ____D C:\Users\morro\AppData\Roaming\Raptr
2017-03-16 00:51 - 2016-08-02 15:17 - 00000000 ____D C:\Users\morro
2017-03-16 00:51 - 2016-08-02 15:13 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-16 00:51 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-16 00:51 - 2016-02-28 04:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-16 00:51 - 2016-02-28 03:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-16 00:47 - 2016-08-02 15:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-16 00:47 - 2016-08-02 15:10 - 00268184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-16 00:47 - 2016-04-23 14:50 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-03-16 00:46 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-03-16 00:46 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-16 00:46 - 2016-07-16 02:04 - 03407872 _____ C:\WINDOWS\system32\config\BBI
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-16 00:43 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-16 00:32 - 2016-02-28 01:57 - 00000000 ____D C:\Program Files\WinZip
2017-03-16 00:28 - 2016-02-28 01:49 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-15 21:25 - 2016-03-07 17:42 - 00000000 ____D C:\Users\morro\AppData\Roaming\vlc
2017-03-15 19:15 - 2016-08-02 15:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-15 15:24 - 2016-02-28 03:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 15:21 - 2016-02-28 03:50 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-15 13:53 - 2016-02-28 01:34 - 00000000 ____D C:\Users\morro\Documents\Vuze Downloads
2017-03-15 05:14 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\WindowsApps
2017-03-14 18:09 - 2016-06-04 22:43 - 00000000 ___RD C:\Users\morro\Desktop\Stuff
2017-03-14 04:34 - 2016-08-02 15:13 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-13 23:22 - 2016-05-27 15:53 - 35131648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2017-03-13 23:22 - 2016-05-27 15:53 - 15982784 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2017-03-13 23:22 - 2016-05-27 15:53 - 12798456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2017-03-13 23:22 - 2016-05-27 15:53 - 06763136 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2017-03-13 23:22 - 2016-05-27 15:53 - 05193384 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2017-03-13 23:20 - 2016-08-02 15:13 - 00108560 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-03-13 23:20 - 2016-07-16 10:29 - 00112656 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-03-13 23:20 - 2016-05-27 15:50 - 07974904 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2017-03-13 23:20 - 2016-05-27 15:50 - 02150936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2017-03-13 23:20 - 2016-05-27 15:50 - 00765456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2017-03-13 23:20 - 2016-05-27 15:50 - 00410616 _____ C:\WINDOWS\system32\igfxTray.exe
2017-03-13 23:20 - 2016-05-27 15:50 - 00407568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2017-03-13 23:20 - 2016-05-27 15:50 - 00382456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2017-03-13 23:20 - 2016-05-27 15:50 - 00363512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2017-03-13 23:20 - 2016-05-27 15:50 - 00277496 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2017-03-13 17:30 - 2017-01-30 19:04 - 00002320 _____ C:\Users\morro\Documents\Jeffrey Stelzer Resume.txt
2017-03-11 16:15 - 2016-08-25 14:13 - 00000000 ____D C:\Users\morro\AppData\Roaming\Skype
2017-03-10 23:38 - 2016-03-14 01:25 - 00000000 ___RD C:\Users\morro\Documents\MEGAsync
2017-03-10 11:08 - 2017-01-04 23:21 - 00000000 ____D C:\Program Files\CCleaner
2017-03-10 11:06 - 2016-07-16 07:43 - 00001180 _____ C:\Users\morro\Desktop\Windows Defender.lnk
2017-03-10 10:41 - 2016-02-28 04:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-10 01:17 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 01:17 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 23:49 - 2016-11-07 20:42 - 00000000 ____D C:\Users\morro\AppData\Roaming\Mediatronic
2017-03-09 23:11 - 2016-02-28 03:29 - 00000000 ____D C:\Users\morro\AppData\Local\VirtualStore
2017-03-09 23:08 - 2016-03-13 20:34 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-03-09 22:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 22:28 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-09 21:49 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\registration
2017-03-09 20:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\tracing
2017-03-09 19:28 - 2016-02-28 01:50 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-09 18:43 - 2016-06-05 19:28 - 00000000 ____D C:\Users\morro\AppData\Roaming\DAEMON Tools Lite
2017-03-07 13:05 - 2016-07-08 20:22 - 00000000 ____D C:\Users\morro\AppData\Roaming\discord
2017-03-07 02:28 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-04 03:09 - 2016-08-02 15:12 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-02 14:04 - 2016-03-01 23:04 - 00000000 ____D C:\Users\morro\AppData\Local\gtk-2.0
2017-03-02 14:04 - 2016-03-01 23:03 - 00000000 ____D C:\Users\morro\.gimp-2.8
2017-03-01 02:14 - 2016-07-13 17:47 - 00617368 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
2017-02-24 15:42 - 2016-11-07 02:46 - 00000000 ____D C:\Program Files (x86)\Diablo II
2017-02-19 01:54 - 2016-02-28 02:44 - 00000000 ____D C:\Users\morro\AppData\Local\ElevatedDiagnostics
2017-02-17 15:59 - 2017-02-01 01:26 - 00002441 _____ C:\Users\morro\Documents\japanese english teaching cover letter.txt

==================== Files in the root of some directories =======

2016-11-07 18:34 - 2016-11-07 18:34 - 0000128 ____H () C:\Users\morro\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-04-02 11:19 - 2016-04-02 11:19 - 0000036 _____ () C:\Users\morro\AppData\Local\housecall.guid.cache
2017-03-02 14:04 - 2017-03-02 14:04 - 0007231 _____ () C:\Users\morro\AppData\Local\recently-used.xbel
2017-01-20 00:13 - 2017-01-20 00:13 - 0007605 _____ () C:\Users\morro\AppData\Local\Resmon.ResmonCfg
2016-08-02 15:13 - 2016-08-02 15:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-07 18:34 - 2016-11-07 18:34 - 0000128 ____H () C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-08-12 00:14 - 2016-08-12 00:14 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-13 16:36

==================== End of FRST.txt ============================
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am

Re: Malware infected computer/browser cannot remove need hel

Postby Heinrich6745 » Thu Mar 16, 2017 5:11 am

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Heinrich6745 (16-03-2017 01:05:32)
Running from C:\Users\morro\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-02 19:37:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2592823536-3088522126-1080417239-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2592823536-3088522126-1080417239-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-2592823536-3088522126-1080417239-503 - Limited - Disabled)
Guest (S-1-5-21-2592823536-3088522126-1080417239-501 - Limited - Disabled)
Heinrich6745 (S-1-5-21-2592823536-3088522126-1080417239-1001 - Administrator - Enabled) => C:\Users\morro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Skybox Labs)
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version: - Ensemble Studios)
Age of Mythology: Extended Edition (HKLM\...\Steam App 266840) (Version: - SkyBox Labs)
AutoHotkey 1.1.24.00 (HKLM\...\AutoHotkey) (Version: 1.1.24.00 - Lexikos)
Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version: - Beamdog)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Beamdog)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Betrayer (HKLM\...\Steam App 243120) (Version: - Blackpowder Games)
Bionic Dues (HKLM\...\Steam App 238910) (Version: - Arcen Games, LLC)
bit Dungeon II (HKLM\...\Steam App 331440) (Version: - KintoGames)
BloodRayne: Betrayal (HKLM\...\Steam App 281220) (Version: - Abstraction Games)
Bulk Image Downloader v4.96.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: - Antibody Software)
Capsized (HKLM\...\Steam App 95300) (Version: - Alientrap)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Clicker Heroes (HKLM\...\Steam App 363970) (Version: - Playsaurus)
Club Life (HKLM\...\Steam App 404180) (Version: - Dharker Studio)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CPUID HWMonitor Pro 1.25 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
Crusaders of the Lost Idols (HKLM\...\Steam App 402840) (Version: - Codename Entertainment Inc.)
D2SE V2.2.0 (HKLM-x32\...\{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1) (Version: 2.2.0 - Seltsamuel)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Delicious! Pretty Girls Mahjong Solitaire (HKLM\...\Steam App 540610) (Version: - Zoo Corporation)
Destiny Warriors (HKLM\...\Steam App 399790) (Version: - ninjalex)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diehard Dungeon (HKLM\...\Steam App 277870) (Version: - Tricktale)
Discord (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DOOM II: Hell on Earth (HKLM\...\Steam App 2300) (Version: - id Software)
Duke Nukem 3D: Megaton Edition (HKLM\...\Steam App 225140) (Version: - 3D Realms)
Dungeon Siege (HKLM-x32\...\Steam App 39190) (Version: - Gas Powered Games)
Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)
Enemy Mind (HKLM\...\Steam App 285840) (Version: - Schell Games)
Epic Battle Fantasy 3 (HKLM\...\Steam App 521200) (Version: - Matt Roszak)
Everlasting Summer (HKLM\...\Steam App 331470) (Version: - Soviet Games)
Fancy Skulls (HKLM\...\Steam App 307090) (Version: - tequibo)
Final DOOM (HKLM\...\Steam App 2290) (Version: - id Software)
FINAL FANTASY IV (HKLM\...\Steam App 312750) (Version: - Square Enix)
FINAL FANTASY IX (HKLM\...\Steam App 377840) (Version: - SQUARE ENIX)
FINAL FANTASY VI (HKLM-x32\...\Steam App 382900) (Version: - SQUARE ENIX)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
Forge of Gods (RPG) (HKLM\...\Steam App 461910) (Version: - Panoramik Inc)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
GoldenEye: Source (HKLM-x32\...\gesource) (Version: 5.0 - The GoldenEye: Source Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
Grabber 4.5.3 (HKLM-x32\...\{8C007AE6-3F7D-41CC-AB7C-75C08C276EC8}_is1) (Version: 4.5.3 - Bionus)
Greyfox (HKLM\...\Steam App 341310) (Version: - Lesley Dodd)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
Hatoful Boyfriend (HKLM\...\Steam App 310080) (Version: - Mediatonic)
Hell Yeah! (HKLM\...\Steam App 205230) (Version: - Arkedo)
Hero Siege (HKLM\...\Steam App 269210) (Version: - Elias Viglione)
Higurashi When They Cry - Ch.1 Onikakushi (HKLM\...\Steam App 310360) (Version: - 07th Expansion)
Higurashi When They Cry - Ch.2 Watanagashi (HKLM\...\Steam App 410890) (Version: - 07th Expansion)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HuniePop (HKLM-x32\...\Steam App 339800) (Version: - HuniePot)
Icewind Dale: Enhanced Edition (HKLM\...\Steam App 321800) (Version: - Beamdog)
Insanity Clicker (HKLM\...\Steam App 393530) (Version: - PlayFlock)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Iron Grip: Warlord (HKLM\...\Steam App 31700) (Version: - ISOTX)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version: - insayn)
Killer is Dead (HKLM\...\Steam App 261110) (Version: - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
King's Quest (HKLM\...\Steam App 345390) (Version: - The Odd Gentlemen)
Labyronia RPG (HKLM\...\Steam App 391260) (Version: - Labyrinthine)
Labyronia RPG 2 (HKLM\...\Steam App 397500) (Version: - Labyrinthine)
Learn Japanese To Survive - Hiragana Battle (HKLM\...\Steam App 438270) (Version: - Sleepy Duck Educational Games)
Left 4 Dead (HKLM\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Legend of Mysteria (HKLM\...\Steam App 407230) (Version: - Labyrinthine)
Loadout (HKLM\...\Steam App 208090) (Version: - Edge of Reality)
Lucid9 (HKLM\...\Steam App 439940) (Version: - Fallen Snow Studios)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mark of the Ninja (HKLM\...\Steam App 214560) (Version: - Klei Entertainment)
Master Levels for DOOM II (HKLM\...\Steam App 9160) (Version: - id Software)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft OneDrive (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Murasaki (HKLM\...\Steam App 392030) (Version: - Katatema)
Murder Miners (HKLM\...\Steam App 274900) (Version: - JForce Games)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Node.js (HKLM\...\{8434AEA1-1294-47E3-9137-848F546CD824}) (Version: 4.4.7 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version: - Smoking WOLF)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.)
Path of Diablo Launcher (HKLM-x32\...\{DE70C6E8-1803-4AF4-8F94-B39062688E21}) (Version: 1.0.0 - Path of Diablo)
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
Phantasy Star Online 2: EPISODE 4 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version: - SEGA)
Pid (HKLM\...\Steam App 218740) (Version: - Might and Delight)
poi (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\poi) (Version: 7.0.2 - Magica)
POSTAL 2 (HKLM\...\Steam App 223470) (Version: - Running With Scissors)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\{8ba65a8c-cb48-4716-bc24-47c148808015}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Relic Hunters Zero (HKLM\...\Steam App 382490) (Version: - Rogue Snail)
Rise of Nations: Extended Edition (HKLM\...\Steam App 287450) (Version: - SkyBox Labs)
Sacred 2 Gold (HKLM\...\Steam App 225640) (Version: - Ascaron)
Sacred Gold (HKLM-x32\...\Steam App 12320) (Version: - Ascaron Entertainment ltd.)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version: - Volition)
Sakura Swim Club (HKLM\...\Steam App 402180) (Version: - Winged Cloud)
Serious Sam HD: The First Encounter (HKLM\...\Steam App 41000) (Version: - Croteam)
Serious Sam HD: The Second Encounter (HKLM\...\Steam App 41010) (Version: - Croteam)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
ShipLord (HKLM\...\Steam App 422250) (Version: - Just1337 Studio)
Sins Of The Demon RPG (HKLM\...\Steam App 461640) (Version: - Chandler Rounsley)
Skyborn (HKLM\...\Steam App 278460) (Version: - Dancing Dragon Games)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.45.2 (HKLM\...\{431DEFDE-6862-4CBC-AA44-112164825D73}) (Version: 7.0.45.2 - Mad Catz)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
StarBreak (HKLM\...\Steam App 420790) (Version: - Crunchy Games)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Storm of Spears (HKLM\...\Steam App 463350) (Version: - Warfare Studios)
Super 3-D Noah's Ark (HKLM\...\Steam App 371180) (Version: - Wisdom Tree, Inc.)
Taiga (HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\Taiga) (Version: 1.2 - erengy)
Tales of Maj'Eyal (HKLM\...\Steam App 259680) (Version: - DarkGod)
Tales of Symphonia (HKLM\...\Steam App 372360) (Version: - BANDAI NAMCO Entertainment Inc.)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.70155 Beta - TeamViewer)
Terra Incognita ~ Chapter One: The Descendant (HKLM\...\Steam App 347560) (Version: - Back To Basics Gaming)
The Albino Hunter (HKLM\...\Steam App 355520) (Version: - Cherry Co. Studios)
The Legend of Heroes: Trails in the Sky (HKLM-x32\...\Steam App 251150) (Version: - Nihon Falcom)
The Lord of the Rings Online™ (HKLM\...\Steam App 212500) (Version: - Turbine, Inc.)
The Lord of the Rings Online™ v03.08.00.8029 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8029 - Turbine, Inc.)
The Ultimate DOOM (HKLM\...\Steam App 2280) (Version: - id Software)
Time Clickers (HKLM\...\Steam App 385770) (Version: - Proton Studio Inc)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version: - Iron Lore Entertainment)
Torchlight (HKLM\...\Steam App 41500) (Version: - Runic Games)
Torchlight II (HKLM\...\Steam App 200710) (Version: - Runic Games)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
TS Compatibility Fix (HKLM\...\{3f4535f8-e996-4cf1-bb6d-66eb87969155}.sdb) (Version: - )
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games)
Uplay (HKLM-x32\...\Uplay) (Version: 17.0 - Ubisoft)
Urban Trial Freestyle (HKLM\...\Steam App 243450) (Version: - Tate Multimedia)
VidCoder 1.5.34 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.34 - RandomEngy)
Viscera Cleanup Detail: Shadow Warrior (HKLM\...\Steam App 255520) (Version: - RuneStorm)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Woodle Tree Adventures (HKLM\...\Steam App 299460) (Version: - Fabio Ferrara)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)
Zeno Clash (HKLM\...\Steam App 22200) (Version: - ACE Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20C2CBC3-D37A-4622-9D27-FBF37D24169D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {20E4D54D-DF86-4D2D-A8E4-91805CC27725} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)
Task: {333A7DC9-50E5-4820-9AF2-DC9BB434F96C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {4DD13E5D-B9F4-4D69-97B5-8EB407E880E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {5EDE92AA-40F9-460D-A413-DD1886DF979D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-28] (Google Inc.)
Task: {67E30E93-9088-4A3A-B7E4-1A96BCC5F678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {77BB012E-9661-4FC4-944A-0E34C161AB46} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-15] (Microsoft Corporation)
Task: {80A3B9FC-F735-4EB4-88DC-53CF61BE1175} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {B74BC4A6-C76D-470C-BAC2-0ACEB9B30155} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {CB21F3F9-5BD3-4DDE-B47D-910512A1D711} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 02:50 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-15 02:50 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2014-05-01 10:13 - 2016-11-13 18:22 - 00592384 _____ () C:\Users\morro\AppData\Local\MEGAsync\ShellExtX64.dll
2016-11-27 13:55 - 2016-11-27 13:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-11 19:44 - 2017-03-11 19:44 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-05-27 15:50 - 2017-03-13 23:20 - 00410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-13 17:31 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 02:49 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 02:50 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 02:50 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 02:50 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 02:50 - 2017-03-04 02:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-15 02:50 - 2017-03-04 02:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 02:50 - 2017-03-04 02:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-04 23:22 - 2015-06-24 21:23 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2017-03-13 07:30 - 2017-03-13 07:30 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 07:30 - 2017-03-13 07:30 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-13 16:56 - 2017-03-10 15:40 - 00021992 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-02-13 16:56 - 2017-03-07 13:05 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2014-05-01 10:15 - 2016-11-13 18:22 - 00564736 _____ () C:\Users\morro\AppData\Local\MEGAsync\ShellExtX32.dll
2016-02-28 01:04 - 2017-02-02 21:42 - 00668960 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-28 01:04 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-28 01:04 - 2017-03-13 18:04 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-28 01:04 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-28 01:04 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-28 01:04 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-28 01:04 - 2017-03-13 18:04 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 02:18 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-02-13 16:56 - 2017-03-07 13:05 - 00012288 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2016-02-28 01:57 - 2016-06-10 18:50 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-01-11 16:59 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\morro\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 18:17 - 2017-01-11 18:17 - 01082880 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 18:17 - 2017-01-11 18:17 - 03750400 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 18:17 - 2017-01-11 18:17 - 00914432 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 18:17 - 2017-01-11 18:17 - 01127424 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-07-20 22:44 - 2016-07-20 22:44 - 00482304 _____ () C:\Users\morro\AppData\Local\MEGAsync\libsodium.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 16:29 - 2015-10-21 16:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 13:08 - 2016-04-19 13:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2017-02-06 18:02 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\morro\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-02-06 18:02 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\morro\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-06-01 12:24 - 2016-09-19 13:06 - 53018112 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00507968 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 01076800 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 01854528 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00393280 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 01589312 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00307776 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00330816 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00104000 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00520768 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00272448 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00680000 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00425536 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00157760 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
2016-06-01 12:24 - 2017-03-16 00:54 - 00152128 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
2017-01-11 16:59 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\morro\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 16:59 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\morro\AppData\Local\Discord\app-0.0.297\libegl.dll
2016-06-01 12:24 - 2016-09-19 13:06 - 01738752 _____ () C:\Program Files (x86)\GalaxyClient\libglesv2.dll
2016-06-01 12:24 - 2016-09-19 13:06 - 00078848 _____ () C:\Program Files (x86)\GalaxyClient\libegl.dll
2017-01-11 18:25 - 2017-01-11 18:25 - 00148992 _____ () \\?\C:\Users\morro\AppData\Local\Discord\app-0.0.297\resources\app\node_modules\erlpack\build\Release\erlpack.node
2017-01-11 18:17 - 2017-01-11 18:17 - 02658304 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 18:17 - 2017-01-11 18:17 - 02130432 _____ () \\?\C:\Users\morro\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-12-13 03:25 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-02-28 01:04 - 2017-03-13 18:04 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-02-28 01:04 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-03-11 20:41 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morro\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f57e09d8-23e7-4275-a4c2-ca1e866a636d}.png
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-2592823536-3088522126-1080417239-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{14DF7838-CC14-438F-BF63-2C9EBB6276CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Insanity Clicker\Insanity Clicker.exe
FirewallRules: [{8E0B8445-6384-41A8-AF44-5352F9C2252E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Insanity Clicker\Insanity Clicker.exe
FirewallRules: [{CD65FD4C-873C-4DD9-B51A-096E366CB9D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{DB77598F-EA70-4A5C-84A0-C35FD15C359E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{76431161-28FB-491A-94E5-CE0007BFE5A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Rayne Betrayal\bin\bloodrayne.exe
FirewallRules: [{6ED9C24F-B250-4F7A-9C16-547B6C26F291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Rayne Betrayal\bin\bloodrayne.exe
FirewallRules: [{F971540A-7271-4BDE-9BF9-B9E9FDC8F057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Storm of Spears\Storm of Spears.exe
FirewallRules: [{0ADA899A-C355-4CC1-BE17-EA6DB1B8FAE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Storm of Spears\Storm of Spears.exe
FirewallRules: [{9824F799-43D1-45E5-B9C1-53B248FE9217}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{7637FD14-80C5-4AAC-A461-7C1972380C03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{E8E1AC56-41AF-44B2-BEE9-F24111100870}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{0293E75E-800C-423B-8481-7E01E470DB7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{0E8B8AB0-E69A-4363-B0DF-3B9EE5E79DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{D7F84B94-6BC2-4343-A6E6-A1649AFC2D78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{BA55F88A-08EB-4644-B9D7-BBF2D92816B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{03447EE8-C23F-4DD6-8B1F-AE3A73760909}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{62F420D3-C6DA-464C-85F4-E6763487DC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{79E80E6D-A1AE-4069-BF83-C185B2F7E34A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{B210DF78-4B39-4FD5-8847-A551DB28DD83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{B6766D59-EACB-44B7-B4A7-BF70E8313988}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{1C5C4FDA-3425-4EF2-9AF8-DC60BEC5D257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{41C7B8F6-0449-47D8-8193-7535EBCFC0D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{AAAA81BC-F1FA-4DD6-BE1B-23D14084A362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{1557C2E3-5F03-45ED-A175-346B94F99F0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{DBE678BB-087C-4304-AD18-162BD0F14C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WoodleTreeAdventures\WoodleTreeAdventures.exe
FirewallRules: [{0F795B17-C415-49D0-9AA8-9103CD184362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WoodleTreeAdventures\WoodleTreeAdventures.exe
FirewallRules: [{19E1C6C2-DD1C-43C5-A060-F93FB000595D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{71C2BBD1-F3B0-4CDD-88F0-58C8FC73D226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{8FE96BC8-DA07-4E17-BB6A-4C17B0425C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{44023F65-9D4C-46F6-9C47-23ECECBD19B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{957E0E12-5D49-4272-B0F2-DB2463B712B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins Of The Demon\Game.exe
FirewallRules: [{114C8DA0-3129-4192-A1A0-BF9DE5C570CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins Of The Demon\Game.exe
FirewallRules: [{51297D77-528D-4094-BE7F-0DE668DE79C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{78B2685B-4AE2-4A94-8028-638EC30F9AB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{793D2518-F225-4676-BE64-15DE0A58DE96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{ECEEF3D6-53D5-4B0A-9CFA-62ABDEF99B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{15BC6766-FADE-4101-A074-7FEA0D73846B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{EEEBEE76-7C15-4212-A440-EEEC952AB284}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Doom\base\dosbox.exe
FirewallRules: [{1D6B0C24-99AE-4AD0-8B44-C34732AACB58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{E2D924E1-96F5-49D6-A6FE-1A1E74B8C96A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe
FirewallRules: [{A790030D-F6A1-40E9-8D0B-ED72D7F74521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D94BEA94-6E67-4200-B3DD-CAB0127E30CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A5ECF482-0C43-4439-B1E8-AC68C3FA14A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{668D7671-4B07-4DCA-B28C-DB8CFD873524}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE_Unrestricted.exe
FirewallRules: [{B7B0C245-2CD3-4B05-9A55-E2BAA8F99BDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{B61D0254-79E3-4899-A39E-C08E904E19D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The Second Encounter\Bin\SamHD_TSE.exe
FirewallRules: [{6107241F-E90E-4CA8-97E9-D1230307B610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{3F2E3B6B-41C0-49E3-ACC2-CCEAA3F0D045}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{B72A3B4A-A876-4CC7-8A58-BD9E732DCC1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{A72CDE33-F462-4004-AC76-37E43F136809}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{FF83AF4E-7660-4BFC-903B-7AA093AEF4A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [{85651990-57FC-4A82-89B8-31E3BA54CE50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loadout\Loadout.exe
FirewallRules: [UDP Query User{64B04BCE-92D5-4EEC-B4BE-162F09C9061E}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{C2449F5A-5996-4583-99F5-0683E423C120}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{8098407E-D993-4273-A5FA-07EA5069D5BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{DF58AAB0-4888-4527-95A3-B8AB7AA31657}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{AAE7EF8A-971B-4710-863E-6E1F63C2AE46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{09D05C13-BBAF-4D58-9A35-5F86B287B01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusaders of the Lost Idols\Crusaders of the Lost Idols.exe
FirewallRules: [{A9B5030F-667B-4008-851C-DC61CD82D4E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{AC734FDA-386C-496E-8B41-609F538531BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{09C1C898-C68E-41B0-B683-09FB466BEE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{6DA2AAF4-E58A-4381-B231-29D6EC2B3983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{6871A653-EACC-479C-90D3-7F9A6456C703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarBreak\mvmmoclient.exe
FirewallRules: [{B6392718-DB00-485B-995E-B77C7CF19946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarBreak\mvmmoclient.exe
FirewallRules: [{993A7C7A-FBA5-45E9-B498-C041DC9FED36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{513A3946-5DC2-4373-BF57-19992BB1B8BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{B38139CF-E1DB-419E-ACC9-BADDC3755758}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{8400371D-61B0-4FBF-960A-33557B12A2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{752B0BD6-858A-41DA-81E1-A8DF7B20D3C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{39CE3A83-EAA7-49E7-8ACA-5DCB775610F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{501A648F-9CFB-4BC5-A007-DD40E77F5759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pid\Pid.exe
FirewallRules: [{C988FE05-1D3B-4D8B-8F29-6BAA1B2DE7E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pid\Pid.exe
FirewallRules: [{04AB80C4-EDDF-41A1-B7AE-4ACFC6CD5D60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia\Game.exe
FirewallRules: [{C8020C9A-3FD0-49EB-BC0D-221A0530CC02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia\Game.exe
FirewallRules: [{8EF0B2FF-8C7A-49B4-A802-FDE1B33A66B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [{71DC3663-351F-418A-966E-4F45A6761284}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Greyfox\EQLauncher.exe
FirewallRules: [{0F270E91-1DA0-4007-8232-2B701FD2FEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elements of Power\EQLauncher.exe
FirewallRules: [{FAA70A38-35D5-42E1-A572-B4533E4B24B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elements of Power\EQLauncher.exe
FirewallRules: [{643D2C15-6FD9-448E-A0E0-550C49687B61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Capsized\Capsized.exe
FirewallRules: [{5DCB37F6-91C6-47F7-854F-99E732F95620}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Capsized\Capsized.exe
FirewallRules: [{E8ECB637-83E1-478F-8D96-7FA21C2CED3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia RPG 2\Game.exe
FirewallRules: [{FDBAE1E1-F72A-4BA0-90FA-EAC4C013CEA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyronia RPG 2\Game.exe
FirewallRules: [{6103424D-1314-48F2-949F-DA62C55D06C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Mysteria\EQLauncher.exe
FirewallRules: [{FBC83C78-BB5F-45EF-A893-F63E96F6E86B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Mysteria\EQLauncher.exe
FirewallRules: [{2BB31536-6C32-4D5C-862A-8EFBAA334B0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FancySkulls\fancy_skulls.exe
FirewallRules: [{4A975D8F-4375-44DF-AA1F-5B3F47254CFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FancySkulls\fancy_skulls.exe
FirewallRules: [{D9E10FC6-BB59-46D5-9D60-C5F4A2468F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [{FB448159-C843-48E1-AE86-5125BB2D4DED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EnemyMind\EnemyMind.exe
FirewallRules: [{761C6F97-92A6-492B-A494-CC9F59732128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{3A92F6BC-F053-4181-AE6B-EDE29009E092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{17696229-C3C8-4F03-B8DA-5C1ACB1E794E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Grip Warlord\igwarlord.exe
FirewallRules: [{7856FA27-3D28-448F-A050-A2A9C6CF9173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Grip Warlord\igwarlord.exe
FirewallRules: [{16378512-67CD-48E1-A6B6-AEAE8331AB95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{C4A5A445-414D-43E1-9CD6-D4B567EEAA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{67C33EF1-497E-40D7-9EDC-EB247907DB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super 3-D Noah's Ark\noah3d.exe
FirewallRules: [{F2FB38D6-C2CA-492D-9CE2-3CC3E91959F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super 3-D Noah's Ark\noah3d.exe
FirewallRules: [{25B3990C-3B3E-4419-BBDF-3F2F644C3090}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{18DCBE58-9AAC-4B2E-A542-7FF1370FE31B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ZenoClash\ZenoClash.exe
FirewallRules: [{2773C07A-4C1A-494B-A528-7AB0003DA17C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{7B802AE6-F8D8-4C0F-9406-9D9574F56C4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{92EA8B8A-8612-485B-B70D-A66C95BC329C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{09D899F5-FDC5-44FE-8246-AD1EA9721E41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{E76078D2-897D-4449-8BB9-1986CDB0DEA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Albino Hunter\Game.exe
FirewallRules: [{2BD0C39C-9EA9-4110-B31A-6BC1453E5347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Albino Hunter\Game.exe
FirewallRules: [{3DCFE6DB-EA9B-44AA-8671-F97F632A8CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry\HigurashiEp01.exe
FirewallRules: [{23EFFC83-B028-4505-9318-5BB5F83CDC28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry\HigurashiEp01.exe
FirewallRules: [{B0F7EB22-8BA9-4838-9198-CBD4ECCCC97C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi 02 - Watanagashi\HigurashiEp02.exe
FirewallRules: [{02F1598E-16A3-44FC-B21A-B8E0A423530C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi 02 - Watanagashi\HigurashiEp02.exe
FirewallRules: [{6C06AD60-41D0-4956-8712-43BF312C5ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{9AE80D3D-9B5B-4DEB-A79E-DF04640F5D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{E074D7CE-76D2-4508-8A2C-33426E8630E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{6872D831-DF4F-45CB-88C4-2DD6955EB174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{F4F122FB-3087-4C29-9122-CC22E9C3775B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucid9\Lucid9.exe
FirewallRules: [{15D6B332-1726-43BB-B93B-23AC06658064}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucid9\Lucid9.exe
FirewallRules: [{0A26F551-627E-423F-8157-233469B45335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{EF96A102-8F7C-4A89-93D6-C1E24B4A33E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{18FFB2BB-02CC-4DB1-A30A-D1BEDBCF1FD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{4A5B385E-7823-48EA-BCBB-B4482521BA3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{34774207-F1A8-43F2-81EB-47AB8DFFB62B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{03E4B6A6-B8CF-476F-801D-40DE630E8A09}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{3C47BCD5-88FB-4395-8844-3E05C4A41949}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{621D7838-488E-412C-B9FC-1A9EC1D8A8EB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{A3AEA5A6-327D-40A8-86F9-776FB3E92715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe
FirewallRules: [{20DD9AE7-11B4-4933-A85C-387147FAAB13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe
FirewallRules: [{E9756903-C3C7-43F9-B577-29E38D46F93D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{141A28E7-42D3-41DF-8186-ED605A085DFA}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{FAB6D294-009E-4098-AEEB-CF1D51A49E7E}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{B351FD23-56AC-4C19-BDA9-915E9302561A}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{4CD49F80-DFCD-4EF0-9D3B-B85922C1E6D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{F3A628E8-E1E9-4691-916F-32EB631BEAD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{4768472E-BFB4-4AB4-AD08-BC09F1056556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{646A996D-D0C2-4791-AD0A-EAA9D6DF9D39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{6CFBA595-0856-4499-9A0C-9C24EDDBEDC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{55073CCA-2CF1-4673-8977-2584AF6BFFE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{F7CF1F34-9F47-4BC2-8784-94C0C05F6485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{7F597FD8-D3A4-4D2E-9C8D-F23E86C004A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{C1F4DC4A-119A-445D-A4D8-317C0F0C7DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 1\DungeonSiege.exe
FirewallRules: [{A8520588-77B1-466D-948F-D4F661EA3BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 1\DungeonSiege.exe
FirewallRules: [{135A7729-C0C5-4812-983B-56C0595BC554}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{AC4E2027-490A-4EB4-9020-3403E7C98D81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{60348096-C35A-418E-A419-AA3FCE27CD23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{CB348C3E-00B9-40C1-A05A-F586A4D637BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7D7AD7C7-640C-4D60-BD80-5F231DDFFBDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{ECA2C254-6FBD-4920-A809-648666CCA523}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{C852FE81-9C70-4181-B1A9-0D23360044BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{579160DA-20CD-45BD-964A-5BEE93829958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{CC9F3681-B57D-47ED-9CA0-7F97AE2E8776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{CECCF139-5ECF-4512-9A5A-D3BC9CC0DEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{6C8AD074-39E0-447C-900D-5E5572357681}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3D8C4FA2-A036-4A6F-81B7-698AC04DF413}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{A67D06A6-39A2-479C-B62E-590F0A6F9A86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{C4FD315F-429C-4F59-A49D-9C4B809F14D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{A653D5A0-EEF4-4A13-953F-141D14638ED0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe
FirewallRules: [{2E1D1271-B16F-4DB0-95B9-BE2928289854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6_Launcher.exe
FirewallRules: [{13301C52-C6F9-40AF-9CF4-C3C0528FF2F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe
FirewallRules: [{12D81426-FB4E-4F1C-8323-85A235782550}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy 6\FF6.exe
FirewallRules: [{91DBD87D-EB73-49AF-B5B2-237B49756B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{F46AB497-08CA-40A1-BC43-0B7BCA2205A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{DFDC2F40-F635-4BFF-B597-08C1564A0D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{93F63066-B616-4A11-AFA5-9A011012E313}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{C8027F2C-A2E8-44DA-AB60-09E726C24AA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred Gold\Sacred.exe
FirewallRules: [{25288FAE-E2EB-4C4C-B0EA-A3B8F61AEB5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred Gold\Sacred.exe
FirewallRules: [{E06F3D75-9249-4098-8DA8-BE0DD035A044}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0D736B0-81FF-484E-9062-36E43C0CDF03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4E6A6925-57A3-4557-AF64-8F7CE2119FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShipLord\Shiplord.exe
FirewallRules: [{5FEE5D9E-2F53-45AC-BF90-B73F3A836CEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShipLord\Shiplord.exe
FirewallRules: [{B2052368-6B65-4EF4-8E87-464DB2576154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{185B40D0-62B7-468C-99CB-FE906755A903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{FCA78936-0839-4D59-BD01-2AAF2A9AB516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\mu.exe
FirewallRules: [{29A241C6-8144-46B6-8826-7ED9A4F4F8E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\mu.exe
FirewallRules: [{3BBE0F92-B627-4CEE-8FFE-1CF17C8C7F50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\config.exe
FirewallRules: [{4EC02066-988A-4DE6-B7D7-DDBC0BEDB2F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murasaki\Murasaki\config.exe
FirewallRules: [{A9E7251F-D8E3-49DB-BD39-CB0E660A1CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Epic Battle Fantasy 3\Epic Battle Fantasy 3.exe
FirewallRules: [{C0A2E076-0365-4170-A037-69406BDE3D01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Epic Battle Fantasy 3\Epic Battle Fantasy 3.exe
FirewallRules: [{8197FF05-3DCF-45B5-9AB6-E51CCF4A32F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Club Life\Club Life.exe
FirewallRules: [{5F3C88F7-D366-4A7E-A958-2BB17100F3E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Club Life\Club Life.exe
FirewallRules: [{4C3511DB-D876-4134-B7FF-307D29FCB6A5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{BF64B52E-6F1C-48C6-A2F5-9A1D1709CE7F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D2C1DCB1-9A77-4AC6-9B40-9AADC042CBDC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{28B65E77-386C-41E5-9480-9975D6ADC0B2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9AC5DA12-39FC-4F67-AF3B-9D0A56B1FB3F}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{79C3BC14-0E75-4743-8011-B8A6DE6BA04A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{70F072D1-50DE-4858-9CBF-A9D27F5E2FA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{7BFF33B5-FDEB-405B-81C3-2451544C63C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [TCP Query User{958E4ADA-9276-4BB5-925B-0329DD341174}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{89646624-C4AD-4BD3-852E-9D9B87A41AC4}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{5544634D-6E14-4811-875E-C06D6EAE5F6F}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{E88F498A-6981-4E2D-AB63-57547C7415FF}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{BD387038-504D-4E78-8947-8CB8EACDDAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{CF6D0807-7EC3-415E-BF24-D31C0C9E7FAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{D6950AD6-CB2F-47F3-B040-5255FF3A5820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{3828410F-13DA-435B-860B-5CD9F5D1C399}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{3531A0FB-659B-4B98-972D-0E80533126E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{541A856A-FFED-4FAA-A9EB-73771F766FD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{EE974871-5CC8-4C8B-B24D-6125D4B3ACA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{DA1916B5-06E5-4DF7-8712-B17514DE3555}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{E76596EA-E5CC-409C-83A7-E94774F745C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{36BF5E71-1DAA-4554-ABCE-8B92F6CDA987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{D01EA9A8-FEBF-46ED-A88F-5109B52D981C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E8BFFF89-9936-49A7-8D7E-DFBCAF137EE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{713DDAC7-2610-4F0C-91BF-8003446E8E2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F6A951A-6B79-446F-9D4A-C0F3EF861AF9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5AA77D97-6E7A-4F17-8B2D-31F8B8877968}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Swim Club\Sakura Swim Club.exe
FirewallRules: [{413AFC08-1046-4277-97A2-38AD665A0D0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Swim Club\Sakura Swim Club.exe
FirewallRules: [{60D2B9F7-D33C-437A-94AE-5D9BAF09F3AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{8B0B5DC7-B39B-4519-AB5E-57961B00C7C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [TCP Query User{6AE633A3-7F49-4445-B941-E60CEE1B91F8}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [UDP Query User{7402F6A0-5964-45EC-97BC-E66E252B12DB}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [{B514C114-DBC7-4AB1-B171-B86364C5F357}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [{29FA3915-9EA2-4692-9AED-E048B24BAA49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forge of Gods (RPG)\fog.exe
FirewallRules: [TCP Query User{14F9DF95-7EBA-4653-AE39-C5F4167326A4}C:\westwood\twisted insurrection 0.6\game.exe] => (Allow) C:\westwood\twisted insurrection 0.6\game.exe
FirewallRules: [UDP Query User{5FAE93F2-23C1-47D6-A8B0-09DE977D7D63}C:\westwood\twisted insurrection 0.6\game.exe] => (Allow) C:\westwood\twisted insurrection 0.6\game.exe
FirewallRules: [TCP Query User{83FB3AAD-DA2B-4DCA-AA64-E00810FEF23E}C:\westwood\dawn of the tiberium age\game.exe] => (Allow) C:\westwood\dawn of the tiberium age\game.exe
FirewallRules: [UDP Query User{9057AFF0-4C73-481D-9FD2-4A663FCB0333}C:\westwood\dawn of the tiberium age\game.exe] => (Allow) C:\westwood\dawn of the tiberium age\game.exe
FirewallRules: [{4359033C-F8A9-42D4-9990-69030E6A0B89}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{A65EE59D-D68A-4ED4-B164-7E79396989A7}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [TCP Query User{C6FA3D06-372F-4171-90ED-90D81B753368}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe
FirewallRules: [UDP Query User{C7C544AD-C56C-4141-9CA8-7F6FD7EE53DC}C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe] => (Allow) C:\program files (x86)\origin games\command and conquer red alert ii\gamemd.exe
FirewallRules: [{ABD4EAC3-D23E-43D1-8C85-35CF234620FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4FAF5B98-DED4-4677-B40C-609936E9770F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{62C9A575-FD75-41DA-9FE6-E6778D1F6CA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiehardDungeon\DiehardDungeon.exe
FirewallRules: [{94DBB4EB-569C-40AF-BBD8-EB86B6574F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiehardDungeon\DiehardDungeon.exe
FirewallRules: [{D284E705-198C-43FA-9906-015D0E1471AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit Dungeon II\bitDungeonII.exe
FirewallRules: [{70CF18A4-5488-43E5-B160-1475F04EEAEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\bit Dungeon II\bitDungeonII.exe
FirewallRules: [{23E8DD62-7536-4705-A840-E9B487D3EDE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Delicious! Pretty Girls Mahjong Solitaire\DeliciousPGMS.exe
FirewallRules: [{71E2A05F-3E97-4543-ADFF-A2F58D7BB3EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Delicious! Pretty Girls Mahjong Solitaire\DeliciousPGMS.exe
FirewallRules: [{B6EF8EA7-C1A2-4E1B-92B9-7ECAE2D83038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{C73F4E6A-9BAC-4697-B197-306D16C7F79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terra Incognita ~ Chapter One The Descendant\Game.exe
FirewallRules: [{E6F6A126-1BA3-4833-A4ED-2B31D9D7047D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{95A5A84A-D34E-4F70-920D-5DA45B656011}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{B26A389E-AAA5-417F-A748-AD97ADB19CEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{09799705-E635-4206-80E0-77B259ED7C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{3D6EF1B7-7D6C-4A02-B964-AD52E4B3A7EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{C5D20181-6B83-4BBB-ADF6-8A0E7DC43BC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{1997ABEA-C719-4F01-BC27-DD5AD300F820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{4F8732F9-4D25-499B-9BB3-5E47E60E53AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{096B0DC3-0D28-4DEE-B789-38102E98301E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe
FirewallRules: [{9B85116E-09FD-475F-BB60-E590BB342EA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe
FirewallRules: [{67E7DF6E-DD67-48B2-841B-8804F2DE3222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{9555614E-8A5D-4379-BA31-07029D3A90DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{B555D5B9-493A-494E-AD41-9E96C79AC121}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{106C2DEC-45E1-43B0-87D0-C5F81CDDA241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{C4832942-3F0B-4602-AAD1-FC4D54A311A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
FirewallRules: [{5793C9B5-33C1-4208-AA87-76124594D73A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
FirewallRules: [{CC7E77CF-545B-4D41-B65D-7356EE760C65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{32697B97-3D70-4AE4-B3BA-0A7561EC0B4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{680B05B7-E220-400C-A1E7-EF9F904D809B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{F6D6EBA4-E202-4F20-BCCC-2BE9A85C6F27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{98F9AEE7-D862-4622-B7A0-4BF35B78D80B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{6DF23AFA-18A0-4694-AE1B-12E2DF578F8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{9F687E10-090B-4812-91F3-565F3E059B85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B21F110B-3EF5-4E13-B05A-3D6731568EA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{972D8AF8-847A-48F3-9BBA-22A75D8FCC87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6EFA9D49-BACA-4372-AC3B-0C3ADA49C128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{AA951E28-E9A5-45C0-8460-29C036BC0B3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{8964AACE-CECE-46AD-A2C7-8C96AACD484F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{59E80416-03F5-4E09-8361-4DF51C8E4F64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{3FBC823D-B407-4528-8DD6-6B91836C3D2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe

==================== Restore Points =========================

13-03-2017 21:52:20 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2017 12:55:16 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (1272) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\morro\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (03/16/2017 12:33:48 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (03/16/2017 12:32:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/16/2017 12:32:17 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {59b1f5b5-bb4f-4db7-bfe7-fd342a783134}

Error: (03/15/2017 09:37:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Discord.exe version 0.0.41.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a04

Start Time: 01d29ae026fc41fa

Termination Time: 4294967295

Application Path: C:\Users\morro\AppData\Local\Discord\app-0.0.297\Discord.exe

Report Id: 0df820cb-09e9-11e7-ba31-1008b18732f2

Faulting package full name:

Faulting package-relative application ID:

Error: (03/15/2017 04:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.14393.0, time stamp: 0x578999ab
Faulting module name: dwmcore.dll, version: 10.0.14393.479, time stamp: 0x5825897b
Exception code: 0x88980403
Fault offset: 0x000000000006478c
Faulting process id: 0x1bc
Faulting application start time: 0x01d29adffea38ec9
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\system32\dwmcore.dll
Report Id: 989cfc05-51e9-4c00-be04-cb6d75cadd22
Faulting package full name:
Faulting package-relative application ID:

Error: (03/14/2017 12:53:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.14393.0, time stamp: 0x57899082
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc0000005
Fault offset: 0x00026dc9
Faulting process id: 0x1bc0
Faulting application start time: 0x01d29c7ede1a7882
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: aa35db68-d31b-41b6-a437-8340e96aab3c
Faulting package full name:
Faulting package-relative application ID:

Error: (03/13/2017 10:29:20 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (5460) An attempt to open the file "C:\Users\morro\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (03/13/2017 09:52:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/13/2017 03:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0x8e0
Faulting application start time: 0x01d29adfff740183
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Report Id: 6b0a9209-50c6-4118-9493-518b704a6ca3
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/16/2017 12:51:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/16/2017 12:51:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/16/2017 12:51:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/16/2017 12:50:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (03/16/2017 12:35:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/15/2017 04:16:19 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEINRICHS-RIG)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2592823536-3088522126-1080417239-1001-0-ntuser.dat

Error: (03/15/2017 04:16:14 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HEINRICHS-RIG)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2592823536-3088522126-1080417239-1001-0-ntuser.dat

Error: (03/14/2017 10:29:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Time Broker service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/14/2017 10:27:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/14/2017 10:27:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-03-16 00:51:48.004
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.

Date: 2017-03-16 00:51:47.523
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe that did not meet the Microsoft signing level requirements.

Date: 2017-03-12 15:24:56.206
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-11 22:23:46.139
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.

Date: 2017-03-11 22:23:46.026
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe that did not meet the Microsoft signing level requirements.

Date: 2017-03-10 16:02:56.731
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-10 10:12:12.690
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.

Date: 2017-03-10 10:12:12.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe that did not meet the Microsoft signing level requirements.

Date: 2017-03-09 23:44:58.394
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-09 23:29:00.118
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaTool.exe that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 35%
Total physical RAM: 16300.94 MB
Available physical RAM: 10496.12 MB
Total Virtual: 17324.94 MB
Available Virtual: 10521.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.82 GB) (Free:305.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 564126B4)

Partition: GPT.

==================== End of Addition.txt ============================
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am

Re: Malware infected computer/browser cannot remove need hel

Postby Heinrich6745 » Thu Mar 16, 2017 5:18 am

The FRST post might be too long or something because it shows up blank on the thread but when i go to edit or quote it shows up (except in the edit preview button)

So if you have trouble viewing it let me know and i can do something else, but if you press the quote button you should be able to view it all from there just fine.
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am

Re: Malware infected computer/browser cannot remove need hel

Postby patrik » Mon Apr 03, 2017 7:47 am

Sorry for big delay.

The FRST post might be too long or something because it shows up blank on the thread but when i go to edit or quote it shows up (except in the edit preview button)

Simply zip it.

If you`re still having a problem with Nova.rambler.ru, then make and post here fresh FRST logs.
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: Malware infected computer/browser cannot remove need hel

Postby Heinrich6745 » Wed Apr 05, 2017 8:08 pm

I think i managed to finally remove it, was looking through Ccleaner and there were some cookies related to it which were easy to spot due to the Russian domains.

It's been 2 days since i then and i have yet to have any popups or anything acting weird on my browser since then not to mention the 2 files that kept coming back and my software asking me to remove them constantly even though i would and they returned since i was still infected. I'll keep watch and make sure it's actually 100% gone but so far so good aside from 1 game related website i use for some reason now gives me bad gateway yet the site works fine on another browser and even another computer in the house and my friends too so i'll try messing around and see if i can fix Chrome from giving me bad gateway on that specific site.
Heinrich6745
 
Posts: 9
Joined: Fri Mar 10, 2017 3:15 am


Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 1 guest

cron