Tweet
Hi there recently I was downloading torrents but it gave me this search virus, searchprivacy.co. I’ve looked at videos saying how to take it off but those don’t seem to work. I’ve run Malwarebytes and ADWcleaner and reset Chrome settings but its still popping up when I try to search something. I have also deleted all the possible search engines and set pages on startup except the one I use. Does anyone have any insight as to what other options I could do?
-
-
Hi there Gweetar and welcome to PCHF
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.
Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select “Scan”
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Copy and Paste the contents of these logs in your next post for review by our Security Team.
Please download aswMBR from here
[ul]
[li]Save aswMBR.exe to your Desktop[/li][/ul]
[ul]
[li]Double click aswMBR.exe to run it[/li][/ul]
[ul]
[li]Click the Scan button to start the scan as illustrated below (Note that it may seem like the scan is frozen or stuck at times. It is not stuck. Please let it finish)[/li][/ul]
Note: Do not take action against any Rootkit entries until we have reviewed the log. Often there are false positives.
[ul]
[li]Once the scan finishes click Save log to save the log to your Desktop.[/li][/ul]
[ul]
[li]Copy and paste the contents of aswMBR.txt in your post for review by our Security Team.[/li][/ul] -
Alright here it is.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Swooce (administrator) on GPC (09-11-2016 16:29:37)
Running from C:\Users\Swooce\Downloads
Loaded Profiles: Swooce (Available Profiles: Swooce)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1860120 2016-01-11] (NVIDIA Corporation)
HKLM...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-18...\Run: => 0
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip..\Interfaces{E06FC51A-26A9-4684-9913-79C54B0693C5}: [DhcpNameServer] 75.75.75.75 75.75.76.76
[HEADING=1]Internet Explorer:[/HEADING]
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 → C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf → C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf → C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 → C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 → C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3488453458-2430756528-1590804681-1000: @unity3d.com/UnityPlayer,version=1.0 → C:\Users\Swooce\AppData\LocalLow\Unity\WebPlayer\l oader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3488453458-2430756528-1590804681-1000: SkypePlugin → C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.3 2\npGatewayNpapi.dll [2016-09-01] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3488453458-2430756528-1590804681-1000: SkypePlugin64 → C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.3 2\npGatewayNpapi-x64.dll [2016-09-01] (Skype Technologies S.A.)
[HEADING=1]Chrome:[/HEADING]
CHR HomePage: Default → hxxp://www.trovi.com/?gd=&ctid=CT3311767&octid=EB_ORIGINAL_CTID&ISID=MC C9AB844-F8D6-498F-BD84-98601820C81A&SearchSource=55&CUI=&UM=6&UP=SPA64171 27-305C-4B91-8B4A-DF2B6AB20EC7&SSPV=
CHR StartupUrls: Default → “chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html”
CHR Profile: C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default [2016-11-09]
CHR Extension: (Google Slides) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-08-09]
CHR Extension: (Google Docs) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-21]
CHR Extension: (Skype Calling) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklih nhjkij [2016-08-12]
CHR Extension: (YouTube) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkm llpafd [2016-06-02]
CHR Extension: (Google Search) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2016-11-08]
CHR Extension: (Speed Dial 2) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclc ccjcik [2016-05-30]
CHR Extension: (Ponify) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpj ljegae [2015-08-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgo cmfgmb [2016-10-15]
CHR Extension: (Search-Privacy.club) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcmlbbokmmghcjldembpnhfap encced [2016-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-04-01]
CHR Extension: (4chan X) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflg edgpam [2016-11-09]
CHR Extension: (Gmail) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-10-27]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [229152 2016-06-28] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2621448 2016-09-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-08-31] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; “C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /svc
S3 gupdatem; “C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /medsvc
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 VGPU; System32\drivers\rdvgkmd.sys
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-09 16:29 - 2016-11-09 16:30 - 00016462 _____ C:\Users\Swooce\Downloads\FRST.txt
2016-11-09 16:28 - 2016-11-09 16:29 - 00000000 ____D C:\FRST
2016-11-09 16:24 - 2016-11-09 16:25 - 02410496 _____ (Farbar) C:\Users\Swooce\Downloads\FRST64.exe
2016-11-09 10:27 - 2016-11-09 10:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-09 10:27 - 2016-11-09 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-09 10:27 - 2016-11-09 10:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-09 10:27 - 2016-11-09 10:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-09 10:27 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-09 10:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-09 10:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-09 10:21 - 2016-11-09 10:27 - 00000000 ____D C:\AdwCleaner
2016-11-09 10:21 - 2016-11-09 10:21 - 22851472 _____ (Malwarebytes ) C:\Users\Swooce\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-09 10:20 - 2016-11-09 10:20 - 03910208 _____ C:\Users\Swooce\Downloads\AdwCleaner.exe
2016-11-09 10:15 - 2016-11-09 10:15 - 00000000 ____D C:\Windows\pss
2016-11-08 23:09 - 2016-11-08 23:15 - 00000000 ____D C:\Windows\system32\SSL
2016-11-08 23:09 - 2016-11-08 23:09 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\c
2016-11-08 23:03 - 2016-11-08 23:03 - 00000000 ____D C:\Users\Swooce\Downloads\Minecraft 1 9 5 Cracked - P2P
2016-11-08 23:02 - 2016-11-08 23:02 - 00000000 ____D C:\Users\Swooce\AppData\LocalLow\uTorrent
2016-11-08 05:07 - 2016-11-08 05:07 - 01914038 _____ C:\Windows\345b373d6c15734d8a7cece5f8fbc403.exe
2016-11-04 19:13 - 2016-11-04 19:13 - 04884125 _____ C:\Users\Swooce\Downloads\Glowing Ore Veins 300 2_00-193-1.rar
2016-10-31 08:17 - 2016-10-31 08:18 - 55098406 _____ C:\Users\Swooce\Downloads\Nude Females v1-5-70-1-5.7z
2016-10-31 08:07 - 2016-10-31 08:07 - 00033644 _____ C:\Users\Swooce\Downloads\Semi-Erect.7z
2016-10-31 00:47 - 2016-10-31 00:48 - 31208541 _____ C:\Users\Swooce\Downloads\SOS - Schlongs of Skyrim - 2.05.041.7z
2016-10-28 21:53 - 2016-10-30 21:55 - 00000000 ____D C:\Users\Swooce\Downloads\Skyrim Mods
2016-10-28 14:05 - 2016-10-28 14:05 - 00033958 _____ C:\Users\Swooce\Downloads\Vendor Sale Delay v2-0-34224-2-0.rar
2016-10-28 09:16 - 2016-10-28 09:16 - 00000000 ____D C:\Games
2016-10-27 22:57 - 2016-10-28 09:25 - 00000000 ____D C:\Users\Swooce\Documents\Nexus Mod Manager
2016-10-27 22:57 - 2016-10-28 09:09 - 00000000 ____D C:\Users\Swooce\AppData\Local\Black_Tree_Gaming
2016-10-27 22:57 - 2016-10-27 22:57 - 00000000 ____D C:\Users\Swooce\Desktop\Nexus Mod Manager
2016-10-27 22:56 - 2016-10-27 22:56 - 06450488 _____ (Black Tree Gaming ) C:\Users\Swooce\Downloads\Nexus Mod Manager-0.63.2.exe
2016-10-16 16:13 - 2016-10-16 16:13 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\runic games
2016-10-12 17:22 - 2016-09-30 15:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 17:22 - 2016-09-30 14:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 17:22 - 2016-09-30 10:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 17:22 - 2016-09-30 10:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 17:22 - 2016-09-30 10:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 17:22 - 2016-09-30 02:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 17:22 - 2016-09-30 01:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 17:22 - 2016-09-30 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 17:22 - 2016-09-30 01:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 17:22 - 2016-09-30 01:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 17:22 - 2016-09-30 01:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 17:22 - 2016-09-30 01:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 17:22 - 2016-09-30 01:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 17:22 - 2016-09-30 01:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 17:22 - 2016-09-30 01:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 17:22 - 2016-09-30 01:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 17:22 - 2016-09-30 01:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 17:22 - 2016-09-30 01:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 17:22 - 2016-09-30 01:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 17:22 - 2016-09-30 01:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 17:22 - 2016-09-30 00:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 17:22 - 2016-09-30 00:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 17:22 - 2016-09-30 00:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 17:22 - 2016-09-30 00:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 17:22 - 2016-09-30 00:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 17:22 - 2016-09-30 00:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 17:22 - 2016-09-30 00:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 17:22 - 2016-09-30 00:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 17:22 - 2016-09-30 00:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 17:22 - 2016-09-30 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 17:22 - 2016-09-30 00:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 17:22 - 2016-09-30 00:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 17:22 - 2016-09-30 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 17:22 - 2016-09-30 00:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 17:22 - 2016-09-30 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 17:22 - 2016-09-30 00:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 17:22 - 2016-09-30 00:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 17:22 - 2016-09-30 00:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 17:22 - 2016-09-30 00:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 17:22 - 2016-09-30 00:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 17:22 - 2016-09-30 00:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 17:22 - 2016-09-30 00:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 17:22 - 2016-09-30 00:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 17:22 - 2016-09-30 00:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 17:22 - 2016-09-30 00:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 17:22 - 2016-09-30 00:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 17:22 - 2016-09-30 00:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 17:22 - 2016-09-30 00:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 17:22 - 2016-09-30 00:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 17:22 - 2016-09-30 00:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 17:22 - 2016-09-30 00:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 17:22 - 2016-09-30 00:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 17:22 - 2016-09-30 00:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 17:22 - 2016-09-30 00:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 17:22 - 2016-09-30 00:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 17:22 - 2016-09-30 00:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 17:22 - 2016-09-30 00:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 17:22 - 2016-09-29 23:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 17:22 - 2016-09-29 23:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 17:22 - 2016-09-29 23:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 17:22 - 2016-09-29 23:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 17:22 - 2016-09-15 10:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 17:22 - 2016-09-15 10:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 17:22 - 2016-09-15 10:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 17:22 - 2016-09-15 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 17:22 - 2016-09-12 16:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 17:22 - 2016-09-12 16:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 17:22 - 2016-09-12 16:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 17:22 - 2016-09-12 15:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 17:22 - 2016-09-12 15:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 17:22 - 2016-09-12 15:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 17:22 - 2016-09-12 15:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 17:22 - 2016-09-12 15:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 17:22 - 2016-09-12 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 17:22 - 2016-09-12 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 17:22 - 2016-09-12 15:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 17:22 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 17:22 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 17:22 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 17:22 - 2016-09-10 11:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 17:22 - 2016-09-10 10:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 17:22 - 2016-09-09 13:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 17:22 - 2016-09-09 13:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 17:22 - 2016-09-09 13:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 17:22 - 2016-09-09 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 17:22 - 2016-09-09 12:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 17:22 - 2016-09-09 12:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 17:22 - 2016-09-09 12:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 17:22 - 2016-09-09 12:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 17:22 - 2016-09-09 12:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 17:22 - 2016-09-09 12:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 17:22 - 2016-09-09 12:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 17:22 - 2016-09-09 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 17:22 - 2016-09-09 12:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 17:22 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 17:22 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 17:22 - 2016-08-12 12:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 17:22 - 2016-08-12 12:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 17:22 - 2016-08-12 12:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 17:22 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 17:22 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 17:22 - 2016-08-12 11:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-12 17:22 - 2016-08-12 11:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-12 17:22 - 2016-08-12 11:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-12 17:22 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-12 17:22 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-12 17:22 - 2016-08-12 11:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-12 17:22 - 2016-08-06 10:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 17:22 - 2016-08-06 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 17:22 - 2016-08-06 09:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-12 17:22 - 2016-08-06 09:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-12 17:22 - 2016-08-06 09:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-12 17:22 - 2016-06-14 12:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 17:22 - 2016-06-14 12:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 17:22 - 2016-06-14 12:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 17:22 - 2016-06-14 10:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-12 17:22 - 2016-06-14 10:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 17:22 - 2016-06-14 10:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 17:22 - 2016-06-14 10:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 17:22 - 2016-06-14 10:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-12 17:22 - 2016-06-14 10:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-12 17:22 - 2016-06-14 10:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 17:22 - 2016-06-14 10:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 17:21 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 17:21 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-09 16:08 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-09 16:08 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 16:02 - 2016-07-28 18:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e92bd d417cbf.job
2016-11-09 10:51 - 2015-08-09 19:02 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-09 10:44 - 2009-07-14 00:13 - 00006214 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-09 10:39 - 2015-08-12 14:18 - 00000000 ____D C:\Users\Swooce\AppData\Local\LogMeIn Hamachi
2016-11-09 10:39 - 2015-08-09 19:14 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\Skype
2016-11-09 10:38 - 2016-07-28 18:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e92 bdcbba985.job
2016-11-09 10:38 - 2015-12-13 22:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-09 10:38 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-09 10:15 - 2015-08-09 19:02 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\Everything
2016-11-08 23:21 - 2016-03-03 10:18 - 00000000 ____D C:\Users\Swooce\AppData\Local\CrashDumps
2016-11-08 23:21 - 2016-02-04 10:35 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\uTorrent
2016-11-08 23:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-08 23:13 - 2015-08-09 19:01 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-08 00:37 - 2016-06-15 15:57 - 00000000 ____D C:\Users\Swooce\AppData\Local\Battle.net
2016-11-07 21:37 - 2016-06-15 15:59 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-07 21:36 - 2016-06-15 15:56 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-06 23:23 - 2016-02-02 22:09 - 00039307 _____ C:\Users\Swooce\Desktop\SL-9.odt
2016-11-05 12:03 - 2015-08-09 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-10-30 21:23 - 2015-08-09 19:01 - 00000000 ____D C:\Users\Swooce\AppData\Local\Google
2016-10-28 09:12 - 2015-08-17 09:09 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Games
2016-10-27 22:59 - 2015-12-29 20:19 - 00000000 ____D C:\Users\Swooce\AppData\Local\Skyrim
2016-10-27 20:22 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-26 07:47 - 2016-02-04 10:49 - 00000000 ____D C:\Users\Swooce\AppData\Local\UNDERTALE
2016-10-25 21:04 - 2015-08-09 19:02 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-21 13:36 - 2016-01-05 19:41 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\vlc
2016-10-20 12:04 - 2015-08-09 21:54 - 00000000 ____D C:\Users\Swooce\AppData\Roaming.minecraft
2016-10-20 11:59 - 2015-08-09 21:54 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-10-16 16:13 - 2013-06-18 12:25 - 00000000 ____D C:\Users\Swooce\Desktop\Torchlight
2016-10-14 13:16 - 2011-12-26 05:29 - 00000000 ____D C:\Users\Swooce\Desktop\Fate
2016-10-13 13:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-10-12 20:33 - 2009-07-13 23:45 - 00295232 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 20:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-12 20:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-12 20:28 - 2015-08-09 23:12 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 20:24 - 2015-08-09 23:12 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2016-07-02 13:40 - 2016-07-02 13:40 - 0001475 _____ () C:\Users\Swooce\AppData\Local\recently-used.xbel
2015-12-28 14:35 - 2015-12-28 14:35 - 0007605 _____ () C:\Users\Swooce\AppData\Local\Resmon.ResmonCfg
[HEADING=1]Some files in TEMP:[/HEADING]
C:\Users\Swooce\AppData\Local\Temp\ati_upd.dll
C:\Users\Swooce\AppData\Local\Temp\CodecFixDivx.ex e
C:\Users\Swooce\AppData\Local\Temp\cpa.exe
C:\Users\Swooce\AppData\Local\Temp\cubecc.exe
C:\Users\Swooce\AppData\Local\Temp\dxdiag.exe
C:\Users\Swooce\AppData\Local\Temp\Newtonsoft.Json .dll
C:\Users\Swooce\AppData\Local\Temp\NLog.dll
C:\Users\Swooce\AppData\Local\Temp\startIT.exe
C:\Users\Swooce\AppData\Local\Temp\wait.exe
C:\Users\Swooce\AppData\Local\Temp\WindowService.L ib.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-04 18:40
==================== End of FRST.txt ============================
[HEADING=1]
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Swooce (09-11-2016 16:30:58)
Running from C:\Users\Swooce\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-10 10:52:10)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
Administrator (S-1-5-21-3488453458-2430756528-1590804681-500 - Administrator - Disabled)
Guest (S-1-5-21-3488453458-2430756528-1590804681-501 - Limited - Disabled)
Swooce (S-1-5-21-3488453458-2430756528-1590804681-1000 - Administrator - Enabled) => C:\Users\Swooce
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3488453458-2430756528-1590804681-1000...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
100% Orange Juice (HKLM...\Steam App 282800) (Version: - Orange_Juice)
4K YouTube to MP3 2.12 (HKLM-x32...\4K YouTube to MP3_is1) (Version: 2.12.0.1585 - Open Media LLC)
7-Zip 9.20 (x64 edition) (HKLM...{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Amnesia: The Dark Descent (HKLM-x32...\Steam App 57300) (Version: - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32...{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM...{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM...{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
Battlerite (HKLM...\Steam App 504370) (Version: - Stunlock Studios)
BioShock Remastered (HKLM...\Steam App 409710) (Version: - 2K Boston)
Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32...\Steam App 12200) (Version: - Rockstar New England)
CCleaner (HKLM...\CCleaner) (Version: 5.13 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Crush Crush (HKLM...\Steam App 459820) (Version: - Sad Panda Studios)
Crypt of the NecroDancer (HKLM...\Steam App 247080) (Version: - Brace Yourself Games)
Curse (HKLM-x32...{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls: Prepare to Die Edition (HKLM...\Steam App 211420) (Version: - FromSoftware)
Defraggler (HKLM...\Defraggler) (Version: 2.19 - Piriform)
Desura (HKLM-x32...\Desura) (Version: 100.64 - Desura)
Desura: Sleepless Night (HKLM-x32...\Desura_79057463017504) (Version: Full - Massimow)
Deus Ex: Game of the Year Edition (HKLM...\Steam App 6910) (Version: - Ion Storm)
Divinity II: Developer’s Cut (HKLM...\Steam App 219780) (Version: - Larian Studios)
Dust: An Elysian Tail (HKLM-x32...\Steam App 236090) (Version: - Humble Hearts LLC)
Elisa: The Innkeeper - Prequel (HKLM...\Steam App 472680) (Version: - Neoclassic Games)
Etron USB3.0 Host Controller (HKLM-x32...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Euro Truck Simulator 2 (HKLM-x32...\Steam App 227300) (Version: - SCS Software)
Everlasting Summer (HKLM-x32...\Steam App 331470) (Version: - Soviet Games)
Everything 1.3.4.686 (x64) (HKLM...\Everything) (Version: - )
Fallout: New Vegas (HKLM...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Reader (HKLM-x32...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Frosty Kiss (HKLM-x32...\Steam App 431540) (Version: - 2Chance Projects)
GIMP 2.8.14 (HKLM...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32...{C529D155-657E-35C0-8A38-95AE8B671B9A}) (Version: 54.0.2840.71 - Google, Inc.)
Google Drive (HKLM-x32...{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HuniePop (HKLM...\Steam App 339800) (Version: - HuniePot)
iTunes (HKLM...{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 51 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Just Cause 2 (HKLM...\Steam App 8190) (Version: - Avalanche Studios)
Kimulator : Fight for your destiny (HKLM...\Steam App 475430) (Version: - Bmc Studio)
Left 4 Dead 2 (HKLM...\Steam App 550) (Version: - Valve)
Life Is Strange™ (HKLM...\Steam App 319630) (Version: - DONTNOD Entertainment)
LIMBO (HKLM...\Steam App 48000) (Version: - Playdead)
LogMeIn Hamachi (HKLM-x32...\LogMeIn Hamachi) (Version: 2.2.0.519 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.519 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32...{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM...{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32...{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32...{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32...{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mumble 1.2.12 (HKLM-x32...{F726A594-D506-4CE4-813C-5A260A243620}) (Version: 1.2.12 - Thorvald Natvig)
NEKOPARA Vol. 1 (HKLM-x32...\Steam App 333600) (Version: - NEKO WORKs)
Notepad++ (HKLM-x32...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32...{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCCT 4.4.1 (HKLM-x32...\OCCT) (Version: 4.4.1 - Ocbase.com)
Only If (HKLM-x32...\Steam App 298260) (Version: - Creability)
OpenOffice 4.1.1 (HKLM-x32...{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Overwatch (HKLM-x32...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM...{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
Pajama Sam 2: Thunder and Lightning Aren’t So Frightening (HKLM...\Steam App 292780) (Version: - Humongous Entertainment)
Pajama Sam in No Need to Hide When It’s Dark Outside (HKLM...\Steam App 283960) (Version: - Humongous Entertainment)
Pajama Sam’s Lost & Found (HKLM...\Steam App 292860) (Version: - Humongous Entertainment)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32...{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Psychonauts (HKLM...\Steam App 3830) (Version: - Double Fine Productions)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Rising Angels: Reborn (HKLM-x32...\Steam App 321840) (Version: - IDHAS Studios)
Rust (HKLM...\Steam App 252490) (Version: - Facepunch Studios)
Seduce Me the Otome (HKLM-x32...\Steam App 367120) (Version: - Michaela Laws)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32...{D116C78B-2A53-4BF9-A089-5BE0E132C10C}) (Version: 7.25.0.32 - Skype Technologies S.A.)
Skype™ 7.27 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM...\Steam App 365720) (Version: - The SKSE Team)
SpeedFan (remove only) (HKLM-x32...\SpeedFan) (Version: - )
Spiral Knights (HKLM...\Steam App 99900) (Version: - Grey Havens)
Stardew Valley (HKLM...\Steam App 413150) (Version: - ConcernedApe)
Starless Nymphomaniacs’ Paradise (HKLM-x32...\Starless Nymphomaniacs’ Paradise1.0) (Version: 1.0 - JAST USA)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Hexagon (HKLM-x32...\Steam App 221640) (Version: - Terry Cavanagh)
Team Fortress 2 (HKLM-x32...\Steam App 440) (Version: - Valve)
TeamViewer 11 (HKLM-x32...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims 3 (HKLM-x32...\The Sims 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Galfimbul)
The Stanley Parable (HKLM...\Steam App 221910) (Version: - Galactic Cafe)
Thief (HKLM-x32...\Steam App 239160) (Version: - Eidos-Montréal)
TP-LINK TL-WDN3800 Driver (HKLM-x32...{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-3488453458-2430756528-1590804681-1000...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
Viridi (HKLM...\Steam App 375950) (Version: - Ice Water Games)
VLC media player (HKLM...\VLC media player) (Version: 2.2.1 - VideoLAN)
Voices from the Sea (HKLM...\Steam App 348620) (Version: - Zeiva Inc)
Warframe (HKLM...\Steam App 230410) (Version: - Digital Extremes)
WinDirStat 1.1.2 (HKU\S-1-5-21-3488453458-2430756528-1590804681-1000...\WinDirStat) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3488453458-2430756528-1590804681-1000_Classes\CLSID{1233A989-8A71-4FED-9712-C4F07707E209}\InprocServer32 → C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.3 2\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3488453458-2430756528-1590804681-1000_Classes\CLSID{13C484D6-AD2C-46D9-9581-1E03CBED164C}\localserver32 → C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.3 2\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3488453458-2430756528-1590804681-1000_Classes\CLSID{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 → C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.3 2\EdgeCalling.exe (Skype Technologies S.A.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0801BFC4-EB56-4921-A947-D8B84AE0C0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0A555D4C-E0B4-4F43-A137-9CA99954B25A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92bd cbba985 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0DD1E731-0246-4AA9-B9D7-89B580A58510} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2A1D1BD6-FD9D-4162-B1C8-FDD6CF29B6A5} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92bdd4 17cbf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotificatio n → No File <==== ATTENTION
Task: {30FBEED8-3FEE-45F6-B002-6347CA6C29FE} - System32\Tasks{EE0056F9-C17E-4488-B954-ADB34F959B3A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.154/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {3FD6957D-3218-4715-91D8-B29F2216C6C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {54163865-1737-4EA8-9C28-90A721DDE0D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {566383F5-17DA-44FC-8A2A-BAADB3E4A212} - System32\Tasks{53CF22D0-3EE7-48B7-BD6C-7168DB898A79} => C:\Program Files (x86)\R.G. Mechanics\Sherlock Holmes - Crimes & Punishments\Binaries\Win32\Sherlock.exe
Task: {65171AE0-D39C-4997-9578-0CFF294E34F7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {A60324C9-0091-41FC-8230-7723E7B2D3F3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline → No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent → No File <==== ATTENTION
Task: {C8EB2B43-66E8-4B9B-8D4C-A152AD9A5D22} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask → No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDete ctor → No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionF ailureDetector → No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e92 bdcbba985.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e92bd d417cbf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-13 22:30 - 2016-01-22 20:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 19:08 - 2016-01-11 23:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-07 19:51 - 2014-01-21 15:40 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2015-08-09 19:12 - 2016-01-11 23:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-07 19:51 - 2014-01-21 15:40 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2015-08-09 19:15 - 2016-09-07 22:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-09 19:15 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-09 19:15 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-09 19:15 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-09 19:15 - 2016-10-12 20:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-09 19:15 - 2016-10-12 20:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 22:24 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-14 08:43 - 2016-08-04 15:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-10-25 21:03 - 2016-10-20 03:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libgl esv2.dll
2016-10-25 21:03 - 2016-10-20 03:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libeg l.dll
2016-11-08 14:28 - 2016-11-08 14:28 - 17772736 _____ () C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Hamachi2Svc => “”=“Service”
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\Control Panel\Desktop\Wallpaper →
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Everything => “C:\Program Files\Everything\Everything.exe” -startup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EABBA9D4-E344-40FB-81F2-90578285B26B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A475F8A-16A5-4A3F-A551-351DC627F2A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{41636C83-E11B-42AF-96FD-628C2404F856}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B684DCFC-38AC-4E37-8567-AB0980663009}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{37341FD5-4415-49EC-AEB0-8836E601D0B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C50C2720-F72D-41EC-9028-9D27A579A9EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{853E1A05-61B2-4813-A47B-BBDC3A8B7E31}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4CF99375-9035-4A0E-B5A4-720D8068E080}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D53AF12F-8D2D-4E14-B10B-23067C82FFD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89C1FAA6-1328-483C-AE6E-F8A39FC389E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BCEB1250-0335-4A52-81A7-1DD011A2AD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{339E4ABA-3A31-4E10-B472-727453D86293}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{58099B66-9BA9-4FDC-AA57-799C63607202}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3600B1CC-644A-477A-B65A-0B19F0EFCEEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8FE2B021-79B4-4F6D-8C8E-E27F204D57CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D72C723C-E5D2-4C1E-880E-EA3E8E406421}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{54C5E51D-9AF0-47A2-B375-7BB1ABCB701E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D75DEB04-DBB1-4436-8E06-04681E7CEA7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8C2B6CF4-81C2-4045-97C2-4AB9A3688A50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ECDF599A-34ED-420B-A01E-9A55097B22D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EAC5E12-BC66-48AE-AD94-0A459951CEEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{93A85B09-8D23-4CB5-AC84-2C15E2DAFA88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{088ABA83-5AAD-47AC-BC56-3DE2197C4F3A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7FF96640-9968-4352-A753-E6E24516FF7A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{41ABF19E-F29F-426B-B9AD-AC3315DE3DC1}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{33674AA1-83E0-41D7-8929-593512168E70}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{97465708-7074-4DBF-9088-21B683E5615D}] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{A946A26E-B21D-4438-ACE5-D852EDAE5214}] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{7DFF7F32-B9FA-4CFD-8BC5-1BA537550E16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D4AEEBB7-922D-4FBA-9488-2EF4DA78FE86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4233EF31-B7EE-43A7-BAE7-1C0F009958B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{1EDA2A9C-7FD6-4B3F-A968-0AC705942BF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{CCBC7071-3A0D-41D5-9470-9B3253F7F2CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{7012BC43-D0D2-4155-BD64-9CF88139D626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{FC8767E6-02CE-409B-98FA-982FF314188B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{71A02959-C883-46CB-A16D-085F3B067676}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{9DE9221C-6FA2-4DFB-A14E-DA86A2CF4ABD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A684EDC0-ECAA-4FAD-868B-6A4F66D11B9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AFD47621-3B0C-4808-A4B0-65F1C233B559}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3F267FE-94FF-433A-90D3-1FD1D2B54FB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A12F53F9-B2D1-4517-9841-E460F9F455A9}C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [UDP Query User{14B92194-7376-4552-9AE7-B1DB463D082F}C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [{DFD51776-A79B-4A7C-93A4-1D7505FAFFF1}] => (Block) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [{10569745-1285-43C4-A92B-CF065F0C4157}] => (Block) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [{5810F1FA-CA4C-4978-B976-36ACA1A79373}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{31764697-07DF-4759-8DF4-46038C62B3F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{69F0E0F7-3B9D-4F3A-8F38-88C438496DAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Only If\Only If.exe
FirewallRules: [{590D9804-5451-49F2-B34B-AD772EE41CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Only If\Only If.exe
FirewallRules: [{7AB9D7A6-4D58-4C4B-9983-6EE5184E0EAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{F9AA25FA-2D58-42E7-922E-8D78C1C32BD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{87AEE9CC-754E-4924-B12C-C982F398D2BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{BDE0CFED-4B59-4FC1-9517-63917AD1D05F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{0A6E6F29-85FF-42F6-AB2B-6C9B618FFC29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rising Angels -Reborn-\Rising Angels- Reborn.exe
FirewallRules: [{C13EA6A5-1DBA-4F48-BC12-94A8B9922C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rising Angels -Reborn-\Rising Angels- Reborn.exe
FirewallRules: [{55119B61-AA1B-4383-923D-D1A57301B34B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{57ADD03A-31B9-494F-9631-639B3978DC57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A67E6B1B-83F7-49BF-B2FF-D29D878848AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{42F1CE39-ACE2-4136-A75C-738B7DAC77A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FC83353E-7507-40EA-82A6-5F80B1DE8E60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{716EB066-7AA7-4FEC-887A-2112441ED073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{61F21A5C-E14D-460D-8E2F-35CE872C54C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{1ECEC1AD-F31F-4217-A80B-0805D8724255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{3F1E6E11-D6A9-4630-9CA3-61779E3E160F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher .exe
FirewallRules: [{E211EC23-E9AC-479F-960C-040682190522}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher .exe
FirewallRules: [{CAE5ADBB-55B1-4EF9-9252-EF436D79AB15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{F21A109C-A116-438A-9FA0-412964A65B13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{3DCCFE94-507F-41EE-82DE-B432B89930FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frosty Kiss\frosty kiss STEAM BUILD.exe
FirewallRules: [{BCA79526-AAC6-45A6-B669-6A4B1B13CE19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frosty Kiss\frosty kiss STEAM BUILD.exe
FirewallRules: [{2CCA5ABB-954F-4A38-A8B7-236592966CE5}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{DC894DC8-3DDC-4953-9A4C-67FE48F71011}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{E64601B8-9C7F-4133-9ADE-5102DE88A8B5}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{71804E29-B103-4E10-A7A1-84755244AFBB}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{8EB848C9-7AAF-47C8-9B05-A7727B9CD8A0}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{D2D2C3B1-9F83-4C2B-A755-DE8C2AAE215D}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{0F75118A-3A42-4CB0-8995-24D66285E1C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\ Shipping-ThiefGame.exe
FirewallRules: [{E596C66D-259E-4086-8EC9-9EA845DF3C3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\ Shipping-ThiefGame.exe
FirewallRules: [{82A10F8D-4708-4675-BD69-5728080C3458}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4B7BE877-F4DC-43F8-B147-1C30627B7434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{069CEC6F-8F67-434C-9656-E58FE95917BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{D617CF50-E361-4DCC-BB4E-13AA2ECF83B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{7B1E9705-383E-4B13-B3E8-B10094516739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{C3C0DC84-773E-40D8-955C-F0B33AA65A60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voices from the Sea\voices_steam.exe
FirewallRules: [{BA90FDEB-3215-4DC4-8244-CC3CCFF85E46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voices from the Sea\voices_steam.exe
FirewallRules: [{E0B71A0C-FA3C-4AB0-83B3-EC25245D96CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{66E78F9E-7F96-425C-93B6-E3CD0786FBB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{2AA73603-0747-44F6-9768-857D1CA1699A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{E0CE3824-007B-4CCC-AC6D-648B84667183}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{A5BA6D1A-A2EE-401B-8A4A-B8E7A29D22AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{94B8B690-0361-4F9F-B6D8-F02966D538C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64 .exe
FirewallRules: [{94C44AAF-C8C8-4DAD-B231-7A094A3886D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9C7867DC-54FD-435D-B652-D45912EE420F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64 .exe
FirewallRules: [{AD237399-3459-4961-B3E2-E81E428A6880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launch er.exe
FirewallRules: [{1E0F7C0F-7A2F-45B5-AB86-2CC173C528F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Remote CrashSender.exe
FirewallRules: [{D812ADE8-C116-461A-B493-D574D6166FC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{590D3E38-350D-4224-A57B-4E0C8369191E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64 .exe
FirewallRules: [{6770F159-4439-47A6-9040-0C046245F193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{71DC0D44-D470-4E4B-91A5-71DFF8229967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64 .exe
FirewallRules: [{4932A607-E2BA-4733-860B-7212E50AF114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launch er.exe
FirewallRules: [{A36902C3-7B55-4039-85C5-E425821504A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Remote CrashSender.exe
FirewallRules: [{3839C14A-90F8-422B-8BAF-E44F00DB417C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{901C54F5-0046-4FE1-926A-0FA9FF5727A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [TCP Query User{861F97FD-D41A-44AE-9D13-E40C7D41AA8B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C9D3833E-DAAC-44C4-91AD-EF07804D1DB6}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{8CDA9B3D-00E1-4396-B8A3-8393ED3FF090}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{89A11D7B-BB32-4254-9C58-6E8BD172CAA2}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{CBE0F1D0-2850-46C1-BF71-EFC2B5B1F919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\Elisa.exe
FirewallRules: [{74BE8507-5EFC-44DA-9E5C-24D459D44F76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\Elisa.exe
FirewallRules: [{670F6488-FAE9-4976-BFA1-1671DB921FC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{366AEEDE-F93D-4B0F-B476-3F1C6EF9647E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{09EFB749-1259-4172-86A1-27D0A8073096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{1EE70B54-3BFB-44D1-8B1D-68DD2BB466BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{F19E476D-954B-440D-944F-EFA2F9503472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{5AA1F1B9-0C2E-412C-A095-9A5922E04E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{3DC21DD7-A1D1-4F4B-94B4-4E1CE7DFE47C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{CFBA0106-56D4-4A53-8CC7-6C1B951575E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{8F5DB744-D64C-4AD3-8C21-AE5948475AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{B7AA3E8A-6223-45FD-AECA-C4AC02DA9A8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{90CE3D78-C2EB-49A2-97C2-E59F93820AFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity2_dev_cut\Aut orun.exe
FirewallRules: [{993251D2-3D4C-4A32-821F-2B14CC1603BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity2_dev_cut\Aut orun.exe
FirewallRules: [{25F0E80C-6613-4D12-A71E-629A194B4C0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{5835C0C3-E7B6-461A-B79D-B9CC808BFB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{474892C9-E058-4F63-AEE6-64ABC0BD4E5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{9BC149A2-F488-46EC-A1C9-90FB607802E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{C64EE718-8F43-466F-8CB2-47F9A5F156EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\nw.exe
FirewallRules: [{A0706082-28A4-4A88-B699-71FB3D5CF136}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\nw.exe
FirewallRules: [{0ED2787A-0D75-4667-AF26-7E7D2D94C07C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{4E8438D8-8E9E-4D1F-A766-D2CC15DEB70E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{8C537F0B-9105-4336-8382-0EEAACE29148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sams Lost and Found\ScummVM_Windows\scummvm.exe
FirewallRules: [{9BC34AC4-062B-4734-B7C9-609031FD4E25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sams Lost and Found\ScummVM_Windows\scummvm.exe
FirewallRules: [{31A10986-D3EF-4BFF-9EDC-3E80910C2C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{91C84A22-CC66-49C0-861F-5EA3E141C2B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{82A91B30-7540-4667-B72D-454C1AE0104A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{DC8BD131-5F23-493C-916D-2F550D2B366A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F388BABD-B75D-4D47-9BC6-8C8DA364ADA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{8572D910-3E7C-48F9-844D-59CADAA2640E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [TCP Query User{A1405EB6-60AD-4277-85CA-B292EC623FEB}C:\users\swooce\appdata\local\skypepl ugin\pluginhost.exe] => (Allow) C:\users\swooce\appdata\local\skypeplugin\pluginho st.exe
FirewallRules: [UDP Query User{FD23D298-A99C-494D-A109-1792402501F5}C:\users\swooce\appdata\local\skypepl ugin\pluginhost.exe] => (Allow) C:\users\swooce\appdata\local\skypeplugin\pluginho st.exe
FirewallRules: [{BA585661-22FD-49C2-9C88-805D867A0890}] => (Block) C:\users\swooce\appdata\local\skypeplugin\pluginho st.exe
FirewallRules: [{1F541A39-6F1A-4140-90EF-A35BC4136269}] => (Block) C:\users\swooce\appdata\local\skypeplugin\pluginho st.exe
FirewallRules: [{5B599FFE-C30E-4C0E-845C-48175226D51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush .exe
FirewallRules: [{3C7B4D9A-0769-4F5D-BB19-5DAF19A2B16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush .exe
FirewallRules: [{EFB6BA96-5692-484B-9BB8-07D71811D51C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Kimulator.exe
FirewallRules: [{FBA39856-54F6-4E9F-9E78-39E1BBD263FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Kimulator.exe
FirewallRules: [{132F3E3F-74FB-4333-A11E-AAC2ACC2ED43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Multiplayer.exe
FirewallRules: [{3C148A76-C623-4BD3-B4C5-0553CA2F6F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Multiplayer.exe
FirewallRules: [{0CF66273-4DD5-4F0F-8C53-D00AAF163825}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Dreamblaster.exe
FirewallRules: [{4DA341F8-2FBD-45F7-A9D2-5CBDF0FE402D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Dreamblaster.exe
FirewallRules: [{D4AEF046-2F19-4BC8-9ABD-124C905CCD05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\BestMiniGameEver.exe
FirewallRules: [{8D0BCD42-6CA3-45F6-A7AA-21314F3779A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\BestMiniGameEver.exe
FirewallRules: [{97A4E10B-DCCD-48F8-B6E8-71802B0DEDF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{E0393254-CEE0-4F9F-97CF-3160A596D545}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{590975D4-B958-4E9D-BD7C-0E19FE6C8178}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite .exe
FirewallRules: [{88C2232B-1E8F-4CC3-B0D9-E0AA53E826DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite .exe
FirewallRules: [{F32F6A18-D70C-4F6C-9E9F-10D4AA025584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1ADBEA12-3798-43B1-883B-600FC552A451}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{5598004B-9354-466F-B3BE-53CB31110C4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{281550B7-4FEE-4784-9BB5-C0A44A3BF667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C089E0E1-E9A5-4F82-8A83-93518E1F7E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{FB96850F-A349-4D3F-AAF9-4474D7B0CB22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{4CC8E182-0568-420B-8EB9-D3AA3CC0E311}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EA0D0D96-3C4E-49C7-B7EE-401DAE36B53E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boo t.exe
FirewallRules: [{E81C8662-86FB-48B0-B835-0B91FAD2947F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boo t.exe
FirewallRules: [{992B6CC3-D089-4B75-9F2A-1FCD3B999097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonau ts.exe
FirewallRules: [{D0D3C72E-3DA8-4B31-BBB3-B3187A6C6F78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonau ts.exe
==================== Restore Points =========================
03-11-2016 15:30:23 Windows Update
06-11-2016 19:08:57 Windows Update
08-11-2016 23:15:58 Removed Traffic Exchange
08-11-2016 23:16:23 Removed Online.io Application
08-11-2016 23:17:01 Removed Traffic Exchange
08-11-2016 23:17:56 Removed Online.io Application
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (11/09/2016 10:44:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/09/2016 10:44:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/09/2016 10:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 E.8.6.2.4.B.D.A.C.6.F.7.1.6.D.D.0.0.0.0.0.0.0.0.0. 0.0.0.0.8.E.F.ip6.arpa. PTR GPC-2.local.
Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 25.138.16.2:5353 11 E.8.6.2.4.B.D.A.C.6.F.7.1.6.D.D.0.0.0.0.0.0.0.0.0. 0.0.0.0.8.E.F.ip6.arpa. PTR GPC.local.
Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 2.0.0.1.A.8.9.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.B. 9.0.0.0.2.6.2.ip6.arpa. PTR GPC-2.local.
Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 25.138.16.2:5353 11 2.0.0.1.A.8.9.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.B. 9.0.0.0.2.6.2.ip6.arpa. PTR GPC.local.
Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 2.16.138.25.in-addr.arpa. PTR GPC-2.local.
Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 25.138.16.2:5353 11 2.16.138.25.in-addr.arpa. PTR GPC.local.
Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 3.B.6.5.D.1.1.5.E.D.1.5.E.D.C.6.0.0.0.0.0.0.0.0.0. 0.0.0.0.8.E.F.ip6.arpa. PTR GPC-2.local.
[HEADING=1]System errors:[/HEADING]
Error: (11/09/2016 02:46:18 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Kovter.A!cl
ID: 2147711000
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Swooce\AppData\Local\Temp\cubecc.ex e
Detection Origin: Local machine
Detection Type: Dynamic Signature
Detection Source: Real-Time Protection
User: NT AUTHORITY\SYSTEM
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x8007054f
Error description: An internal error occurred.
Signature Version: AV: 1.231.1520.0, AS: 1.231.1520.0, NIS: 116.65.0.0
Engine Version: AM: 1.1.13202.0, NIS: 2.1.12706.0
Error: (11/09/2016 10:46:51 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Kovter.A!cl
ID: 2147711000
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Swooce\AppData\Local\Temp\cubecc.ex e
Detection Origin: Local machine
Detection Type: Dynamic Signature
Detection Source: System
User: NT AUTHORITY\SYSTEM
Process Name: Unknown
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x8007054f
Error description: An internal error occurred.
Signature Version: AV: 1.231.1520.0, AS: 1.231.1520.0, NIS: 116.65.0.0
Engine Version: AM: 1.1.13202.0, NIS: 2.1.12706.0
Error: (11/09/2016 10:40:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/09/2016 10:38:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/09/2016 10:37:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (11/09/2016 10:37:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (11/09/2016 10:37:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (11/09/2016 10:37:17 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “” in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (11/09/2016 10:37:17 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “” in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (11/09/2016 10:37:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1084” attempting to start the service EventSystem with arguments “” in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2016-07-30 15:00:18.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 15:00:18.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 15:00:18.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 15:00:18.663
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 15:00:18.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 14:53:05.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 14:53:05.907
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 14:53:05.841
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 14:53:05.792
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-30 14:53:05.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.d ll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 46%
Total physical RAM: 8164.38 MB
Available physical RAM: 4333.95 MB
Total Virtual: 16326.94 MB
Available Virtual: 11905.72 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:598.64 GB) NTFS
Drive d: (OS) (Fixed) (Total:186.3 GB) (Free:15.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATA) (Fixed) (Total:254.46 GB) (Free:131.85 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:465.56 GB) NTFS
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (Size: 465.8 GB) (Disk ID: 00059AE6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
================================================== ======
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 496B9619)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254.5 GB) - (Type=07 NTFS)
================================================== ======
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AC7BEE94)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================Comment
-
I see that you have µTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appeciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.
ZHP Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.- Once you have started the program, you will need to click the scanner button.
[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]
The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]
At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
Zoek Scan
Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.
createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;
Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.
Comment
-
Malnutrition Do I need to run both scans or only one? Ive downloaded multiple scanners already and just curious about thatComment
-
Please run both of these, and I am in the process of making a script fix with FRST, when you have completed the two scans. These two scanners are a bit more aggressive than the ones you have run previously.Comment
-
Do I need to take any precautions before i turn off antivirus? Such as puting my computer on safe mode?Comment
-
No, while you run these scans your machine will be fine; so long as you are not going to download and execute any new files, you will be OK.Comment
-
Also, once you have ran the two scans listed and posted the result, I will post the FRST fix that I have now had time to write for you. After this your issue should be resolved, but there are a few other things to take care of on your machine, such as outdated programs… etc. All of which we will take care of in the course of this thread.Comment
-
This might be silly but how do i disable the antivirus? I have MS Security Essentials?Comment
-
Not silly, no one person can know all there is to know about a computer. You can disable it by clicking here for instructions.Comment
-
If you have any issues trying to disable it, then I suggest that you remove it with Geek Uninstaller then re-install it after you have completed this thread.Comment
-
So I did run both but the search engine is still popping upComment
-
You need to post the logs they saved so we can review them Mal is still working on your fix, which is necessary to alleviate your symptoms. Trovi is hard to get rid of, but we’ll eliminate it and you’ll be safe once again
While we’re waiting for him, go ahead and run JRT for me
Please go HERE and download it to your DESKTOP.
Before running JRT ensure your antivirus, and any other security software is disabled, if you are unsure how to do this please ask. Also close browsers and other applications before running this tool.
Should you receive any User Account Control (UAC) when starting JRT you can safely allow it.
Right click the JRT desktop icon [MEDIA=imgur]fam7djI[/MEDIA] and select “run as administrator” from the menu, for XP users just double click the icon. JRT will open with a simple interface, and ask to press any keyboard key to continue. Please do so.
[MEDIA=imgur]B7AebVQ[/MEDIA]
Depending on the amount of data on your computer JRT may take some time to complete the scan. When JRT finishes a .txt file will be saved and displayed on your desktop, please COPY and PASTE the contents of this file in your next post
Comment
-
Zemana Scan
Run a full scan with Zemana AntiMalware!
Install and select deep scan.
[MEDIA=imgur]jdmyscF[/MEDIA]
Remove any infections found.
Then click on the icon in the pic below.
[MEDIA=imgur]DOLGyto[/MEDIA]
Double click on the scan log, copy and paste here in your reply
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Comment
Comment