Closed/Inactive Unwanted search engine searchprivacy.co

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
Hi there recently I was downloading torrents but it gave me this search virus, searchprivacy.co. I've looked at videos saying how to take it off but those don't seem to work. I've run Malwarebytes and ADWcleaner and reset Chrome settings but its still popping up when I try to search something. I have also deleted all the possible search engines and set pages on startup except the one I use. Does anyone have any insight as to what other options I could do?
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,165
501
PCHF Bunker
pchelpforum.net
Hi there Gweetar and welcome to PCHF :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team.

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below (Note that it may seem like the scan is frozen or stuck at times. It is not stuck. Please let it finish)


Note: Do not take action against any **Rootkit** entries until we have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop.


  • Copy and paste the contents of aswMBR.txt in your post for review by our Security Team.
 
  • Like
Reactions: Malnutrition

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
Alright here it is.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Swooce (administrator) on GPC (09-11-2016 16:29:37)
Running from C:\Users\Swooce\Downloads
Loaded Profiles: Swooce (Available Profiles: Swooce)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1860120 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{E06FC51A-26A9-4684-9913-79C54B0693C5}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3488453458-2430756528-1590804681-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Swooce\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3488453458-2430756528-1590804681-1000: SkypePlugin -> C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi.dll [2016-09-01] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3488453458-2430756528-1590804681-1000: SkypePlugin64 -> C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi-x64.dll [2016-09-01] (Skype Technologies S.A.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3311767&octid=EB_ORIGINAL_CTID&ISID=MCC9AB844-F8D6-498F-BD84-98601820C81A&SearchSource=55&CUI=&UM=6&UP=SPA6417127-305C-4B91-8B4A-DF2B6AB20EC7&SSPV=
CHR StartupUrls: Default -> "chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html"
CHR Profile: C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default [2016-11-09]
CHR Extension: (Google Slides) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-09]
CHR Extension: (Google Docs) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Skype Calling) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-08-12]
CHR Extension: (YouTube) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-06-02]
CHR Extension: (Google Search) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-08]
CHR Extension: (Speed Dial 2) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-05-30]
CHR Extension: (Ponify) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpjljegae [2015-08-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-15]
CHR Extension: (Search-Privacy.club) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcmlbbokmmghcjldembpnhfapencced [2016-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (4chan X) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2016-11-09]
CHR Extension: (Gmail) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [229152 2016-06-28] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2621448 2016-09-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-08-31] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-09 16:29 - 2016-11-09 16:30 - 00016462 _____ C:\Users\Swooce\Downloads\FRST.txt
2016-11-09 16:28 - 2016-11-09 16:29 - 00000000 ____D C:\FRST
2016-11-09 16:24 - 2016-11-09 16:25 - 02410496 _____ (Farbar) C:\Users\Swooce\Downloads\FRST64.exe
2016-11-09 10:27 - 2016-11-09 10:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-09 10:27 - 2016-11-09 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-09 10:27 - 2016-11-09 10:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-09 10:27 - 2016-11-09 10:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-09 10:27 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-09 10:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-09 10:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-09 10:21 - 2016-11-09 10:27 - 00000000 ____D C:\AdwCleaner
2016-11-09 10:21 - 2016-11-09 10:21 - 22851472 _____ (Malwarebytes ) C:\Users\Swooce\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-09 10:20 - 2016-11-09 10:20 - 03910208 _____ C:\Users\Swooce\Downloads\AdwCleaner.exe
2016-11-09 10:15 - 2016-11-09 10:15 - 00000000 ____D C:\Windows\pss
2016-11-08 23:09 - 2016-11-08 23:15 - 00000000 ____D C:\Windows\system32\SSL
2016-11-08 23:09 - 2016-11-08 23:09 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\c
2016-11-08 23:03 - 2016-11-08 23:03 - 00000000 ____D C:\Users\Swooce\Downloads\Minecraft 1 9 5 Cracked - P2P
2016-11-08 23:02 - 2016-11-08 23:02 - 00000000 ____D C:\Users\Swooce\AppData\LocalLow\uTorrent
2016-11-08 05:07 - 2016-11-08 05:07 - 01914038 _____ C:\Windows\345b373d6c15734d8a7cece5f8fbc403.exe
2016-11-04 19:13 - 2016-11-04 19:13 - 04884125 _____ C:\Users\Swooce\Downloads\Glowing Ore Veins 300 2_00-193-1.rar
2016-10-31 08:17 - 2016-10-31 08:18 - 55098406 _____ C:\Users\Swooce\Downloads\Nude Females v1-5-70-1-5.7z
2016-10-31 08:07 - 2016-10-31 08:07 - 00033644 _____ C:\Users\Swooce\Downloads\Semi-Erect.7z
2016-10-31 00:47 - 2016-10-31 00:48 - 31208541 _____ C:\Users\Swooce\Downloads\SOS - Schlongs of Skyrim - 2.05.041.7z
2016-10-28 21:53 - 2016-10-30 21:55 - 00000000 ____D C:\Users\Swooce\Downloads\Skyrim Mods
2016-10-28 14:05 - 2016-10-28 14:05 - 00033958 _____ C:\Users\Swooce\Downloads\Vendor Sale Delay v2-0-34224-2-0.rar
2016-10-28 09:16 - 2016-10-28 09:16 - 00000000 ____D C:\Games
2016-10-27 22:57 - 2016-10-28 09:25 - 00000000 ____D C:\Users\Swooce\Documents\Nexus Mod Manager
2016-10-27 22:57 - 2016-10-28 09:09 - 00000000 ____D C:\Users\Swooce\AppData\Local\Black_Tree_Gaming
2016-10-27 22:57 - 2016-10-27 22:57 - 00000000 ____D C:\Users\Swooce\Desktop\Nexus Mod Manager
2016-10-27 22:56 - 2016-10-27 22:56 - 06450488 _____ (Black Tree Gaming ) C:\Users\Swooce\Downloads\Nexus Mod Manager-0.63.2.exe
2016-10-16 16:13 - 2016-10-16 16:13 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\runic games
2016-10-12 17:22 - 2016-09-30 15:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 17:22 - 2016-09-30 14:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 17:22 - 2016-09-30 10:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 17:22 - 2016-09-30 10:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 17:22 - 2016-09-30 10:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 17:22 - 2016-09-30 02:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 17:22 - 2016-09-30 01:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 17:22 - 2016-09-30 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 17:22 - 2016-09-30 01:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 17:22 - 2016-09-30 01:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 17:22 - 2016-09-30 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 17:22 - 2016-09-30 01:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 17:22 - 2016-09-30 01:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 17:22 - 2016-09-30 01:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 17:22 - 2016-09-30 01:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 17:22 - 2016-09-30 01:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 17:22 - 2016-09-30 01:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 17:22 - 2016-09-30 01:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 17:22 - 2016-09-30 01:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 17:22 - 2016-09-30 01:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 17:22 - 2016-09-30 01:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 17:22 - 2016-09-30 00:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 17:22 - 2016-09-30 00:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 17:22 - 2016-09-30 00:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 17:22 - 2016-09-30 00:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 17:22 - 2016-09-30 00:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 17:22 - 2016-09-30 00:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 17:22 - 2016-09-30 00:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 17:22 - 2016-09-30 00:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 17:22 - 2016-09-30 00:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 17:22 - 2016-09-30 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 17:22 - 2016-09-30 00:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 17:22 - 2016-09-30 00:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 17:22 - 2016-09-30 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 17:22 - 2016-09-30 00:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 17:22 - 2016-09-30 00:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 17:22 - 2016-09-30 00:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 17:22 - 2016-09-30 00:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 17:22 - 2016-09-30 00:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 17:22 - 2016-09-30 00:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 17:22 - 2016-09-30 00:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 17:22 - 2016-09-30 00:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 17:22 - 2016-09-30 00:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 17:22 - 2016-09-30 00:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 17:22 - 2016-09-30 00:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 17:22 - 2016-09-30 00:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 17:22 - 2016-09-30 00:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 17:22 - 2016-09-30 00:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 17:22 - 2016-09-30 00:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 17:22 - 2016-09-30 00:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 17:22 - 2016-09-30 00:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 17:22 - 2016-09-30 00:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 17:22 - 2016-09-30 00:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 17:22 - 2016-09-30 00:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 17:22 - 2016-09-30 00:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 17:22 - 2016-09-30 00:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 17:22 - 2016-09-30 00:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 17:22 - 2016-09-30 00:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 17:22 - 2016-09-30 00:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 17:22 - 2016-09-29 23:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 17:22 - 2016-09-29 23:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 17:22 - 2016-09-29 23:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 17:22 - 2016-09-29 23:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 17:22 - 2016-09-15 10:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 17:22 - 2016-09-15 10:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 17:22 - 2016-09-15 10:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 17:22 - 2016-09-15 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 17:22 - 2016-09-12 16:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 17:22 - 2016-09-12 16:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 17:22 - 2016-09-12 16:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 17:22 - 2016-09-12 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 17:22 - 2016-09-12 15:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 17:22 - 2016-09-12 15:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 17:22 - 2016-09-12 15:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 17:22 - 2016-09-12 15:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 17:22 - 2016-09-12 15:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 17:22 - 2016-09-12 15:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 17:22 - 2016-09-12 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 17:22 - 2016-09-12 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 17:22 - 2016-09-12 15:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 17:22 - 2016-09-12 14:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 17:22 - 2016-09-12 13:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 17:22 - 2016-09-12 13:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 17:22 - 2016-09-10 11:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 17:22 - 2016-09-10 10:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 17:22 - 2016-09-09 13:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 17:22 - 2016-09-09 13:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 17:22 - 2016-09-09 13:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 13:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 17:22 - 2016-09-09 13:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 17:22 - 2016-09-09 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 17:22 - 2016-09-09 12:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 17:22 - 2016-09-09 12:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 17:22 - 2016-09-09 12:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 17:22 - 2016-09-09 12:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 17:22 - 2016-09-09 12:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 17:22 - 2016-09-09 12:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 17:22 - 2016-09-09 12:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 17:22 - 2016-09-09 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 17:22 - 2016-09-09 12:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 17:22 - 2016-09-09 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 17:22 - 2016-09-08 15:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 17:22 - 2016-09-08 09:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 17:22 - 2016-09-08 09:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 17:22 - 2016-08-12 12:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 17:22 - 2016-08-12 12:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 17:22 - 2016-08-12 12:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 17:22 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 17:22 - 2016-08-12 12:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 17:22 - 2016-08-12 11:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-12 17:22 - 2016-08-12 11:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-12 17:22 - 2016-08-12 11:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-12 17:22 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-12 17:22 - 2016-08-12 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-12 17:22 - 2016-08-12 11:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 17:22 - 2016-08-06 10:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-12 17:22 - 2016-08-06 10:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-12 17:22 - 2016-08-06 10:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 17:22 - 2016-08-06 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 17:22 - 2016-08-06 09:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-12 17:22 - 2016-08-06 09:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-12 17:22 - 2016-08-06 09:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-12 17:22 - 2016-06-14 12:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 17:22 - 2016-06-14 12:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 17:22 - 2016-06-14 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 17:22 - 2016-06-14 12:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 17:22 - 2016-06-14 10:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-12 17:22 - 2016-06-14 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-12 17:22 - 2016-06-14 10:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 17:22 - 2016-06-14 10:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 17:22 - 2016-06-14 10:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 17:22 - 2016-06-14 10:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-12 17:22 - 2016-06-14 10:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-12 17:22 - 2016-06-14 10:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 17:22 - 2016-06-14 10:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 17:21 - 2016-07-22 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 17:21 - 2016-07-22 09:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-09 16:08 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-09 16:08 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 16:02 - 2016-07-28 18:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e92bdd417cbf.job
2016-11-09 10:51 - 2015-08-09 19:02 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-09 10:44 - 2009-07-14 00:13 - 00006214 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-09 10:39 - 2015-08-12 14:18 - 00000000 ____D C:\Users\Swooce\AppData\Local\LogMeIn Hamachi
2016-11-09 10:39 - 2015-08-09 19:14 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\Skype
2016-11-09 10:38 - 2016-07-28 18:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e92bdcbba985.job
2016-11-09 10:38 - 2015-12-13 22:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-09 10:38 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-09 10:15 - 2015-08-09 19:02 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\Everything
2016-11-08 23:21 - 2016-03-03 10:18 - 00000000 ____D C:\Users\Swooce\AppData\Local\CrashDumps
2016-11-08 23:21 - 2016-02-04 10:35 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\uTorrent
2016-11-08 23:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-08 23:13 - 2015-08-09 19:01 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-08 00:37 - 2016-06-15 15:57 - 00000000 ____D C:\Users\Swooce\AppData\Local\Battle.net
2016-11-07 21:37 - 2016-06-15 15:59 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-07 21:36 - 2016-06-15 15:56 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-06 23:23 - 2016-02-02 22:09 - 00039307 _____ C:\Users\Swooce\Desktop\SL-9.odt
2016-11-05 12:03 - 2015-08-09 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-10-30 21:23 - 2015-08-09 19:01 - 00000000 ____D C:\Users\Swooce\AppData\Local\Google
2016-10-28 09:12 - 2015-08-17 09:09 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-27 22:59 - 2015-12-29 20:19 - 00000000 ____D C:\Users\Swooce\AppData\Local\Skyrim
2016-10-27 20:22 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-26 07:47 - 2016-02-04 10:49 - 00000000 ____D C:\Users\Swooce\AppData\Local\UNDERTALE
2016-10-25 21:04 - 2015-08-09 19:02 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-21 13:36 - 2016-01-05 19:41 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\vlc
2016-10-20 12:04 - 2015-08-09 21:54 - 00000000 ____D C:\Users\Swooce\AppData\Roaming\.minecraft
2016-10-20 11:59 - 2015-08-09 21:54 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-10-16 16:13 - 2013-06-18 12:25 - 00000000 ____D C:\Users\Swooce\Desktop\Torchlight
2016-10-14 13:16 - 2011-12-26 05:29 - 00000000 ____D C:\Users\Swooce\Desktop\Fate
2016-10-13 13:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-10-12 20:33 - 2009-07-13 23:45 - 00295232 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 20:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-12 20:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-12 20:28 - 2015-08-09 23:12 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 20:24 - 2015-08-09 23:12 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2016-07-02 13:40 - 2016-07-02 13:40 - 0001475 _____ () C:\Users\Swooce\AppData\Local\recently-used.xbel
2015-12-28 14:35 - 2015-12-28 14:35 - 0007605 _____ () C:\Users\Swooce\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Swooce\AppData\Local\Temp\ati_upd.dll
C:\Users\Swooce\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Swooce\AppData\Local\Temp\cpa.exe
C:\Users\Swooce\AppData\Local\Temp\cubecc.exe
C:\Users\Swooce\AppData\Local\Temp\dxdiag.exe
C:\Users\Swooce\AppData\Local\Temp\Newtonsoft.Json.dll
C:\Users\Swooce\AppData\Local\Temp\NLog.dll
C:\Users\Swooce\AppData\Local\Temp\startIT.exe
C:\Users\Swooce\AppData\Local\Temp\wait.exe
C:\Users\Swooce\AppData\Local\Temp\WindowService.Lib.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-04 18:40

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016

Ran by Swooce (09-11-2016 16:30:58)
Running from C:\Users\Swooce\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-10 10:52:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3488453458-2430756528-1590804681-500 - Administrator - Disabled)
Guest (S-1-5-21-3488453458-2430756528-1590804681-501 - Limited - Disabled)
Swooce (S-1-5-21-3488453458-2430756528-1590804681-1000 - Administrator - Enabled) => C:\Users\Swooce

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
100% Orange Juice (HKLM\...\Steam App 282800) (Version: - Orange_Juice)
4K YouTube to MP3 2.12 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 2.12.0.1585 - Open Media LLC)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlerite (HKLM\...\Steam App 504370) (Version: - Stunlock Studios)
BioShock Remastered (HKLM\...\Steam App 409710) (Version: - 2K Boston)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Crush Crush (HKLM\...\Steam App 459820) (Version: - Sad Panda Studios)
Crypt of the NecroDancer (HKLM\...\Steam App 247080) (Version: - Brace Yourself Games)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version: - FromSoftware)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Desura (HKLM-x32\...\Desura) (Version: 100.64 - Desura)
Desura: Sleepless Night (HKLM-x32\...\Desura_79057463017504) (Version: Full - Massimow)
Deus Ex: Game of the Year Edition (HKLM\...\Steam App 6910) (Version: - Ion Storm)
Divinity II: Developer's Cut (HKLM\...\Steam App 219780) (Version: - Larian Studios)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
Elisa: The Innkeeper - Prequel (HKLM\...\Steam App 472680) (Version: - Neoclassic Games)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Everlasting Summer (HKLM-x32\...\Steam App 331470) (Version: - Soviet Games)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Frosty Kiss (HKLM-x32\...\Steam App 431540) (Version: - 2Chance Projects)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\{C529D155-657E-35C0-8A38-95AE8B671B9A}) (Version: 54.0.2840.71 - Google, Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HuniePop (HKLM\...\Steam App 339800) (Version: - HuniePot)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche Studios)
Kimulator : Fight for your destiny (HKLM\...\Steam App 475430) (Version: - Bmc Studio)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.519 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.519 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mumble 1.2.12 (HKLM-x32\...\{F726A594-D506-4CE4-813C-5A260A243620}) (Version: 1.2.12 - Thorvald Natvig)
NEKOPARA Vol. 1 (HKLM-x32\...\Steam App 333600) (Version: - NEKO WORKs)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Only If (HKLM-x32\...\Steam App 298260) (Version: - Creability)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
Pajama Sam 2: Thunder and Lightning Aren't So Frightening (HKLM\...\Steam App 292780) (Version: - Humongous Entertainment)
Pajama Sam in No Need to Hide When It's Dark Outside (HKLM\...\Steam App 283960) (Version: - Humongous Entertainment)
Pajama Sam's Lost & Found (HKLM\...\Steam App 292860) (Version: - Humongous Entertainment)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Psychonauts (HKLM\...\Steam App 3830) (Version: - Double Fine Productions)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Rising Angels: Reborn (HKLM-x32\...\Steam App 321840) (Version: - IDHAS Studios)
Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
Seduce Me the Otome (HKLM-x32\...\Steam App 367120) (Version: - Michaela Laws)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{D116C78B-2A53-4BF9-A089-5BE0E132C10C}) (Version: 7.25.0.32 - Skype Technologies S.A.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spiral Knights (HKLM\...\Steam App 99900) (Version: - Grey Havens)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Starless Nymphomaniacs' Paradise (HKLM-x32\...\Starless Nymphomaniacs' Paradise1.0) (Version: 1.0 - JAST USA)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims 3 (HKLM-x32\...\The Sims 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Galfimbul)
The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe)
Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal)
TP-LINK TL-WDN3800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
Viridi (HKLM\...\Steam App 375950) (Version: - Ice Water Games)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Voices from the Sea (HKLM\...\Steam App 348620) (Version: - Zeiva Inc)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WinDirStat 1.1.2 (HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\...\WinDirStat) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3488453458-2430756528-1590804681-1000_Classes\CLSID\{1233A989-8A71-4FED-9712-C4F07707E209}\InprocServer32 -> C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.32\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3488453458-2430756528-1590804681-1000_Classes\CLSID\{13C484D6-AD2C-46D9-9581-1E03CBED164C}\localserver32 -> C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.32\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3488453458-2430756528-1590804681-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Swooce\AppData\Local\SkypePlugin\7.25.0.32\EdgeCalling.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0801BFC4-EB56-4921-A947-D8B84AE0C0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0A555D4C-E0B4-4F43-A137-9CA99954B25A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92bdcbba985 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0DD1E731-0246-4AA9-B9D7-89B580A58510} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2A1D1BD6-FD9D-4162-B1C8-FDD6CF29B6A5} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92bdd417cbf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {30FBEED8-3FEE-45F6-B002-6347CA6C29FE} - System32\Tasks\{EE0056F9-C17E-4488-B954-ADB34F959B3A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.154/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {3FD6957D-3218-4715-91D8-B29F2216C6C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {54163865-1737-4EA8-9C28-90A721DDE0D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {566383F5-17DA-44FC-8A2A-BAADB3E4A212} - System32\Tasks\{53CF22D0-3EE7-48B7-BD6C-7168DB898A79} => C:\Program Files (x86)\R.G. Mechanics\Sherlock Holmes - Crimes & Punishments\Binaries\Win32\Sherlock.exe
Task: {65171AE0-D39C-4997-9578-0CFF294E34F7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {A60324C9-0091-41FC-8230-7723E7B2D3F3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C8EB2B43-66E8-4B9B-8D4C-A152AD9A5D22} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e92bdcbba985.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e92bdd417cbf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-13 22:30 - 2016-01-22 20:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 19:08 - 2016-01-11 23:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-07 19:51 - 2014-01-21 15:40 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2015-08-09 19:12 - 2016-01-11 23:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-07 19:51 - 2014-01-21 15:40 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2015-08-09 19:15 - 2016-09-07 22:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-09 19:15 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-09 19:15 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-09 19:15 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-09 19:15 - 2016-10-12 20:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-09 19:15 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-09 19:15 - 2016-10-12 20:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 22:24 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-14 08:43 - 2016-08-04 15:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-10-25 21:03 - 2016-10-20 03:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 21:03 - 2016-10-20 03:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-11-08 14:28 - 2016-11-08 14:28 - 17772736 _____ () C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3488453458-2430756528-1590804681-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Everything => "C:\Program Files\Everything\Everything.exe" -startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EABBA9D4-E344-40FB-81F2-90578285B26B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A475F8A-16A5-4A3F-A551-351DC627F2A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{41636C83-E11B-42AF-96FD-628C2404F856}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B684DCFC-38AC-4E37-8567-AB0980663009}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{37341FD5-4415-49EC-AEB0-8836E601D0B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C50C2720-F72D-41EC-9028-9D27A579A9EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{853E1A05-61B2-4813-A47B-BBDC3A8B7E31}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4CF99375-9035-4A0E-B5A4-720D8068E080}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D53AF12F-8D2D-4E14-B10B-23067C82FFD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89C1FAA6-1328-483C-AE6E-F8A39FC389E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BCEB1250-0335-4A52-81A7-1DD011A2AD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{339E4ABA-3A31-4E10-B472-727453D86293}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{58099B66-9BA9-4FDC-AA57-799C63607202}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3600B1CC-644A-477A-B65A-0B19F0EFCEEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8FE2B021-79B4-4F6D-8C8E-E27F204D57CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D72C723C-E5D2-4C1E-880E-EA3E8E406421}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{54C5E51D-9AF0-47A2-B375-7BB1ABCB701E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D75DEB04-DBB1-4436-8E06-04681E7CEA7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8C2B6CF4-81C2-4045-97C2-4AB9A3688A50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ECDF599A-34ED-420B-A01E-9A55097B22D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EAC5E12-BC66-48AE-AD94-0A459951CEEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{93A85B09-8D23-4CB5-AC84-2C15E2DAFA88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{088ABA83-5AAD-47AC-BC56-3DE2197C4F3A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7FF96640-9968-4352-A753-E6E24516FF7A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{41ABF19E-F29F-426B-B9AD-AC3315DE3DC1}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{33674AA1-83E0-41D7-8929-593512168E70}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{97465708-7074-4DBF-9088-21B683E5615D}] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{A946A26E-B21D-4438-ACE5-D852EDAE5214}] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{7DFF7F32-B9FA-4CFD-8BC5-1BA537550E16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D4AEEBB7-922D-4FBA-9488-2EF4DA78FE86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4233EF31-B7EE-43A7-BAE7-1C0F009958B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{1EDA2A9C-7FD6-4B3F-A968-0AC705942BF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{CCBC7071-3A0D-41D5-9470-9B3253F7F2CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{7012BC43-D0D2-4155-BD64-9CF88139D626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{FC8767E6-02CE-409B-98FA-982FF314188B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{71A02959-C883-46CB-A16D-085F3B067676}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{9DE9221C-6FA2-4DFB-A14E-DA86A2CF4ABD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A684EDC0-ECAA-4FAD-868B-6A4F66D11B9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AFD47621-3B0C-4808-A4B0-65F1C233B559}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3F267FE-94FF-433A-90D3-1FD1D2B54FB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A12F53F9-B2D1-4517-9841-E460F9F455A9}C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [UDP Query User{14B92194-7376-4552-9AE7-B1DB463D082F}C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [{DFD51776-A79B-4A7C-93A4-1D7505FAFFF1}] => (Block) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [{10569745-1285-43C4-A92B-CF065F0C4157}] => (Block) C:\program files (x86)\steam\steamapps\common\sonic & all-stars racing transformed\asn_app_pcdx9_final.exe
FirewallRules: [{5810F1FA-CA4C-4978-B976-36ACA1A79373}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{31764697-07DF-4759-8DF4-46038C62B3F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{69F0E0F7-3B9D-4F3A-8F38-88C438496DAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Only If\Only If.exe
FirewallRules: [{590D9804-5451-49F2-B34B-AD772EE41CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Only If\Only If.exe
FirewallRules: [{7AB9D7A6-4D58-4C4B-9983-6EE5184E0EAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{F9AA25FA-2D58-42E7-922E-8D78C1C32BD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{87AEE9CC-754E-4924-B12C-C982F398D2BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{BDE0CFED-4B59-4FC1-9517-63917AD1D05F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{0A6E6F29-85FF-42F6-AB2B-6C9B618FFC29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rising Angels -Reborn-\Rising Angels- Reborn.exe
FirewallRules: [{C13EA6A5-1DBA-4F48-BC12-94A8B9922C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rising Angels -Reborn-\Rising Angels- Reborn.exe
FirewallRules: [{55119B61-AA1B-4383-923D-D1A57301B34B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{57ADD03A-31B9-494F-9631-639B3978DC57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A67E6B1B-83F7-49BF-B2FF-D29D878848AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{42F1CE39-ACE2-4136-A75C-738B7DAC77A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FC83353E-7507-40EA-82A6-5F80B1DE8E60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{716EB066-7AA7-4FEC-887A-2112441ED073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{61F21A5C-E14D-460D-8E2F-35CE872C54C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{1ECEC1AD-F31F-4217-A80B-0805D8724255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{3F1E6E11-D6A9-4630-9CA3-61779E3E160F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E211EC23-E9AC-479F-960C-040682190522}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{CAE5ADBB-55B1-4EF9-9252-EF436D79AB15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{F21A109C-A116-438A-9FA0-412964A65B13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{3DCCFE94-507F-41EE-82DE-B432B89930FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frosty Kiss\frosty kiss STEAM BUILD.exe
FirewallRules: [{BCA79526-AAC6-45A6-B669-6A4B1B13CE19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frosty Kiss\frosty kiss STEAM BUILD.exe
FirewallRules: [{2CCA5ABB-954F-4A38-A8B7-236592966CE5}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC894DC8-3DDC-4953-9A4C-67FE48F71011}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E64601B8-9C7F-4133-9ADE-5102DE88A8B5}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71804E29-B103-4E10-A7A1-84755244AFBB}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8EB848C9-7AAF-47C8-9B05-A7727B9CD8A0}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D2D2C3B1-9F83-4C2B-A755-DE8C2AAE215D}] => (Allow) C:\Users\Swooce\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F75118A-3A42-4CB0-8995-24D66285E1C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{E596C66D-259E-4086-8EC9-9EA845DF3C3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{82A10F8D-4708-4675-BD69-5728080C3458}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4B7BE877-F4DC-43F8-B147-1C30627B7434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{069CEC6F-8F67-434C-9656-E58FE95917BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{D617CF50-E361-4DCC-BB4E-13AA2ECF83B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{7B1E9705-383E-4B13-B3E8-B10094516739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{C3C0DC84-773E-40D8-955C-F0B33AA65A60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voices from the Sea\voices_steam.exe
FirewallRules: [{BA90FDEB-3215-4DC4-8244-CC3CCFF85E46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voices from the Sea\voices_steam.exe
FirewallRules: [{E0B71A0C-FA3C-4AB0-83B3-EC25245D96CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{66E78F9E-7F96-425C-93B6-E3CD0786FBB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viridi\Viridi.exe
FirewallRules: [{2AA73603-0747-44F6-9768-857D1CA1699A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{E0CE3824-007B-4CCC-AC6D-648B84667183}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{A5BA6D1A-A2EE-401B-8A4A-B8E7A29D22AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{94B8B690-0361-4F9F-B6D8-F02966D538C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{94C44AAF-C8C8-4DAD-B231-7A094A3886D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9C7867DC-54FD-435D-B652-D45912EE420F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{AD237399-3459-4961-B3E2-E81E428A6880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{1E0F7C0F-7A2F-45B5-AB86-2CC173C528F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{D812ADE8-C116-461A-B493-D574D6166FC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{590D3E38-350D-4224-A57B-4E0C8369191E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6770F159-4439-47A6-9040-0C046245F193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{71DC0D44-D470-4E4B-91A5-71DFF8229967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4932A607-E2BA-4733-860B-7212E50AF114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{A36902C3-7B55-4039-85C5-E425821504A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{3839C14A-90F8-422B-8BAF-E44F00DB417C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [{901C54F5-0046-4FE1-926A-0FA9FF5727A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\100 Orange Juice\100orange.exe
FirewallRules: [TCP Query User{861F97FD-D41A-44AE-9D13-E40C7D41AA8B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C9D3833E-DAAC-44C4-91AD-EF07804D1DB6}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{8CDA9B3D-00E1-4396-B8A3-8393ED3FF090}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{89A11D7B-BB32-4254-9C58-6E8BD172CAA2}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{CBE0F1D0-2850-46C1-BF71-EFC2B5B1F919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\Elisa.exe
FirewallRules: [{74BE8507-5EFC-44DA-9E5C-24D459D44F76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\Elisa.exe
FirewallRules: [{670F6488-FAE9-4976-BFA1-1671DB921FC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{366AEEDE-F93D-4B0F-B476-3F1C6EF9647E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{09EFB749-1259-4172-86A1-27D0A8073096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{1EE70B54-3BFB-44D1-8B1D-68DD2BB466BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 1\ScummVM_Windows\scummvm.exe
FirewallRules: [{F19E476D-954B-440D-944F-EFA2F9503472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{5AA1F1B9-0C2E-412C-A095-9A5922E04E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sam 2\ScummVM_Windows\scummvm.exe
FirewallRules: [{3DC21DD7-A1D1-4F4B-94B4-4E1CE7DFE47C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{CFBA0106-56D4-4A53-8CC7-6C1B951575E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{8F5DB744-D64C-4AD3-8C21-AE5948475AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{B7AA3E8A-6223-45FD-AECA-C4AC02DA9A8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{90CE3D78-C2EB-49A2-97C2-E59F93820AFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{993251D2-3D4C-4A32-821F-2B14CC1603BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{25F0E80C-6613-4D12-A71E-629A194B4C0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{5835C0C3-E7B6-461A-B79D-B9CC808BFB4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{474892C9-E058-4F63-AEE6-64ABC0BD4E5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{9BC149A2-F488-46EC-A1C9-90FB607802E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{C64EE718-8F43-466F-8CB2-47F9A5F156EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\nw.exe
FirewallRules: [{A0706082-28A4-4A88-B699-71FB3D5CF136}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elisa The Innkeeper - Prequel\nw.exe
FirewallRules: [{0ED2787A-0D75-4667-AF26-7E7D2D94C07C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{4E8438D8-8E9E-4D1F-A766-D2CC15DEB70E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{8C537F0B-9105-4336-8382-0EEAACE29148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sams Lost and Found\ScummVM_Windows\scummvm.exe
FirewallRules: [{9BC34AC4-062B-4734-B7C9-609031FD4E25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pajama Sams Lost and Found\ScummVM_Windows\scummvm.exe
FirewallRules: [{31A10986-D3EF-4BFF-9EDC-3E80910C2C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{91C84A22-CC66-49C0-861F-5EA3E141C2B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{82A91B30-7540-4667-B72D-454C1AE0104A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{DC8BD131-5F23-493C-916D-2F550D2B366A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F388BABD-B75D-4D47-9BC6-8C8DA364ADA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{8572D910-3E7C-48F9-844D-59CADAA2640E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [TCP Query User{A1405EB6-60AD-4277-85CA-B292EC623FEB}C:\users\swooce\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\swooce\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{FD23D298-A99C-494D-A109-1792402501F5}C:\users\swooce\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\swooce\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{BA585661-22FD-49C2-9C88-805D867A0890}] => (Block) C:\users\swooce\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{1F541A39-6F1A-4140-90EF-A35BC4136269}] => (Block) C:\users\swooce\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{5B599FFE-C30E-4C0E-845C-48175226D51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{3C7B4D9A-0769-4F5D-BB19-5DAF19A2B16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{EFB6BA96-5692-484B-9BB8-07D71811D51C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Kimulator.exe
FirewallRules: [{FBA39856-54F6-4E9F-9E78-39E1BBD263FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Kimulator.exe
FirewallRules: [{132F3E3F-74FB-4333-A11E-AAC2ACC2ED43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Multiplayer.exe
FirewallRules: [{3C148A76-C623-4BD3-B4C5-0553CA2F6F8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Multiplayer.exe
FirewallRules: [{0CF66273-4DD5-4F0F-8C53-D00AAF163825}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Dreamblaster.exe
FirewallRules: [{4DA341F8-2FBD-45F7-A9D2-5CBDF0FE402D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\Dreamblaster.exe
FirewallRules: [{D4AEF046-2F19-4BC8-9ABD-124C905CCD05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\BestMiniGameEver.exe
FirewallRules: [{8D0BCD42-6CA3-45F6-A7AA-21314F3779A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kimulator Fight for your destiny\BestMiniGameEver.exe
FirewallRules: [{97A4E10B-DCCD-48F8-B6E8-71802B0DEDF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{E0393254-CEE0-4F9F-97CF-3160A596D545}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{590975D4-B958-4E9D-BD7C-0E19FE6C8178}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{88C2232B-1E8F-4CC3-B0D9-E0AA53E826DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{F32F6A18-D70C-4F6C-9E9F-10D4AA025584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1ADBEA12-3798-43B1-883B-600FC552A451}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{5598004B-9354-466F-B3BE-53CB31110C4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{281550B7-4FEE-4784-9BB5-C0A44A3BF667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C089E0E1-E9A5-4F82-8A83-93518E1F7E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{FB96850F-A349-4D3F-AAF9-4474D7B0CB22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{4CC8E182-0568-420B-8EB9-D3AA3CC0E311}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EA0D0D96-3C4E-49C7-B7EE-401DAE36B53E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{E81C8662-86FB-48B0-B835-0B91FAD2947F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{992B6CC3-D089-4B75-9F2A-1FCD3B999097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{D0D3C72E-3DA8-4B31-BBB3-B3187A6C6F78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe

==================== Restore Points =========================

03-11-2016 15:30:23 Windows Update
06-11-2016 19:08:57 Windows Update
08-11-2016 23:15:58 Removed Traffic Exchange
08-11-2016 23:16:23 Removed Online.io Application
08-11-2016 23:17:01 Removed Traffic Exchange
08-11-2016 23:17:56 Removed Online.io Application

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2016 10:44:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/09/2016 10:44:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/09/2016 10:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 E.8.6.2.4.B.D.A.C.6.F.7.1.6.D.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR GPC-2.local.

Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 25.138.16.2:5353 11 E.8.6.2.4.B.D.A.C.6.F.7.1.6.D.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR GPC.local.

Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 2.0.0.1.A.8.9.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.B.9.0.0.0.2.6.2.ip6.arpa. PTR GPC-2.local.

Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 25.138.16.2:5353 11 2.0.0.1.A.8.9.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.B.9.0.0.0.2.6.2.ip6.arpa. PTR GPC.local.

Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 2.16.138.25.in-addr.arpa. PTR GPC-2.local.

Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 25.138.16.2:5353 11 2.16.138.25.in-addr.arpa. PTR GPC.local.

Error: (11/09/2016 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 3.B.6.5.D.1.1.5.E.D.1.5.E.D.C.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR GPC-2.local.


System errors:
=============
Error: (11/09/2016 02:46:18 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Kovter.A!cl&threatid=2147711000&enterprise=0

Name: Trojan:Win32/Kovter.A!cl

ID: 2147711000

Severity: Severe

Category: Trojan

Path: file:_C:\Users\Swooce\AppData\Local\Temp\cubecc.exe

Detection Origin: Local machine

Detection Type: Dynamic Signature

Detection Source: Real-Time Protection

User: NT AUTHORITY\SYSTEM

Process Name: C:\Program Files\CCleaner\CCleaner64.exe

Action: Quarantine

Action Status: No additional actions required

Error Code: 0x8007054f

Error description: An internal error occurred.

Signature Version: AV: 1.231.1520.0, AS: 1.231.1520.0, NIS: 116.65.0.0

Engine Version: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/09/2016 10:46:51 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Kovter.A!cl&threatid=2147711000&enterprise=0

Name: Trojan:Win32/Kovter.A!cl

ID: 2147711000

Severity: Severe

Category: Trojan

Path: file:_C:\Users\Swooce\AppData\Local\Temp\cubecc.exe

Detection Origin: Local machine

Detection Type: Dynamic Signature

Detection Source: System

User: NT AUTHORITY\SYSTEM

Process Name: Unknown

Action: Quarantine

Action Status: No additional actions required

Error Code: 0x8007054f

Error description: An internal error occurred.

Signature Version: AV: 1.231.1520.0, AS: 1.231.1520.0, NIS: 116.65.0.0

Engine Version: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/09/2016 10:40:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/09/2016 10:38:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (11/09/2016 10:37:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/09/2016 10:37:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/09/2016 10:37:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/09/2016 10:37:17 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/09/2016 10:37:17 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/09/2016 10:37:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


CodeIntegrity:
===================================
Date: 2016-07-30 15:00:18.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 15:00:18.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 15:00:18.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 15:00:18.663
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 15:00:18.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 14:53:05.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 14:53:05.907
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 14:53:05.841
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 14:53:05.792
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 14:53:05.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 46%
Total physical RAM: 8164.38 MB
Available physical RAM: 4333.95 MB
Total Virtual: 16326.94 MB
Available Virtual: 11905.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:598.64 GB) NTFS
Drive d: (OS) (Fixed) (Total:186.3 GB) (Free:15.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATA) (Fixed) (Total:254.46 GB) (Free:131.85 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:465.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00059AE6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 496B9619)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AC7BEE94)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Attachments

Last edited by a moderator:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
I see that you have µTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appeciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.


 
  • Like
Reactions: gus

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
Malnutrition Do I need to run both scans or only one? Ive downloaded multiple scanners already and just curious about that
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Please run both of these, and I am in the process of making a script fix with FRST, when you have completed the two scans. These two scanners are a bit more aggressive than the ones you have run previously. :)
 
  • Like
Reactions: jmarket

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
Do I need to take any precautions before i turn off antivirus? Such as puting my computer on safe mode?
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
No, while you run these scans your machine will be fine; so long as you are not going to download and execute any new files, you will be OK. :)
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Also, once you have ran the two scans listed and posted the result, I will post the FRST fix that I have now had time to write for you. After this your issue should be resolved, but there are a few other things to take care of on your machine, such as outdated programs... etc. All of which we will take care of in the course of this thread. :)
 

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
This might be silly but how do i disable the antivirus? I have MS Security Essentials?
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
If you have any issues trying to disable it, then I suggest that you remove it with Geek Uninstaller then re-install it after you have completed this thread. :)
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,165
501
PCHF Bunker
pchelpforum.net
You need to post the logs they saved so we can review them :) Mal is still working on your fix, which is necessary to alleviate your symptoms. Trovi is hard to get rid of, but we'll eliminate it and you'll be safe once again :)

While we're waiting for him, go ahead and run JRT for me :)

Please go HERE and download it to your DESKTOP.
Before running JRT ensure your antivirus, and any other security software is disabled, if you are unsure how to do this please ask. Also close browsers and other applications before running this tool.
Should you receive any User Account Control (UAC) when starting JRT you can safely allow it.

Right click the JRT desktop icon
and select "run as administrator" from the menu, for XP users just double click the icon. JRT will open with a simple interface, and ask to press any keyboard key to continue. Please do so.



Depending on the amount of data on your computer JRT may take some time to complete the scan. When JRT finishes a .txt file will be saved and displayed on your desktop, please COPY and PASTE the contents of this file in your next post:)
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Zemana Scan

Run a full scan with Zemana AntiMalware!
Install and select deep scan.



Remove any infections found.
Then click on the icon in the pic below.



Double click on the scan log, copy and paste here in your reply



FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



 

Attachments

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Swooce on Wed 11/09/2016 at 17:53:50.92.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Swooce\Downloads\zoek.exe [Scan all users] [Deep Scan] [Auto Clean]

==== System Restore Info ======================

11/9/2016 9:27:23 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Users\Swooce\AppData\Roaming\c deleted successfully
C:\Users\Swooce\AppData\Local\CrashDumps deleted successfully
C:\Users\Swooce\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Users\Swooce\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\R.G. Mechanics not found
C:\Users\Swooce\AppData\Roaming\Curse Client deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Swooce\AppData\Local\Unity deleted
C:\Users\Swooce\AppData\LocalLow\Unity deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8165 MB
CPU Info: AMD FX(tm)-8350 Eight-Core Processor
CPU Speed: 3959.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | N600 Wireless Dual Band PCI Express Adapter | Hamachi Network Interface
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 931.4GB | D: 186.3GB | E: 254.5GB | F: 465.8GB
Hard Disks - Free: C: 598.3GB | D: 15.0GB | E: 131.8GB | F: 465.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/21/15 | ALASKA - 1072009
Time Zone: Eastern Standard Time
Motherboard *: ASRock 970M Pro3
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Default Browser: Google Chrome 54.0.2840.71
Internet Explorer Version: 11.0.9600.18499
Google Chrome version: 54.0.2840.71
Sun Java version: 1.8.0_51 (32-bit)
Sun Java version: 1.8.0_51 (64-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-11-08 10:07:56 7122DC6E7A33CB56217DC27FE3BDEFBC 1914038 ----a-w- C:\Windows\345b373d6c15734d8a7cece5f8fbc403.exe
====== C:\Users\Swooce\AppData\Local\Temp ====
2016-11-09 21:53:30 D7B59C5C8C22101B50502AFB482A86FE 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.7_42330\utorrentie.exe
2016-11-09 21:53:30 D023A7DA00A3F63E79C8F16E509CEA20 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42449\utorrentie.exe
2016-11-09 21:53:30 AE740DAFEB88429E8E7E83ACEE609516 340480 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.6_42094\utorrentie.exe
2016-11-09 21:53:30 9FF7A89211B37CD81309421D53FD66C0 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42576\utorrentie.exe
2016-11-09 21:53:30 61F5086763071C254EFE51C1E3E03C5E 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.9_42606\utorrentie.exe
2016-11-09 21:53:30 55F5FF4E4BD359CB8D44787DFD945855 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41712\utorrentie.exe
2016-11-09 21:53:30 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.9_42606.exe
2016-11-09 21:53:30 25B6F764C7201ABD6672AAB425F48019 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41865\utorrentie.exe
2016-11-09 21:53:22 5A6BD2A6FA1323AC96E860DFA6CBC9B6 2139840 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42576.exe
2016-11-09 21:53:15 6F8F01C2279F49BD3103599B53EE2A57 1972224 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42449.exe
2016-11-09 21:53:08 D0278FA8947ED54A112893F71917F46A 2133504 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.7_42330.exe
2016-11-09 21:53:01 89144ED117C1D506AE3AB6D0E12F4D4B 2094080 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41865.exe
2016-11-09 21:53:01 570193297A02D9332C1122C1C7B756EF 1959424 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.6_42094.exe
2016-11-09 21:52:59 65066A6E15E60A707E587005E4DDA398 2065944 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41712.exe
2016-11-09 21:52:57 EABA486CA44CE139B1A6C2520FE61837 933376 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375\HTA\3rdparty\FS.dll
2016-11-09 21:52:57 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\uTorrent.exe
2016-11-09 04:10:13 D6C47585818079867E3B7B46245B46AE 24606 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cubecc.exe
2016-11-09 04:10:01 090FBD01505C47342AD2CEEFD6BF2AD7 196096 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.b059c4eca06ec.exe
2016-11-09 04:09:36 828131855DD4D89E6EB6CEC08DF03C22 4605744 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.3b2bc6c0671744.exe
2016-11-09 04:09:13 30B43E01A6C983FFD37B90D1D91F7CA8 522752 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.6012ccea114728.exe
2016-11-09 04:09:11 1C308D8F45584AAF4652CB9C33451BBB 8843968 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.a35752e8909478.exe
2016-11-09 04:08:45 ACA1E16A65F938C42B62DEBE60CD2AFF 766169 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.2e548b537bfe34.exe
2016-11-09 04:08:37 D51A9BFF2AD251288EA7700771FD3EE2 12288 ----a-w- C:\Users\Swooce\AppData\Local\Temp\wait.exe
2016-11-09 04:08:37 1C11AC458753F3D3D896C24ABB35F49F 699392 ----a-w- C:\Users\Swooce\AppData\Local\Temp\CodecFixDivx.exe
2016-11-09 04:08:36 C3F5F4A1FB69B5889F0BBB313CF6017F 329944 ----a-w- C:\Users\Swooce\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dll
2016-11-09 04:08:36 B895D42059B9CE3B2305C77DC27DEF95 20510 ----a-w- C:\Users\Swooce\AppData\Local\Temp\dxdiag.exe
2016-11-09 04:08:36 9BDCF813D65265255B820BC7A704DA3C 1388544 ----a-w- C:\Users\Swooce\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
2016-11-09 04:08:33 DF4AD319625777EEB460396B3D6741EF 6860215 ----a-w- C:\Users\Swooce\AppData\Local\Temp\startIT.exe
2016-11-09 04:08:28 AAE5D937048B3BC62F63534DAFA71628 1850694 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cpa.exe
2016-11-07 12:13:06 1A6557BB2FF808A4CDE614F8D4E80119 380928 ----a-w- C:\Users\Swooce\AppData\Local\Temp\WindowService.Lib.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2016-11-09 15:27:53 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2016-11-09 15:27:41 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2016-11-09 15:27:41 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2016-11-09 15:27:41 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2016-10-12 22:22:29 EA4D67448BE493D543F1730D6CD04694 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2016-10-12 22:22:27 8ADB5445B29941CB41AF2846FD5C93C7 94440 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys
2016-10-12 22:22:26 9B38580063D281A99E68EF5813022A5F 106496 ----a-w- C:\Windows\Sysnative\drivers\dfsc.sys
2016-10-12 22:22:24 CF11CC2B73D5155533C67354F9188E09 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2016-10-12 22:22:24 98DB1790F0A584E0A2528B92B052417F 142336 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
2016-10-12 22:22:24 2E56D51B184EFB8E353B7AF446299DC8 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-10-12 22:22:21 FCA01B0C70DAE9BE557577E719469D17 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-10-12 22:22:19 841474CF2EB14F826038FBCC7D85B857 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-10-12 22:22:19 386BE96797C5B480AD31E8B50CEE337C 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-10-12 22:22:17 8B73FEE96B60EE597CBCAA735A842A36 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Swooce\AppData\Roaming ======
2016-11-09 22:43:38 -------- d-----w- C:\Users\Swooce\AppData\Roaming\ZHP
2016-11-09 04:02:50 -------- d-----w- C:\Users\Swooce\AppData\Locallow\uTorrent
2016-10-28 03:57:28 -------- d-----w- C:\Users\Swooce\AppData\Local\Black_Tree_Gaming
2016-10-16 21:13:19 -------- d-----w- C:\Users\Swooce\AppData\Roaming\runic games
====== C:\Users\Swooce ======
2016-11-09 22:42:51 C13760F9F0C978919F087ABFC20CB05D 2488832 ----a-w- C:\Users\Swooce\Downloads\ZHPCleaner.exe
2016-11-09 21:24:55 A4B12C9ABC86B6F0B42D2ACEDF7F5C76 2410496 ----a-w- C:\Users\Swooce\Downloads\FRST64.exe
2016-11-09 15:21:21 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Swooce\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-09 15:20:52 121F06C1DA71965212F3B6C13C17C514 3910208 ----a-w- C:\Users\Swooce\Downloads\AdwCleaner.exe
2016-10-28 03:56:12 4E9E48593706B7F9B95E4E5FAA2E28C5 6450488 ----a-w- C:\Users\Swooce\Downloads\Nexus Mod Manager-0.63.2.exe

====== C: exe-files ==
2016-11-10 02:34:10 2905624FC89D330956E239CFBD81A725 727120 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\Packages\0000971e\CoProc update.21350355.exe
2016-11-10 02:34:05 62C7E48758BCB99308D58F0622DFE13B 9381376 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\Packages\00009730\DAO.21352768.exe
2016-11-09 22:43:38 C13760F9F0C978919F087ABFC20CB05D 2488832 ----a-w- C:\Users\Swooce\AppData\Roaming\ZHP\ZHPCleaner.exe
2016-11-09 22:42:51 C13760F9F0C978919F087ABFC20CB05D 2488832 ----a-w- C:\Users\Swooce\Downloads\ZHPCleaner.exe
2016-11-09 21:53:30 D7B59C5C8C22101B50502AFB482A86FE 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.7_42330\utorrentie.exe
2016-11-09 21:53:30 D023A7DA00A3F63E79C8F16E509CEA20 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42449\utorrentie.exe
2016-11-09 21:53:30 AE740DAFEB88429E8E7E83ACEE609516 340480 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.6_42094\utorrentie.exe
2016-11-09 21:53:30 9FF7A89211B37CD81309421D53FD66C0 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42576\utorrentie.exe
2016-11-09 21:53:30 61F5086763071C254EFE51C1E3E03C5E 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.9_42606\utorrentie.exe
2016-11-09 21:53:30 55F5FF4E4BD359CB8D44787DFD945855 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41712\utorrentie.exe
2016-11-09 21:53:30 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.9_42606.exe
2016-11-09 21:53:30 25B6F764C7201ABD6672AAB425F48019 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41865\utorrentie.exe
2016-11-09 21:53:22 5A6BD2A6FA1323AC96E860DFA6CBC9B6 2139840 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42576.exe
2016-11-09 21:53:15 6F8F01C2279F49BD3103599B53EE2A57 1972224 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.8_42449.exe
2016-11-09 21:53:08 D0278FA8947ED54A112893F71917F46A 2133504 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.7_42330.exe
2016-11-09 21:53:01 89144ED117C1D506AE3AB6D0E12F4D4B 2094080 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41865.exe
2016-11-09 21:53:01 570193297A02D9332C1122C1C7B756EF 1959424 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.6_42094.exe
2016-11-09 21:52:59 65066A6E15E60A707E587005E4DDA398 2065944 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\updates\3.4.5_41712.exe
2016-11-09 21:52:57 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375_permissionsCopy\uTorrent.exe
2016-11-09 21:24:55 A4B12C9ABC86B6F0B42D2ACEDF7F5C76 2410496 ----a-w- C:\Users\Swooce\Downloads\FRST64.exe
2016-11-09 21:22:22 63592C483A75F9D0BC887BC9FC1ED7CC 346512 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2016-11-09 21:22:20 239C0D2EA04E2B835AA3CAC711DD69D0 403856 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2016-11-09 15:23:13 4E3F9DC6AFED15D617BD3B8CEC9A56B3 119808 ----a-w- C:\AdwCleaner\quarantine\files\chbqrmxmwrekkrxyynksjrynpokvlrzv\ur.exe
2016-11-09 15:21:21 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Swooce\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-09 15:20:52 121F06C1DA71965212F3B6C13C17C514 3910208 ----a-w- C:\Users\Swooce\Downloads\AdwCleaner.exe
2016-11-09 15:18:26 CC0FCC4C5AA93959E19744C9ADF63A6D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000\$IU8904Q.exe
2016-11-09 15:18:26 B54F68C522868E02E91CA1C27DFBD224 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000\$IF3W01N.exe
2016-11-09 15:02:35 121F06C1DA71965212F3B6C13C17C514 3910208 ----a-w- C:\$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000\$RF3W01N.exe
2016-11-09 15:00:38 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000\$RU8904Q.exe
2016-11-09 04:10:13 D6C47585818079867E3B7B46245B46AE 24606 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cubecc.exe
2016-11-09 04:10:01 090FBD01505C47342AD2CEEFD6BF2AD7 196096 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.b059c4eca06ec.exe
2016-11-09 04:09:36 828131855DD4D89E6EB6CEC08DF03C22 4605744 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.3b2bc6c0671744.exe
2016-11-09 04:09:13 30B43E01A6C983FFD37B90D1D91F7CA8 522752 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.6012ccea114728.exe
2016-11-09 04:09:11 1C308D8F45584AAF4652CB9C33451BBB 8843968 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.a35752e8909478.exe
2016-11-09 04:08:45 ACA1E16A65F938C42B62DEBE60CD2AFF 766169 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.2e548b537bfe34.exe
2016-11-09 04:08:37 D51A9BFF2AD251288EA7700771FD3EE2 12288 ----a-w- C:\Users\Swooce\AppData\Local\Temp\wait.exe
2016-11-09 04:08:37 1C11AC458753F3D3D896C24ABB35F49F 699392 ----a-w- C:\Users\Swooce\AppData\Local\Temp\CodecFixDivx.exe
2016-11-09 04:08:36 B895D42059B9CE3B2305C77DC27DEF95 20510 ----a-w- C:\Users\Swooce\AppData\Local\Temp\dxdiag.exe
2016-11-09 04:08:36 9BDCF813D65265255B820BC7A704DA3C 1388544 ----a-w- C:\Users\Swooce\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
2016-11-09 04:08:33 DF4AD319625777EEB460396B3D6741EF 6860215 ----a-w- C:\Users\Swooce\AppData\Local\Temp\startIT.exe
2016-11-09 04:08:28 AAE5D937048B3BC62F63534DAFA71628 1850694 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cpa.exe
2016-11-09 04:03:50 544D3B5ED3C988699C9E77D14F7DA225 402886071 ----a-r- C:\Users\Swooce\Downloads\Minecraft 1 9 5 Cracked - P2P\Setup.exe
2016-11-08 10:07:56 7122DC6E7A33CB56217DC27FE3BDEFBC 1914038 ----a-w- C:\Windows\345b373d6c15734d8a7cece5f8fbc403.exe
2016-11-08 02:36:57 42D4C5F3338C624FCFEC515AF3E26C1B 4824552 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.5269\Agent.exe
2016-11-06 02:07:17 DEE3B4349482368E3E0E1C231229233C 133608 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.8098\Loader64.exe
2016-11-06 02:07:08 E3F4B6E5305707FF088A4BA1268A49FE 1484776 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
2016-11-06 02:07:08 C35B1FB1E02E77F49D5DC606ACCB3F2A 12967912 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net.exe
2016-11-05 23:04:38 DDCE338BB173B32024679D61FB4F2BA6 537432 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\redist\DXSETUP.exe
2016-11-05 23:04:38 DD54E65CB1D5C18BCB0F061E4AA8EE80 4150272 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
2016-11-05 23:04:38 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\redist\vcredist_x86.exe
2016-11-03 20:27:00 E465D472C90BD07357D26A6BAAD32B0C 2226680 ----a-w- C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\SwReporter\13.79.1\software_reporter_tool.exe
=== C: other files ==
2016-11-09 21:52:55 3E73077328D6C51D35A46ABC5D951802 2192006 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.1478728375\HTA\install.1478728375.zip
2016-11-09 15:27:53 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-11-09 15:27:41 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-11-09 15:27:41 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-11-09 15:27:41 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-11-09 15:23:14 B96E2E2AB0CA289465E49C4423ADB294 597 ----a-w- C:\Users\Swooce\AppData\Local\Temp\DeleteOnReboot.bat
2016-11-05 23:10:22 28D9D9BBE54E8C61F6CB674EA159730B 1036 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\WorkResource\VertexShaders\PreprocessVertexShaders.bat
2016-11-05 23:10:20 6B07E930C1713C3040F1E6C378F3B770 55 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\WorkResource\VertexShaders\CompileShader.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3488453458-2430756528-1590804681-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"GamecomSound"="C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Everything]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Everything"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Everything\\Everything.exe\" -startup"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d1e92bdcbba985.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d1e92bdd417cbf.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d1e92bdcbba985" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d1e92bdd417cbf" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{53CF22D0-3EE7-48B7-BD6C-7168DB898A79}" [C:\Program Files (x86)\R.G. Mechanics\Sherlock Holmes - Crimes &amp; Punishments\Binaries\Win32\Sherlock.exe]
"C:\Windows\SysNative\tasks\{EE0056F9-C17E-4488-B954-ADB34F959B3A}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


Google Slides - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Skype Calling - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij
YouTube - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Cast - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Google Search - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Whitelisted domains - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Speed Dial 2 - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik
Ponify - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpjljegae
Reddit Enhancement Suite - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Search-Privacy.club - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcmlbbokmmghcjldembpnhfapencced
Chrome Web Store Payments - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
4chan X - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam
Gmail - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik deleted successfully
C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpfpebmajhhopeonhlcgidhclcccjcik_0.localstorage deleted successfully
C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpfpebmajhhopeonhlcgidhclcccjcik_0.localstorage-journal deleted successfully
C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jpfpebmajhhopeonhlcgidhclcccjcik_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Net Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Swooce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Swooce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PGH55C1 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=873 folders=107 419164766 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Swooce\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Swooce\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-5C-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\Swooce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PGH55C1" not found

==== EOF on Wed 11/09/2016 at 21:45:04.29 ======================
 

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
For the zhp scan, What txt file should it be? I have multiple for some reason
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Zoek was ran incorrectly, also for now just skip that and the ZHP. Go ahead and run Zemana and the FRST fix and tell me how things are. :)
 

Gweetar

PCHF Member
PCHF Member
Nov 9, 2016
12
0
22
Zemana AntiMalware 2.60.2.1 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/10
Operating System : Windows 7 64-bit
Processor : 8X AMD FX(tm)-8350 Eight-Core Processor
BIOS Mode : Legacy
CUID : 12B4594181B6192D284F30
Scan Type : Smart Scan
Duration : 20m 36s
Scanned Objects : 120291
Detected Objects : 3
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Startup Url
Status : Scanned
Object : chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Startup Url

Chrome Homepage
Status : Scanned
Object : http://www.trovi.com/?gd=&ctid=CT3311767&octid=EB_ORIGINAL_CTID&ISID=MCC9AB844-F8D6-498F-BD84-98601820C81A&SearchSource=55&CUI=&UM=6&UP=SPA6417127-305C-4B91-8B4A-DF2B6AB20EC7&SSPV=
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Homepage

Search-Privacy.club
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ldcmlbbokmmghcjldembpnhfapencced
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Search-Privacy.club
 
Status
Not open for further replies.