Solved Many games and apps broken

[gus]

Hi 10months and thank you for the Adwcleaner "clean" log. We now need you to remove some stuff the previous ZHPdiag log contained. Please follow the instructions below and post the log that the tool generates


Please go HERE and click the blue

link (French for download) and save the file to your desktop.

Please note is it important to disable your antivirus before running this tool. If you are uncertain how to do this please ask?

Right click the desktop icon

and choose "Run as Administrator". You can safely ignore any security warnings when running this tool.

On the main interface select IMPORT

If a box appears similar to that below, click OK or just X out of it.

Copy the contents of the box below

Script Zhpfix
G0 - GCSP: Preferences [User Data\Default][HomePage] http://api.ciuvo.com =>PUP.Optional.PriceSparrow
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] =>.SUP.Orphan
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] =>.SUP.Orphan
C:\Users\Dan\AppData\Roaming\OpenCandy =>Adware.OpenCandy
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} =>.SUP.AkamaiHD
HKLM64\Software\Microsoft\Internet Explorer\SearchScopes\{E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} =>.SUP.AkamaiHD
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_battlefield-1942.en.softonic.com_0.localstorage =>.SUP.Softonic
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_battlefield-1942.en.softonic.com_0.localstorage-journal =>.SUP.Softonic
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_support.solvusoft.com_0.localstorage =>.SUP.Solvusoft
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_support.solvusoft.com_0.localstorage-journal =>.SUP.Solvusoft
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.putlocker-movies.cc_0.localstorage =>PUP.Optional.PutLocker
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.putlocker-movies.cc_0.localstorage-journal =>PUP.Optional.PutLocker
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.Chatango
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker-movies.cc_0.localstorage =>PUP.Optional.PutLocker
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker-movies.cc_0.localstorage-journal =>PUP.Optional.PutLocker
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.solvusoft.com_0.localstorage =>.SUP.Solvusoft
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.solvusoft.com_0.localstorage-journal =>.SUP.Solvusoft
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97] =>PUM.Misplaced.Certificate [Avast Software]
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid

And paste it into the blank ZHP Fix interface screen, then click GO.

Accept the cleaning process by clicking "Oui" (yes)

The cleanup will run and will again ask for permission to complete, again select "Oui".

At the conclusion of cleaning a file notepad will open and be saved to your desktop. Please Copy and Paste the contents of this file in your next reply

 

[10months]

Sorry for slow response again

Rapport de ZHPFix 2017.06.13.1 par Nicolas Coolman, Update du 13/06/2017
Fichier d'export Registre :
Run by Alex at 13/09/2017 23:55:09
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 04s)
Prefetcher emptied
Repair of browser shortcuts

========== Registry keys ==========
REMOVES: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E5C08DF4-F5F1-4F74-B779-C18750CDCC3F}
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97

========== Preferences browser ==========
NOW Chrome File: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://api.ciuvo.com

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (14) (6,334,998 octets)

========== Other ==========
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
NON-TREATY [HKLM64\Software\Microsoft\Internet Explorer\SearchScopes\{E5C08DF4-F5F1-4F74-B779-C18750CDCC3F}]


========== Summary ==========
28 : Registry keys
1 : Folders
1 : Files
2 : Preferences browser
3 : Other


End of clean in 00mn 06s

========== Path to file report ==========
C:\Users\Alex\AppData\Roaming\ZHP\ZHPFix[R1].txt - 13/09/2017 23:55:13 [4573]

 

[gus]

Hello 10months and thanks for the log. Can you now follow these instructions and post the 2 logs from this tool?

We need a log from Farbar Recovery Scan Tool (FRST) to examine your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

1. Accept the default whitelist options,
2. If the additions.txt options box is not checked please select it.
   
3. Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please COPY and PASTE the contents of these two files in your next post.

 

[10months]

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2017 01
Ran by Alex (administrator) on LUCY (14-09-2017 22:23:19)
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\ns.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\runSW.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek) C:\Windows\SwUSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Discord Inc.) C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) E:\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() E:\1A\TWCU.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [Steam] => E:\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [GoogleChromeAutoLaunch_AD2529C7DB5B63D28C23362385276129] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-09-23]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> E:\TWCU.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D6FE7615-E3F4-4DBD-B664-C7231B00AA05}: [DhcpNameServer] 192.168.0.5
Tcpip\..\Interfaces\{DE19D148-F66E-4E70-9848-0E911A76D5E4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQxcUwFIFAEUbQsNVFxcFQATIRRZAFtDDAxFcg4PWV1HEAIVdB9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM -> {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQxcUwFIFAEUbQsNVFxcFQATIRRZAFtDDAxFcg4PWV1HEAIVdB9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL =
SearchScopes: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> {A6A1D0B1-E2C0-425C-9FA5-600268E3E449} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-09-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-09-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: h90wxnqo.default
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h90wxnqo.default [2017-09-07]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\h90wxnqo.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\h90wxnqo.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\h90wxnqo.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\h90wxnqo.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Homepage: Mozilla\Firefox\Profiles\h90wxnqo.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-gb
FF Extension: (Bing Search) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h90wxnqo.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-11-23]
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h90wxnqo.default\searchplugins\bing-.xml [2016-11-23]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon [2017-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-11] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-630333582-4039751370-1614634531-1000: SkypePlugin -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-630333582-4039751370-1614634531-1000: SkypePlugin64 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll [2016-10-20] (Skype Technologies S.A.)

Chrome:
=======
CHR DefaultProfile: Default
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWJAsAWAxFFhgRdQxdTA1EEVQOIVhaUxRIRwcUdwFcVwhGFwEFIk0FA1oDB0VXfV5bFElXTwhxJUpNDU0CaUBB"
CHR StartupUrls: Default -> "chrome://history/","hxxps://www.youtube.com/feed/subscriptions","hxxp://www.netflix.com/browse/","hxxps://twitter.com/","hxxp://www.schoolplannerbook.com/tanbridge/homework/?email=12afarr%40ths.uk.net&action=homeworkfromemail&view=due&as=list","hxxp://vle.ths.uk.net/"
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-13]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-13]
CHR Extension: (Skype Calling) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-08-13]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-05]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-08-13]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-13]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-08-13]
CHR Extension: (Skype) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-13]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2017-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NS.exe [326144 2017-08-24] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] () [File not signed]
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2142728 2016-10-26] (Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [2209296 2016-10-26] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-09-10] (Overwolf LTD)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [39424 2016-02-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\BASHDefs\20170906.001\BHDrvx64.sys [1862816 2017-08-07] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-08-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-08-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\IPSDefs\20170909.001\IDSvia64.sys [1056920 2017-09-01] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2013-08-30] (Microsoft Corporation) [File not signed]
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2013-11-14] (Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12464 2015-10-31] (Macrovision Europe Ltd) [File not signed]
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-09-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [29696 2013-08-30] (Microsoft Corporation) [File not signed]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\SDSDefs\20170903.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\SDSDefs\20170903.001\NAVEX15.SYS [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-14 22:23 - 2017-09-14 22:23 - 000025397 _____ C:\Users\Alex\Downloads\FRST.txt
2017-09-14 22:22 - 2017-09-14 22:23 - 000000000 ____D C:\FRST
2017-09-14 22:21 - 2017-09-14 22:21 - 002398208 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2017-09-14 21:29 - 2017-09-14 21:29 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-09-13 23:55 - 2017-09-13 23:55 - 000004652 _____ C:\Users\Alex\Desktop\ZHPFixReport.txt
2017-09-13 23:50 - 2017-09-13 23:50 - 000417344 _____ C:\Windows\Minidump\091317-6692-01.dmp
2017-09-13 23:43 - 2017-09-13 23:43 - 000000000 ____D C:\Users\Alex\Downloads\Quarantine
2017-09-13 23:42 - 2017-09-13 23:42 - 003061760 _____ (Nicolas Coolman) C:\Users\Alex\Downloads\ZHPFix.exe
2017-09-13 03:05 - 2017-08-19 16:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 03:05 - 2017-08-19 16:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 03:05 - 2017-08-16 16:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-13 03:05 - 2017-08-16 16:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-13 03:05 - 2017-08-16 15:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 03:05 - 2017-08-15 16:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 03:05 - 2017-08-15 16:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-13 03:05 - 2017-08-15 16:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 03:05 - 2017-08-15 16:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-13 03:05 - 2017-08-14 18:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-13 03:05 - 2017-08-13 22:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-13 03:05 - 2017-08-13 22:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-13 03:05 - 2017-08-11 07:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 03:05 - 2017-08-11 07:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 03:05 - 2017-08-11 07:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 03:05 - 2017-08-11 07:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-13 03:05 - 2017-08-11 07:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-13 03:05 - 2017-08-11 07:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 03:05 - 2017-08-11 07:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 03:05 - 2017-08-11 07:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 03:05 - 2017-08-11 07:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-09-13 03:05 - 2017-08-11 07:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-13 03:05 - 2017-08-11 07:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-13 03:05 - 2017-08-11 07:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-13 03:05 - 2017-08-11 07:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-13 03:05 - 2017-08-11 07:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 03:05 - 2017-08-11 07:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-13 03:05 - 2017-08-11 07:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 03:05 - 2017-08-11 07:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-13 03:05 - 2017-08-11 07:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-13 03:05 - 2017-08-11 07:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-13 03:05 - 2017-08-11 07:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-13 03:05 - 2017-08-11 07:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-13 03:05 - 2017-08-11 07:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 03:05 - 2017-08-11 07:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-13 03:05 - 2017-08-11 07:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-13 03:05 - 2017-08-11 06:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-13 03:05 - 2017-08-11 06:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-13 03:05 - 2017-08-11 06:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-13 03:05 - 2017-08-11 06:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 03:05 - 2017-08-11 06:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-13 03:05 - 2017-08-11 06:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 03:05 - 2017-08-11 06:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-13 03:05 - 2017-08-11 06:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-13 03:05 - 2017-08-11 06:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-13 03:05 - 2017-07-07 16:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-13 03:05 - 2017-07-07 16:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-11 07:41 - 2017-09-11 07:41 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security
2017-09-11 07:35 - 2017-09-11 07:35 - 000417368 _____ C:\Windows\Minidump\091117-6676-01.dmp
2017-09-11 07:35 - 2017-09-11 07:35 - 000003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-09-10 23:40 - 2017-09-10 23:40 - 001422530 _____ C:\Users\Alex\Documents\STARTING WITH CONFIDENCE 2017 final.pdf
2017-09-10 20:39 - 2017-09-10 20:39 - 000037726 _____ C:\Users\Alex\Documents\Student Timetable SY170200.pdf
2017-09-09 22:11 - 2017-09-09 22:11 - 000000000 ____D C:\Users\Alex\Documents\Fear Equation
2017-09-09 22:11 - 2017-09-09 22:11 - 000000000 ____D C:\Users\Alex\AppData\LocalLow\Screwfly Studios
2017-09-09 20:13 - 2017-09-09 20:13 - 000417384 _____ C:\Windows\Minidump\090917-6723-01.dmp
2017-09-09 10:52 - 2017-09-09 10:52 - 000037726 _____ C:\Users\Alex\Downloads\Student Timetable SY170200.pdf
2017-09-08 16:02 - 2017-09-10 11:08 - 000000000 ____D C:\AdwCleaner
2017-09-08 16:01 - 2017-09-08 16:01 - 008182736 _____ (Malwarebytes) C:\Users\Alex\Downloads\adwcleaner_7.0.2.1.exe
2017-09-08 15:58 - 2017-09-08 15:58 - 000009674 _____ C:\Users\Alex\Documents\roguekiller.txt
2017-09-08 15:47 - 2017-09-08 15:47 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-08 15:45 - 2017-09-08 15:59 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-08 15:44 - 2017-09-08 15:44 - 035802208 _____ (Adlice Software ) C:\Users\Alex\Downloads\setup.exe
2017-09-08 13:04 - 2017-09-08 13:04 - 000000000 ____D C:\Users\Alex\AppData\Roaming\3909
2017-09-08 12:45 - 2017-09-13 23:50 - 1771412084 _____ C:\Windows\MEMORY.DMP
2017-09-08 12:43 - 2017-08-10 01:22 - 009982968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-09-08 12:43 - 2017-08-10 01:22 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-09-08 12:43 - 2017-08-10 01:22 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-09-08 12:39 - 2017-09-08 12:54 - 000002733 _____ C:\Users\Alex\Desktop\JRT.txt
2017-09-08 12:36 - 2017-09-08 12:36 - 001790024 _____ (Malwarebytes) C:\Users\Alex\Downloads\JRT.exe
2017-09-05 13:01 - 2017-09-05 13:01 - 000176813 _____ C:\Users\Alex\Documents\ZHPDiag.txt
2017-09-05 12:51 - 2017-09-05 12:51 - 000177419 _____ C:\Users\Alex\Desktop\ZHPDiag.txt
2017-09-05 12:48 - 2017-09-13 23:55 - 000000000 ____D C:\Users\Alex\AppData\Roaming\ZHP
2017-09-05 12:48 - 2017-09-05 12:49 - 000000000 ____D C:\Users\Alex\AppData\Local\ZHP
2017-09-05 12:48 - 2017-09-05 12:48 - 002831744 _____ C:\Users\Alex\Downloads\zhpdiag3.exe
2017-09-05 12:48 - 2017-09-05 12:48 - 000000788 _____ C:\Users\Alex\Desktop\ZHPDiag.lnk
2017-08-31 00:01 - 2017-08-31 00:01 - 005916576 _____ C:\Users\Alex\Downloads\econ around you - intro to econ vle.pptx
2017-08-30 13:23 - 2017-08-30 13:23 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-08-29 18:33 - 2017-08-29 18:33 - 000000000 ____D C:\Users\Alex\Documents\Warm Lamp Games
2017-08-20 22:13 - 2017-08-20 22:13 - 000094696 _____ C:\Windows\ntbtlog.txt
2017-08-18 15:33 - 2017-08-18 15:33 - 000001144 _____ C:\Users\Alex\Documents\EUVC list.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-14 22:20 - 2017-08-13 19:15 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-14 22:20 - 2015-09-23 17:35 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2017-09-14 22:20 - 2015-09-23 02:28 - 000000000 __SHD C:\Users\Alex\IntelGraphicsProfiles
2017-09-14 22:19 - 2009-07-14 05:45 - 000035312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-14 22:19 - 2009-07-14 05:45 - 000035312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-14 21:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-09-14 21:07 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-14 21:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-14 21:03 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-14 21:03 - 2009-07-14 05:45 - 005049072 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-13 23:53 - 2017-08-11 12:36 - 000000000 ____D C:\Users\Alex\AppData\Roaming\discord
2017-09-13 23:50 - 2017-08-14 15:12 - 000000000 ____D C:\Windows\Minidump
2017-09-13 18:16 - 2015-12-06 18:16 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-09-13 11:47 - 2016-02-29 02:41 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2017-09-12 17:07 - 2015-09-24 17:53 - 000000000 ____D C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2017-09-11 08:01 - 2016-04-23 15:45 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-11 07:35 - 2016-04-23 15:44 - 000002308 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-09-11 07:35 - 2016-04-23 15:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-09-11 07:35 - 2016-04-23 15:44 - 000000000 ____D C:\Windows\system32\Drivers\NSx64
2017-09-08 16:07 - 2016-10-10 16:48 - 000000000 ____D C:\Users\Alex\AppData\Local\CrashDumps
2017-09-08 12:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-05 12:19 - 2015-09-18 22:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-04 03:38 - 2016-04-23 15:44 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-09-04 03:38 - 2016-04-23 15:44 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-09-03 13:19 - 2015-09-18 22:28 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-29 01:36 - 2017-08-11 12:30 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 01:36 - 2017-08-11 12:30 - 000002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-26 21:20 - 2017-08-13 20:01 - 001281162 ____N C:\Windows\Minidump\082617-6957-01.dmp
2017-08-18 01:22 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-08-17 23:34 - 2015-12-06 18:16 - 000000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2017-08-17 03:44 - 2015-09-26 23:06 - 000000000 ____D C:\Users\Alex\AppData\Local\Ubisoft Game Launcher
2017-08-16 21:21 - 2016-02-06 22:09 - 000000000 ____D C:\Users\Alex\Documents\Bandicam

==================== Files in the root of some directories =======

2017-08-13 19:15 - 2017-08-13 19:15 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-12 16:06

==================== End of FRST.txt ============================

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2017 01
Ran by Alex (14-09-2017 22:23:33)
Running from C:\Users\Alex\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-08-13 18:40:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-630333582-4039751370-1614634531-500 - Administrator - Disabled)
Alex (S-1-5-21-630333582-4039751370-1614634531-1000 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-630333582-4039751370-1614634531-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Game of Thrones version 1.2 (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 1.2 - AGOT TEAM)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly)
American Truck Simulator (HKLM\...\Steam App 270880) (Version: - SCS Software)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive)
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version: - Ubisoft Montreal)
Astroloco: Worst Contact (HKLM\...\Steam App 357490) (Version: - Hungry Planet Games)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audiosurf (HKLM\...\Steam App 12900) (Version: - Dylan Fitterer)
Audiosurf 2 (HKLM\...\Steam App 235800) (Version: - Dylan Fitterer)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.2.1014 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version: - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version: - )
Beholder (HKLM\...\Steam App 475550) (Version: - Warm Lamp Games)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Betrayer (HKLM-x32\...\Steam App 243120) (Version: - Blackpowder Games)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Blackwake (HKLM\...\Steam App 420290) (Version: - Mastfire Studios Pty Ltd)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Braid (HKLM\...\Steam App 26800) (Version: - Number None)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version: - Techland)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.)
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Crusader Kings II (HKLM\...\Steam App 203770) (Version: - Paradox Development Studio)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version: - Red Hook Studios)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DarthMod: Shogun II (HKLM-x32\...\DarthMod: Shogun II) (Version: - )
DEFCON (HKLM\...\Steam App 1520) (Version: - Introversion Software)
Democracy 3 (HKLM\...\Steam App 245470) (Version: - Positech Games)
Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
Discord (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dishonored 2 (HKLM\...\Steam App 403640) (Version: - Arkane Studios)
Domina (HKLM\...\Steam App 535230) (Version: - DolphinBarn)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Dying Light (HKLM\...\Steam App 239140) (Version: - Techland)
Empire TV Tycoon (HKLM-x32\...\Steam App 377900) (Version: - Dreamsite Games)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version: - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Europa Universalis IV (HKLM\...\Steam App 236850) (Version: - Paradox Development Studio)
F1 2016 (HKLM\...\Steam App 391040) (Version: - Codemasters)
First Strike Final Hour (HKLM\...\Steam App 587000) (Version: - Blindflug Studios AG)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version: - Subset Games)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version: - Paradox Development Studio)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
Hexcells Infinite (HKLM-x32\...\Steam App 304410) (Version: - Matthew Brown)
HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive)
Injustice: Gods Among Us Ultimate Edition (HKLM\...\Steam App 242700) (Version: - NetherRealm Studios)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)
Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version: - Avalanche Studios)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version: - Squad)
KHOLAT (HKLM-x32\...\Steam App 343710) (Version: - IMGN.PRO)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Mafia III (HKLM\...\Steam App 360430) (Version: - Hangar 13)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version: - The Creative Assembly)
Medieval Kingdoms 1212 Part 1 (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Medieval Kingdoms 1212 Part 1) (Version: - )
Medieval Kingdoms 1212 Part 2 (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Medieval Kingdoms 1212 Part 2) (Version: - )
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version: - 4A GAMES)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version: - 4A Games)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Small Basic v1.1 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.1.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mini Metro (HKLM-x32\...\Steam App 287980) (Version: - Dinosaur Polo Club)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Napoleon: Total War (HKLM\...\Steam App 34030) (Version: - The Creative Assembly)
Naval War: Arctic Circle (HKLM-x32\...\Steam App 200050) (Version: - TURBO TAPE GAMES)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.16 - Black Tree Gaming)
Norton Security (HKLM-x32\...\NS) (Version: 22.10.1.10 - Symantec Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
One Finger Death Punch (HKLM\...\Steam App 264200) (Version: - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version: - Wolfire)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.36.0 - Overwolf Ltd.)
Painkiller Hell & Damnation (HKLM-x32\...\Steam App 214870) (Version: - The Farm 51)
Painkiller Overdose (HKLM-x32\...\Steam App 3270) (Version: - Mindware Studios)
Painkiller: Black Edition (HKLM-x32\...\Steam App 39530) (Version: - People Can Fly)
Painkiller: Recurring Evil (HKLM-x32\...\Steam App 206760) (Version: - Med-Art)
Painkiller: Redemption (HKLM-x32\...\Steam App 65560) (Version: - Eggtooth Team)
Painkiller: Resurrection (HKLM-x32\...\Steam App 39560) (Version: - Homegrown Games)
Panzermadels: Tank Dating Simulator (HKLM\...\Steam App 379980) (Version: - DEVGRU-P)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version: - Ndemic Creations)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Project Zomboid (HKLM\...\Steam App 108600) (Version: - The Indie Stone)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.5.0 (32-bit) (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\{1197d2bb-6cf8-488a-b994-d5bf6d7efe7b}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Core Interpreter (32-bit) (HKLM-x32\...\{E9E55FC3-A47F-4ACA-8691-C22469450FB1}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (32-bit) (HKLM-x32\...\{D5A057BD-471E-40D6-B7E0-79E08210D8F6}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (32-bit) (HKLM-x32\...\{169B7A58-FE29-48E8-8773-9D6390815C8C}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (32-bit) (HKLM-x32\...\{CE48771A-4CC2-4F35-A7B3-D136E91D04F3}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (HKLM-x32\...\{CAA5FC80-DEF6-4DFA-9C06-23921A87F092}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (32-bit) (HKLM-x32\...\{11187860-0D92-490D-86EC-3A941C98D451}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (32-bit) (HKLM-x32\...\{0740B2CD-63EC-44C7-B39E-B6EB579773E6}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{7AB85182-2EE4-4137-A5C6-D8C03958DCBA}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (32-bit) (HKLM-x32\...\{2234BC4D-E95D-40C2-818D-7845760C510F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (32-bit) (HKLM-x32\...\{4A69B338-2C0C-4726-A261-44DBCF0DA94A}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Reigns (HKLM\...\Steam App 474750) (Version: - Nerial)
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Rising Storm 2: Vietnam (HKLM\...\Steam App 418460) (Version: - Antimatter Games)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.2 - Rockstar Games)
Rodina (HKLM-x32\...\Steam App 314230) (Version: - Elliptic Games)
Scourge of War: Waterloo (HKLM\...\Steam App 369390) (Version: - NorbSoftDev)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version: - Flying Wild Hog)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Sir, You Are Being Hunted (HKLM\...\Steam App 242880) (Version: - Big Robot Ltd)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{AC7406B6-BB3B-4CD1-AEBA-0527B9CB16FE}) (Version: 7.27.0.105 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{FAD5089C-EB67-442F-89A3-970BCD034D40}) (Version: 7.14.0.184 - Skype Technologies S.A.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - Keen Software House)
Spermination (HKLM-x32\...\Steam App 363460) (Version: - Phr00t's Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version: - Paradox Development Studio)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)
Sword With Sauce: Alpha (HKLM\...\Steam App 581630) (Version: - Diatomic Games)
Syrian Warfare (HKLM\...\Steam App 485980) (Version: - Cats Who Play)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Curious Expedition (HKLM-x32\...\Steam App 358130) (Version: - Maschinen-Mensch)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Howler (HKLM-x32\...\Steam App 306040) (Version: - Antanas Marcelionis)
The Swindle (HKLM-x32\...\Steam App 369110) (Version: - Size Five Games)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
theHunter™: Call of the Wild (HKLM\...\Steam App 518790) (Version: - Expansive Worlds)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal)
Total War: ATTILA (HKLM\...\Steam App 325610) (Version: - Creative Assembly)
Total War: ROME II - Emperor Edition (HKLM\...\Steam App 214950) (Version: - Creative Assembly)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version: - Creative Assembly)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
TunnelBear (HKLM-x32\...\{7094abcc-0311-45f4-aaac-638bf633a58a}) (Version: 2.3.22.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{EFF0A0F1-E557-4228-8F55-E6DD94516FDC}) (Version: 2.3.22.0 - TunnelBear) Hidden
Universe Sandbox ² (HKLM-x32\...\Steam App 230290) (Version: - Giant Army)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Verdun (HKLM\...\Steam App 242860) (Version: - M2H)
Victoria II (HKLM\...\Steam App 42960) (Version: - Paradox Development Studio)
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version: - RuneStorm)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version: - Eugen Systems)
Warhammer: End Times - Vermintide (HKLM\...\Steam App 235540) (Version: - Fatshark)
Westerado: Double Barreled (HKLM-x32\...\Steam App 275200) (Version: - Ostrich Banditos)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{58743271-597A-401B-AF4A-1450179151C0}\InprocServer32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{AB08C8FC-971C-4AE2-B23D-D76AC42C46E9}\localserver32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.14.0.184\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{ABB7ECA5-6973-499F-B610-80173795847A}\InprocServer32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.14.0.184\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{D0FC4B60-C60D-4908-8365-0C64C03E0291}\localserver32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-03-13] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BB47E1C-65AC-4B30-9954-187CCB1234B9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {0E10E79B-1E11-4FE0-8E62-AA7A2FEBDEBB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-630333582-4039751370-1614634531-1000
Task: {0E2760F8-3F8C-475B-857C-6F966EB51CFD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-03] (Microsoft Corporation)
Task: {1B52B129-F8C3-440F-ABFF-87CBACAAD825} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {2D907517-3127-4DCD-9899-702FB8523E2B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {46C04AD0-7561-450A-AD48-FC68053020FA} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-08-24] (Symantec Corporation)
Task: {4C621390-2ED0-4DC8-8214-3CC44517B6F5} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {58CB4454-B5FE-44A7-848A-C9283038B151} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {641A6F4E-DAB3-4C5B-9108-FF3513DEA8C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-11] (Google Inc.)
Task: {65A4DEBB-AEC8-4C56-8D27-DA120040F02D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {66BD7690-8E3A-4166-BA16-051A98E84C62} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7A180518-D8DF-41D3-8C8F-E1D26DA021C7} - System32\Tasks\DllKitPRO => C:\Program Files (x86)\DllKitPRO\dllkitpro.exe
Task: {92B47D1E-E56A-4807-8453-66E6AF1EC407} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {9350ECA1-A41C-4A0D-B77D-1A79EF41587F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-09-10] (Overwolf LTD)
Task: {96803BE7-EC85-43C0-A98C-D48E608D71EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {A7E03ABD-597E-4918-8101-9808A823ADAC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {A8D3C198-71E3-495A-9800-FC2A09B6402D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {C0453763-91DE-4AFA-990D-D2ECA3EA41B3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {C3B84E8B-499E-4461-9FD8-190CE7087FD4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {CC21B860-0C88-45F5-A572-5500341E5D11} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {D0E9C069-E34A-4EFC-A80E-B3D57DE4B779} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {D556B455-9C86-4F05-AA5E-1F501B329789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-11] (Google Inc.)
Task: {D8C22827-26A2-4491-9FB3-6C5C06A96BF5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\WSCStub.exe [2017-08-24] (Symantec Corporation)
Task: {E5AD3D8F-8DE9-4495-84C4-8001C1AE137B} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-11-22 00:42 - 2017-02-23 19:35 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-22 00:42 - 2017-02-23 19:35 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2015-09-23 06:10 - 2013-10-18 17:42 - 000048856 _____ () C:\Windows\runSW.exe
2016-02-10 13:24 - 2016-02-10 13:24 - 000039424 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-03-16 17:23 - 2017-09-03 13:17 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-09-23 06:10 - 2013-12-16 09:52 - 000847872 _____ () E:\1A\TWCU.exe
2017-08-29 01:36 - 2017-08-23 09:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 01:36 - 2017-08-23 09:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-08-11 12:36 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Alex\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-06-01 02:18 - 2017-09-03 13:17 - 008928960 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-09-23 06:22 - 2017-08-04 22:19 - 000678176 _____ () E:\Steam\SDL2.dll
2015-09-23 06:22 - 2016-09-01 02:02 - 004969248 _____ () E:\Steam\v8.dll
2015-09-23 06:22 - 2016-09-01 02:02 - 001563936 _____ () E:\Steam\icui18n.dll
2015-09-23 06:22 - 2016-09-01 02:02 - 001195296 _____ () E:\Steam\icuuc.dll
2015-09-23 06:22 - 2017-09-07 05:51 - 002505504 _____ () E:\Steam\video.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 002549760 _____ () E:\Steam\libavcodec-56.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000442880 _____ () E:\Steam\libavutil-54.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000491008 _____ () E:\Steam\libavformat-56.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000332800 _____ () E:\Steam\libavresample-2.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000485888 _____ () E:\Steam\libswscale-3.dll
2015-09-23 06:22 - 2017-09-07 05:51 - 000885024 _____ () E:\Steam\bin\chromehtml.DLL
2016-03-09 09:19 - 2016-07-04 23:17 - 000266560 _____ () E:\Steam\openvr_api.dll
2015-09-23 06:10 - 2013-11-21 16:13 - 001411072 _____ () E:\1A\nicLan.dll
2015-09-23 06:10 - 2013-07-23 16:21 - 000193024 _____ () E:\1A\DC_WFF.dll
2015-09-23 06:10 - 2013-12-20 11:13 - 000300544 _____ () E:\1A\WJRtl.dll
2017-08-11 12:36 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Alex\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-11 12:36 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Alex\AppData\Local\Discord\app-0.0.298\libegl.dll
2016-12-13 01:11 - 2017-07-17 23:50 - 073115424 _____ () E:\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 08:00 - 2017-05-17 02:54 - 000678176 _____ () E:\Steam\bin\cef\cef.win7\SDL2.dll
2015-09-23 06:22 - 2015-09-25 00:52 - 000119208 _____ () E:\Steam\winh264.dll
2017-08-11 12:36 - 2017-08-31 17:42 - 009622008 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-11 12:36 - 2017-08-11 12:36 - 001440248 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-14 22:20 - 2017-09-14 22:20 - 000148992 _____ () \\?\C:\Users\Alex\AppData\Local\Temp\57B1.tmp.node
2017-08-11 12:36 - 2017-08-11 12:36 - 002658296 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-11 12:36 - 2017-08-11 12:36 - 002673656 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\sharepoint.com -> hxxps://thsuknet-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-630333582-4039751370-1614634531-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{96E7AE14-410E-4C17-AAB0-6C50199C724E}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{AFB70808-8AA3-4155-9FAC-D07D7FD1101B}] => (Allow) E:\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{42E0D8E2-640C-4DD9-BAD7-CD09051FF44C}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{97C74FD9-8B9C-4AF0-A2AC-83129914792B}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{9EF21195-2FF3-469C-A2E6-C75F54C9E403}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{8751276E-0CFE-488F-B354-0042937D54ED}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{7E36EA14-0843-4D27-B8A3-57ABA1569D41}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{12BBAF68-B76C-47BA-A8D7-9D62172DCB8C}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{2CA463D1-4AB4-44A6-87F4-8FFC550DF098}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{EE5715D8-7C4F-43BD-9DD8-269A6389A3FF}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{FA795D5E-A9B9-4D7E-9D00-E16CA398D6EE}E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe] => (Block) E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe
FirewallRules: [TCP Query User{CFFE91F1-1D3F-4835-B704-F5F4A9262B91}E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe] => (Block) E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe
FirewallRules: [{31DBB65F-F7A5-4814-B503-25F4476524D0}] => (Allow) E:\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [{2E786667-6141-434C-A780-255A6910E673}] => (Allow) E:\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [{DEBF978F-35D0-4D7E-AD01-31B137442E90}] => (Allow) E:\Steam\steamapps\common\theHunterCotW\theHunterCotW_F.exe
FirewallRules: [{D4F83BA4-18EE-41D3-9A9F-9240A5C38382}] => (Allow) E:\Steam\steamapps\common\theHunterCotW\theHunterCotW_F.exe
FirewallRules: [{9245239C-163E-414D-8D24-B1D9CE981418}] => (Allow) E:\Steam\steamapps\common\Domina\Domina.exe
FirewallRules: [{229F5F9A-4796-45AB-894A-1372D1023DD6}] => (Allow) E:\Steam\steamapps\common\Domina\Domina.exe
FirewallRules: [{443343FA-EEED-4D05-BC43-B8310536B93D}] => (Allow) E:\Steam\steamapps\common\Syrian Warfare\bin\SyrianWarfare.exe
FirewallRules: [{2FF90DBB-0406-41DF-8E03-403D91B3EB52}] => (Allow) E:\Steam\steamapps\common\Syrian Warfare\bin\SyrianWarfare.exe
FirewallRules: [{D3285F31-EE3F-4812-8DF1-3F98D6B49FB7}] => (Allow) E:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{767A947F-FB61-402E-A25E-F2D12A4B228D}] => (Allow) E:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{963B376C-72B4-4BAE-A07D-738D4777137D}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{7419C265-AC33-4499-AC29-7E0BC36F8466}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{EA1E0400-571F-4557-A2A6-E1CB9748F5C7}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{1DD7BC8B-9BBE-4727-84BE-3BAA91C13E57}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{85894124-4C55-4320-A562-7FE5BF988C52}] => (Allow) E:\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{82A1199B-8AFF-4CD1-8C81-6BC497BB9FDB}] => (Allow) E:\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{DC51661D-7F68-457D-8430-3B0E93495A8F}] => (Allow) E:\Steam\steamapps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B9BDF904-4648-4ADB-B3CA-0E59657FFFEB}] => (Allow) E:\Steam\steamapps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{F84E3176-CF7B-409C-A59E-FC647FBC883F}] => (Allow) E:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{55FB82E4-5B01-46C5-85D1-9401F194E31D}] => (Allow) E:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{DC79F007-2E33-40E4-9745-565B808B77D2}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{AD840992-EE07-40AB-AD89-B6E1EFAD6037}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{C8981042-BF2C-495F-9EE0-F9456AACC242}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{221E8CC9-8AAA-4C6A-93A1-2E0B40377098}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{2E49665E-D241-4A03-98DA-5852486E1F6E}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{D2C17914-8F24-447A-82DE-458D5DEC49A2}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{0E81BEEE-50F8-42A1-B733-678A0A027F7C}] => (Allow) E:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{2F79877D-4F3D-4323-8755-E2D66B5995CA}] => (Allow) E:\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{5E474619-4428-4094-BCB0-944940119757}] => (Allow) E:\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{5D164E49-48CF-434F-95D0-F49C31D49B25}] => (Allow) E:\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{A24226EA-DE5B-4E8D-BDBC-FF9FC2575D32}] => (Allow) E:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{99FDF815-F77C-426E-8019-A3AB6C6C1FAF}] => (Allow) E:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{97BEEF9C-E91C-467B-B7AF-7678E676FD8C}] => (Allow) E:\Steam\steamapps\common\FirstStrikeFinalHour\FirstStikeFinalHour.exe
FirewallRules: [{47544D27-5040-44E8-931A-050BD916A9F9}] => (Allow) E:\Steam\steamapps\common\FirstStrikeFinalHour\FirstStikeFinalHour.exe
FirewallRules: [{34E0F4B3-7120-4A6F-B43D-858E002010D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2A80FDE2-53BC-48B0-853F-BF2595A249C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2D89E8FC-673D-4C02-A54E-383DF0AD9D29}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{01ED11F7-73E4-412C-AE10-CFED915ED1B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{B9388CB9-F2E6-4CB4-86E4-98275B380A1B}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [TCP Query User{67039C1E-BFC8-492E-83C3-F4ECC6B74401}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [{F6C784AB-160A-4DB3-8C16-69071E357605}] => (Allow) E:\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{E79E930E-783C-4A36-B7AB-DBEC5868A58E}] => (Allow) E:\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{79398897-AA55-4EBE-A4CF-174B9FF29F98}] => (Allow) E:\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{F737ED71-AC79-42DD-931A-9497AB46210D}] => (Allow) E:\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{68B62FC8-6D34-4C1B-B8F0-87B5D9CC3B57}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{B9DEC131-09F7-4D63-8143-826784481799}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [UDP Query User{24FDCDC8-83F0-4A0E-AFC3-4323B8792A0B}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [TCP Query User{7899C3B7-030D-4A96-89BD-0A47CB7D3C49}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{BEDAA2FC-1151-427E-A29B-A2CD05CCF440}] => (Allow) E:\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{81C8211F-1347-48D7-90BF-432BBFD7037B}] => (Allow) E:\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{808A2D8A-4077-4949-A832-5E40F04864B1}] => (Allow) E:\Steam\steamapps\common\F1 2016\F1_2016.exe
FirewallRules: [{8943FF05-1D1C-4177-BAEA-166A7930E052}] => (Allow) E:\Steam\steamapps\common\F1 2016\F1_2016.exe
FirewallRules: [{DE521477-84D2-40CB-90CC-43C913133255}] => (Allow) E:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{B7D6DA9C-12FA-4AE7-B93B-30529673D824}] => (Allow) E:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{A7B9060E-8C9A-48B3-B6B3-F7FB977D05A2}] => (Allow) E:\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{91645FE8-B95A-4456-AAC6-D2D312E86449}] => (Allow) E:\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{77059F52-A28A-45DC-8284-D5EDDEA70EA8}] => (Allow) E:\Steam\steamapps\common\Scourge of War Waterloo\SOWWL.exe
FirewallRules: [{3798A739-5DFA-4825-BFC5-EF093FDC220F}] => (Allow) E:\Steam\steamapps\common\Scourge of War Waterloo\SOWWL.exe
FirewallRules: [{90CBC851-432B-403E-87EA-51993853EB89}] => (Allow) E:\Steam\steamapps\common\Blackwake\Blackwake.exe
FirewallRules: [{217A27C8-548A-4B26-87FB-E157D5C90A94}] => (Allow) E:\Steam\steamapps\common\Blackwake\Blackwake.exe
FirewallRules: [{89BC7FAB-24B9-418F-9C7E-534A3123B1D5}] => (Allow) E:\Steam\steamapps\common\Braid\braid.exe
FirewallRules: [{E715CA75-720B-40BA-87C6-6002A33AE2AE}] => (Allow) E:\Steam\steamapps\common\Braid\braid.exe
FirewallRules: [{D30F36CB-7D63-4A3B-A961-30A61D2DE9C5}] => (Allow) E:\Steam\steamapps\common\Panzermadels\Panzermadels.exe
FirewallRules: [{A9BE815F-B4E1-4EDF-A90E-636DB852B603}] => (Allow) E:\Steam\steamapps\common\Panzermadels\Panzermadels.exe
FirewallRules: [{830C5052-BA2D-4297-8664-99690D6F439B}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1DCDECD8-32DE-47B3-A9A7-15D576E33A17}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{D116D235-915C-4B9B-BE16-7508264D880E}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{CC2C3EBA-0395-4908-AAE4-32BF1CB39141}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E981DFD8-5E0A-4383-A80F-3F18F88F4D0A}] => (Allow) E:\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{F0C441EC-8414-4475-B70F-3BA5EF502412}] => (Allow) E:\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{F85A05B8-5A75-4C25-8862-A43F6F11A7B2}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{17A9FEDA-B52D-4F6C-A98C-3C90BB351D52}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{46027175-EEB8-43AB-A833-2B583251F3B6}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{9E7F5B01-5704-4EE2-8DDE-109833EE6BAE}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{1D8E899E-C77B-4072-8868-814363CED353}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B352F41F-1964-4274-BB28-091EF60E8B86}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4E6423D7-0547-477C-9FFE-4D38BD7CE16C}] => (Allow) E:\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{9F9530C6-DBC1-4349-894A-61C6CE6E180D}] => (Allow) E:\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{746176A7-6B53-4D9F-946D-D865C1BF8E47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC315D9F-D844-4E76-8D48-BF6011C5FD7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B57F6DBB-EB8C-4445-B0F5-A7E72714ED1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{13B3189D-D98C-412D-98A9-ACF710DE6853}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C0D7B2C3-CF3D-42A9-9316-896C0592CED0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{1767CAD6-9A86-414E-8B02-FC3A28CCFB14}] => (Allow) E:\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{97691625-7572-4769-870A-0D530DDB4C03}] => (Allow) E:\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{FDF63DC1-420C-4E3D-B2AD-F17E03709C20}] => (Allow) E:\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{AEE7C769-39EB-4E9D-91D3-D62847C35183}] => (Allow) E:\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{D3D364A1-9F11-483D-A310-06E0DE383F51}] => (Allow) E:\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{407F5580-E04A-4ED2-A195-8FF05E5F763C}] => (Allow) E:\Steam\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{25BC2235-AE52-47C4-A548-842CD0F4BECD}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{6B81137A-C5E8-423A-AD96-B2574B330D61}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{2F78CCB1-E5F5-429B-93B5-F69E55253702}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{B2804EFA-287D-4CCE-9F8A-5D0EBC9B3033}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{24F33C97-33F4-44AC-90B1-B11B5A13135F}] => (Allow) E:\Steam\steamapps\common\Reigns\Reigns.exe
FirewallRules: [{3CC4B159-BA84-4086-A80B-F486438F3F81}] => (Allow) E:\Steam\steamapps\common\Reigns\Reigns.exe
FirewallRules: [{6BD83D17-FA37-49B5-B749-A80DC3DC8B6C}] => (Allow) E:\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{81BFBDCC-FA70-4BBD-BF07-FFAAE4F1A0E0}] => (Allow) E:\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{638F03D5-B23E-4D45-A336-358F4B01FAD9}] => (Allow) E:\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{BE1C0583-684C-4250-B6CE-E136CF57FBED}] => (Allow) E:\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{400709F2-E16F-4F9B-9AD6-1748D3C147A0}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{BC57D351-1963-4D31-A701-ED6DD0039CDC}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{0D483D8E-E7A6-4A4D-9688-DBDC4B811C3D}] => (Allow) E:\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{432A5774-162A-4E5F-8794-B533C7CC590A}] => (Allow) E:\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{76A220E4-C543-4F0E-A0F6-894E318EB56F}] => (Allow) E:\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{27A2611C-D8BD-4E1A-87DA-0EB1837E9689}] => (Allow) E:\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{9CE3212F-8D8D-47E4-A461-5D1F3AFDA20B}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{091F8CAC-95E9-436D-9BA3-F028BDF65270}] => (Allow) E:\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{3F21D295-365B-4A2D-A6B0-CEBF9A6BE268}] => (Allow) E:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{62C82668-0ACB-4BC7-A472-8FA79FA41669}] => (Allow) E:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{B32CCB1A-BA7B-4388-A0CA-2F6293EC1C76}] => (Allow) E:\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{AEA07B2C-0E54-42A8-AE71-4CA9A17FFFA8}] => (Allow) E:\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [UDP Query User{FBB7209E-6933-4015-9A9B-9924F738AEDD}E:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Block) E:\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{88DF63A5-2BE8-47A0-8981-8F6210D2D801}E:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Block) E:\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{5A437811-D259-4952-AC45-A3112F4F36D4}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{72D1CB53-12F4-4FE5-B188-5A92A29E2AA1}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{DE40EABE-FBAA-4DE7-9E41-D784D2BE795E}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{C40CAABE-3F50-43CD-9C0B-944E643D1F0B}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{3B387808-6641-4704-95BD-43C4B161627C}] => (Allow) E:\Steam\steamapps\common\Astroloco1\winsetup.exe
FirewallRules: [{0811C7C5-BABE-4F4F-833F-B66A7047F02C}] => (Allow) E:\Steam\steamapps\common\Astroloco1\winsetup.exe
FirewallRules: [{20E32851-A107-4FE9-8415-65AFF7306D05}] => (Allow) E:\Steam\steamapps\common\Astroloco1\AstroLoco1.exe
FirewallRules: [{FB4AE6F0-9CFE-4937-BC03-0C3CF0853A77}] => (Allow) E:\Steam\steamapps\common\Astroloco1\AstroLoco1.exe
FirewallRules: [{669200CB-CC12-4307-894C-E7D19A0E7795}] => (Allow) E:\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{31410A78-3B3C-4CFC-90D1-0471D27E4D04}] => (Allow) E:\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{1F95792D-227B-4773-8026-9986CC24EEBD}] => (Allow) E:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox VR.exe
FirewallRules: [{71DEEE14-47B6-4CD2-AE21-7BEF7F08CF79}] => (Allow) E:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox VR.exe
FirewallRules: [{E986416F-C4ED-4608-B49E-A138F2211A11}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A528405E-8BB8-4BF3-BB58-30731328943D}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{9A5A74F0-4D33-4B4E-8538-4D5772003F1E}] => (Allow) E:\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{E76347D7-E4D7-4044-AA54-C17AE849BA91}] => (Allow) E:\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{9A5024AF-9A1D-4D67-AF35-9DC77D4AF1A8}] => (Allow) E:\Steam\steamapps\common\The Curious Expedition\electron.exe
FirewallRules: [{16538FC7-E5FB-4DA9-B153-25BED221170B}] => (Allow) E:\Steam\steamapps\common\The Curious Expedition\electron.exe
FirewallRules: [{707CA1CC-E0C6-415E-BF70-C8751C72B299}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DDDDBE11-3799-4CDA-B6B3-078733C0FC91}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{B67BDE6A-907E-4D2B-B7E2-AF83CD46DC50}C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe] => (Block) C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe
FirewallRules: [TCP Query User{8B47E8E4-3C58-43CC-A249-39B14FB07B6F}C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe] => (Block) C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe
FirewallRules: [{6B502C33-FE25-41DA-8340-C8E8BE3AA202}] => (Allow) E:\Steam\steamapps\common\Hexcells Infinite\Hexcells Infinite.exe
FirewallRules: [{216A7F06-258B-4771-9138-2C7F8673266B}] => (Allow) E:\Steam\steamapps\common\Hexcells Infinite\Hexcells Infinite.exe
FirewallRules: [{D3D9BFBE-1FE0-48D3-BE01-2AA08697776C}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{AACDAA37-61D5-49A5-B830-18C529AE01D4}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{13569324-A13A-4DE8-8A29-4D356CECEE9E}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{AB6CB6EB-5898-4868-8068-1890315616DF}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{F917580D-38D1-447F-8A33-45A969C9D034}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{02DB5186-DB06-4C8C-9B90-CF23CC415C7B}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{33FC265F-D9DC-49AF-92CC-79F0643C04D2}] => (Allow) E:\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{82EAD0A7-F1E2-48A8-934E-7694EBAB49AA}] => (Allow) E:\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{D21D3DDF-E0A0-4DC1-AB84-03554C988AF8}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{382E2789-7BC3-4A3B-982A-98D06D5FABA9}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{23CC8488-320F-41FD-A7DB-51D8C5F1BBD0}] => (Allow) E:\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{9E2B6E6C-D761-42C7-8054-533EE8B9121D}] => (Allow) E:\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{C01E9C4E-BBC0-4636-ADE0-DC5024B5571B}] => (Allow) E:\Steam\steamapps\common\KHOLAT\Kholat.exe
FirewallRules: [{CC009619-4293-4E81-83F7-CCACF57A3BA8}] => (Allow) E:\Steam\steamapps\common\KHOLAT\Kholat.exe
FirewallRules: [{47539AD8-F699-4075-89EA-D4B16DAC6A73}] => (Allow) LPort=1900
FirewallRules: [{60D9618F-9D12-4128-B29C-C49455BE5DA6}] => (Allow) LPort=2869
FirewallRules: [{E1719443-8853-4CC3-9B84-95DD1EC708D1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2C0384B5-AB33-4A4E-8D81-C04C16C02762}] => (Allow) E:\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{75FAA455-D3E0-42B7-AF88-FABA47C7AE50}] => (Allow) E:\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{19498042-C076-40DC-91E6-098E3D1C2D36}] => (Allow) E:\Steam\steamapps\common\Howler\Howler.exe
FirewallRules: [{5FA0E1FF-1811-4489-AA53-037F92F270F1}] => (Allow) E:\Steam\steamapps\common\Howler\Howler.exe
FirewallRules: [{1448BA25-590A-41A5-BD28-50B2BBF34D86}] => (Allow) E:\Steam\steamapps\common\Empire TV Tycoon\EmpireTV.exe
FirewallRules: [{7B2B72E1-D744-4AD3-8826-57AED661EAF2}] => (Allow) E:\Steam\steamapps\common\Empire TV Tycoon\EmpireTV.exe
FirewallRules: [{BCE8A236-B2BE-4EE4-82B9-C19E690F610D}] => (Allow) E:\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{8A78F142-15D3-421E-8481-A880F1B21F36}] => (Allow) E:\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{68C4BA0D-0783-4F45-9E1D-C34CFB96AAFD}] => (Allow) E:\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{AA23588A-A03C-44D5-B53E-6723F4F2E201}] => (Allow) E:\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{8A7F7C57-A79E-4A75-81E7-B912E8CFCF55}] => (Allow) E:\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{4836DFF6-38BF-4A54-A392-CE65079C7F44}] => (Allow) E:\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{7B2EEC31-537A-4CF4-89B2-50D583329451}] => (Allow) E:\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{AA65D49D-52E3-441A-9A37-C77061AC80DE}] => (Allow) E:\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{7724CFD5-31FC-4A19-BD34-B9BA0AF24661}] => (Allow) E:\Steam\steamapps\common\The Swindle\TheSwindle.exe
FirewallRules: [{DC0EF240-DC38-4DA6-84E4-537114BFA7B4}] => (Allow) E:\Steam\steamapps\common\The Swindle\TheSwindle.exe
FirewallRules: [{84F9DC32-5293-4774-B36D-E8F44C44D282}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{973B707E-89EF-46A6-B5E6-56B2C3DCD6B4}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{ACA18622-21FD-4017-B61E-9271313A0FEE}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{ABA4F3D1-5526-46CB-A929-1E1C7C60D266}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{431DAC89-E340-4DD1-96A4-53A33A1A2DF0}] => (Allow) E:\Steam\steamapps\common\Rodina\Rodina_Steam.exe
FirewallRules: [{55D36DCC-D3A6-4256-9C99-CC1A162545CF}] => (Allow) E:\Steam\steamapps\common\Rodina\Rodina_Steam.exe
FirewallRules: [{7CEC57F9-D511-45D9-A137-BEDADCEB920B}] => (Allow) E:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{BD430A1E-086F-4F5A-8465-BBF42C5A4DD4}] => (Allow) E:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{A27A4A74-5D88-493C-8739-2BAF704539F5}] => (Allow) E:\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{75101B1F-92E0-410B-8749-6398C92D4D4E}] => (Allow) E:\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [UDP Query User{7DA012B3-6B97-4F21-8658-4B432060A4B4}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{788EAAA3-ABF4-4CAC-B9B0-487216940C79}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{B1961B26-11B2-43D1-9298-AD44D596DC72}] => (Allow) E:\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{2C687411-8DE4-4695-9DCD-0DF12ADC43C0}] => (Allow) E:\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{AFC963A7-0506-473D-AB2D-5C34C49A4A7C}] => (Allow) E:\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{FA1AE159-6B0F-4876-A169-C92B26F9A330}] => (Allow) E:\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{55355503-8C50-477B-997F-87DEA8310D33}] => (Allow) E:\Steam\steamapps\common\Painkiller Hell & Damnation\Binaries\Win32\PKHDGame-Win32-Shipping.exe
FirewallRules: [{6B6E9C02-333B-4A8A-9734-BCF49440A4DB}] => (Allow) E:\Steam\steamapps\common\Painkiller Hell & Damnation\Binaries\Win32\PKHDGame-Win32-Shipping.exe
FirewallRules: [{7731937E-8684-4975-8E03-FA55D25C332E}] => (Allow) E:\Steam\steamapps\common\Painkiller Redemption\Bin\RedemptionEditor.exe
FirewallRules: [{F206052B-3C45-4707-805F-790560B7C060}] => (Allow) E:\Steam\steamapps\common\Painkiller Redemption\Bin\RedemptionEditor.exe
FirewallRules: [{14C76FB4-D54F-422D-8023-ED63982E38E8}] => (Allow) E:\Steam\steamapps\common\Painkiller Redemption\Bin\Redemption.exe
FirewallRules: [{952C38AC-EC59-4BF2-8D31-283764D9BE98}] => (Allow) E:\Steam\steamapps\common\Painkiller Redemption\Bin\Redemption.exe
FirewallRules: [{676F3500-4AE6-42F2-9D98-65554A8CF298}] => (Allow) E:\Steam\steamapps\common\Painkiller Recurring Evil\Bin\RecurringEvilEditor.exe
FirewallRules: [{BDC13F15-7853-4D1F-B348-E0A3BEC95E03}] => (Allow) E:\Steam\steamapps\common\Painkiller Recurring Evil\Bin\RecurringEvilEditor.exe
FirewallRules: [{A0E86BCE-48E5-4214-85B9-907178F127C2}] => (Allow) E:\Steam\steamapps\common\Painkiller Recurring Evil\Bin\RecurringEvil.exe
FirewallRules: [{C8A5645B-B57E-413E-B262-C411168D5B7E}] => (Allow) E:\Steam\steamapps\common\Painkiller Recurring Evil\Bin\RecurringEvil.exe
FirewallRules: [{F116F121-0801-40CC-94BE-10468BB88A9D}] => (Allow) E:\Steam\steamapps\common\Painkiller Overdose\Bin\Overdose.exe
FirewallRules: [{AF480B4E-54B1-40E8-A244-BEE195F052B3}] => (Allow) E:\Steam\steamapps\common\Painkiller Overdose\Bin\Overdose.exe
FirewallRules: [{ED321C58-D48C-4415-9D3C-138EACB185CC}] => (Allow) E:\Steam\steamapps\common\Painkiller Resurrection\bin\Resurrection.exe
FirewallRules: [{AB55824F-9E3F-4FAF-9A06-5B6D40026EBA}] => (Allow) E:\Steam\steamapps\common\Painkiller Resurrection\bin\Resurrection.exe
FirewallRules: [{F904C541-FB04-46E7-BBBF-0D23915A34E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{95CDE522-2BC2-4BF6-BB2A-20E988DEB5FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6465FCCE-22EB-4041-85D6-72015B7984F7}] => (Allow) E:\Steam\steamapps\common\Painkiller Black Edition\Bin\Painkiller.exe
FirewallRules: [{02F67D7D-8968-40CB-98A1-F8073253788D}] => (Allow) E:\Steam\steamapps\common\Painkiller Black Edition\Bin\Painkiller.exe
FirewallRules: [UDP Query User{53A68656-E320-4EFB-868F-C3278D7CC6A5}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{EB5330A2-FF1A-48B8-9F0C-1CB31701CC34}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{B24B36BB-0D98-42A9-80A1-5AA289D88F62}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{2E02719A-82A6-44E8-8914-3724A3AAFA5D}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [UDP Query User{A22DDE37-3357-4F80-9975-662DBD11CD1A}C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe] => (Block) C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [TCP Query User{D470F145-DBAB-4712-A507-8CDC5D7A3ABF}C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe] => (Block) C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [{5EB6144C-17C7-4A08-807A-B8C7F37B83BF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0A8BDE35-C0B0-4BB8-881E-C17E1BF8373B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{364C1438-B6A9-48FB-B3A0-3A3697EBE5A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A804557F-B272-4CA7-B433-379FB196B77A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7871B363-C137-4E69-B738-84BFF793F221}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{E5E38B0F-C356-4961-BB23-A5B9992B1721}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{2F32C1BD-026D-440F-BB09-1D284E8E5D5C}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{19285886-F36F-4AA2-A87B-D274DF754BC5}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{D55C3026-CF01-435E-B93D-A18323811FCE}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7A2B3893-9D9F-4F61-BFF9-F15E19D8DC9F}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{AB3F07B5-EBE6-41E2-B1D8-E78923D237C0}] => (Allow) E:\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe
FirewallRules: [{6EE8DADD-2048-464C-96D2-7D0833C95672}] => (Allow) E:\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe
FirewallRules: [{0CB3D29E-2E0A-4E9B-95D0-C4A980D5327A}] => (Allow) E:\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{693D7A94-643D-4768-8487-584E083B7AB8}] => (Allow) E:\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{DEC7CCFF-5B51-4CC1-9C65-88A5D725D2B4}] => (Allow) E:\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{A4A35749-46A6-4DC8-BC81-C0CF3E2F9ED1}] => (Allow) E:\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{804661D2-E50A-4486-8AEB-94E0197928D0}] => (Allow) E:\Steam\steamapps\common\Westerado\WesteradoDB.exe
FirewallRules: [{B1F63AFE-4C8D-44D3-9F9B-AF879136B157}] => (Allow) E:\Steam\steamapps\common\Westerado\WesteradoDB.exe
FirewallRules: [{54409E8C-8D01-4435-BA9C-5CEC57CCED21}] => (Allow) E:\Steam\steamapps\common\Naval War Arctic Circle\NWAC.exe
FirewallRules: [{44C58591-853D-4720-BECF-BFA5C33AB711}] => (Allow) E:\Steam\steamapps\common\Naval War Arctic Circle\NWAC.exe
FirewallRules: [{9604FC57-4CCF-4D1C-8B0D-018E398B9CF0}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2F984FA6-3F9F-4BD4-8888-78EFD19DE263}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D66E2B93-4647-4F74-B284-6451632088AB}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{06E982CE-5605-4D95-90A6-7CF3E266E380}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{F9C922EC-ADA5-4083-833F-0459141144D4}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{92EDC087-8DD4-4A74-B13F-E9906D60F831}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{56EB12E4-9BAF-4B45-BD1F-DEBBD5DCDBAC}] => (Allow) E:\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{FCBA4FE5-9243-40BA-BB38-6B67E60F213D}] => (Allow) E:\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{58155C47-495C-49B8-A90B-5C0EBDF2EF90}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{A9A66C06-6376-4396-A3DC-E40364C946E2}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{423B688C-6B43-4659-A471-03B66F857889}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{A5FE7682-0818-4E8B-A6A6-566EFADADD08}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{F796B4B4-1F7A-4D24-BF22-321C3FDB3B82}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{BD5D063E-88CC-4F0D-8F95-D7CEDD5AD206}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{D1A87504-C435-417C-86F4-D59C69BC93FE}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{BA7A361D-9F1D-4EFA-A38D-5D6882D29FCC}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{91F89AC4-A129-48FC-94BC-F35D776CAE86}] => (Allow) E:\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{3C0CD397-9564-4C57-9D41-3D509FB05038}] => (Allow) E:\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{98A9F175-A368-447B-A476-6FE06EB697C3}] => (Allow) E:\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{764C05F9-A332-43B9-B574-D4F08F7B3439}] => (Allow) E:\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe
FirewallRules: [{B4DE6F08-1B7C-4D44-80D9-BE2A38AE2248}] => (Allow) E:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{845441F0-26A1-40B0-B629-E29F9727F9A8}] => (Allow) E:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{30A0B135-5594-4B3C-8404-61C6202662D9}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{3FC3BB9A-7D73-403D-9275-3D94B9D1CF20}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{33539671-9902-49CD-A955-A6015D31B8FD}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{28A32418-C6DD-478C-B02A-79C985CC886F}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{53A21B22-39F1-42E1-9F3E-BD7DD301A94F}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{855630AF-4C15-47F4-ABF6-6A7C0AC746F7}] => (Allow) E:\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{FE0A8470-16EA-4E40-8DBB-45458AF0270D}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{5CC95C32-BF65-44F3-BCBC-4EDCC6E05E23}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2C26FEBC-10A7-44E2-916E-59EA27E7044B}] => (Allow) E:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{8B59C55D-83D0-4872-8980-A584B27F34E4}] => (Allow) E:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{E91416FA-3457-420C-8994-ECEA842EF326}] => (Allow) E:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{1375463C-EF0E-4B54-B07A-83DB04375CBC}] => (Allow) E:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{B94486E4-B0C8-4DCE-BB9E-07D2C1820114}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{E3A2D27F-63F4-46AB-84A8-44607939B9D3}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7B0149ED-B97A-42EE-9346-C611D26C9072}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{9C3B6A05-CC77-4942-84D6-596B1741B647}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2C5D83FD-7932-4CE6-8000-03AD3F984EC9}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{70BD0A05-1395-4653-B229-C9C5D1823040}] => (Allow) E:\Steam\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{5D0E83A1-ABC4-4B52-BC6B-D4A69DC05E56}] => (Allow) E:\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{568030BA-AF9D-4F61-84C3-D55975D24193}] => (Allow) E:\Steam\steamapps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{7D794E2A-B161-4FA1-9597-D301EEF1F79E}] => (Allow) E:\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{A1898A9F-D477-4248-8360-299E5E912075}] => (Allow) E:\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{88138129-409E-4C8A-877A-9ADA8EB205FD}] => (Allow) E:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{8C81187B-7DA3-4FEB-AEA5-43C070B8CD3C}] => (Allow) E:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{CE65FD72-AAF6-43EB-BC91-DFC7DB02622E}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C05D7E65-7A05-47BD-938D-47FD5E6A793E}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{F89D9D8B-8F5F-405E-AF70-93085D9EB57D}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{1B85F771-A5F4-419E-A0A9-1A55AF524C47}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{B2E61692-2D3E-4EEC-A408-7710A6754F4F}] => (Allow) E:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{C713DF62-9D39-4BBB-AB66-7F340A4B299C}] => (Allow) E:\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{F029FA80-2EE1-4D56-BA7F-4DCB400E9DDD}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{4A79F3FB-2D3A-447F-B98F-B921BF91B69F}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{5CF3CCFE-06D4-420E-92C7-97306CC9BDCE}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{83CF1D96-3135-43E9-88AB-767C9827B614}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{2D4FF11C-A0D9-4586-B8DC-0CD9B2847568}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{6362D936-34F4-46EC-A216-7E26B633D0FF}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{04A283E1-D779-4F09-8738-B4876DB4755C}] => (Allow) E:\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{EDB56842-6095-4389-B899-09D9209F549A}] => (Allow) E:\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{12C5A99E-B3D5-467D-B389-384F58ED69AA}] => (Allow) E:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe
FirewallRules: [{176DDD3E-79FC-4279-9D45-3CA417DBCEE6}] => (Allow) E:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe
FirewallRules: [{3D7F4B70-337C-4710-8161-6868FCA7E18D}] => (Allow) E:\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{DAFBB32B-1CDB-438F-A697-592636C7D7BE}] => (Allow) E:\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{3BECF9E9-4FFD-4743-9464-486B115D6D40}] => (Allow) E:\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{4B9B38DB-A288-442A-86C6-3EBCA7214BA2}] => (Allow) E:\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{78E8D1FF-A533-4DC3-971B-F014C9CF2B28}] => (Allow) E:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{38951131-905C-47D2-B57B-646DF9AADFA1}] => (Allow) E:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{9E1F2C96-4CF6-4FEF-8331-647E4CED1B16}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{77CD7DBC-6942-4274-AAFD-3A837CF21061}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{104AE981-B2B4-4886-B8C5-EE4D7BDA5444}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{8119A035-E01C-4CA3-ADAF-1860F7D7EA94}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{E9C9F9D0-3476-4460-A873-90D8AA57D5D3}] => (Allow) E:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{96A7F6FB-9BD8-40D8-BF64-E38D9DE0472E}] => (Allow) E:\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{EBE05BB2-F9B8-4AF4-99E2-3608D687FE23}] => (Allow) E:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{383E091B-2E89-4D53-AE71-350CEA730633}] => (Allow) E:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{29253754-6C95-4AE9-986C-B3824E346FF5}] => (Allow) E:\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{DFDF93C6-D21F-42E3-8A41-B56CA7C3826F}] => (Allow) E:\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{E5C7965B-9AF7-4E1A-BB56-A77576D86147}] => (Allow) C:\Users\Alex\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{727C172C-ED74-4700-ABB0-AFB2AC7D9945}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{080DF596-7203-4A93-9043-04A70CB70A8A}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{465E9387-B3EE-4411-B1AD-6590229DF0C3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{8677223F-9F95-476C-AADF-4BA6FB66354B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{56F92C8B-8C50-4B2A-9000-8BB63914D2A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2C1C6E47-7BFA-42E3-8C88-DE6D30269842}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{605C3DF9-4246-4773-84CF-9831FF734C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{78D55DC1-318C-4CCF-96AD-466B34F9BD3B}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{82A7C749-EFF2-4FC8-BEA2-F60234722A3E}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{9289FCA1-40AE-4A93-B3D4-EB855DE9B8FF}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6A684CB5-FA9F-46D5-8EB9-42B1A50241FC}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3FAE821B-F0C8-4AD1-9F0C-33CD07C80D13}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{DC8BBF33-0B86-4200-9305-42A8F751ECF9}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{31CB8B80-E386-428D-87FD-0516F871FCDC}] => (Allow) E:\Steam\steamapps\common\Reus\Reus.exe
FirewallRules: [{DAD8A397-D99A-416E-9581-4672D4456CBB}] => (Allow) E:\Steam\steamapps\common\Reus\Reus.exe
FirewallRules: [{3C406D74-9AAD-41CD-938F-D817F2A51B38}] => (Allow) E:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{CAF31C4F-7A74-41F3-8DDD-E12903D2645A}] => (Allow) E:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F1B3BD40-3A40-438D-9CBF-03F463B6E564}] => (Allow) E:\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{E04E4B65-01E2-4C95-9C3A-4C7B22E90D37}] => (Allow) E:\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{4B9C5204-0B03-45DC-86BD-F0114E09098A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A3CF985B-8C0F-4F3E-A71C-40FD10804A60}] => (Allow) E:\Steam\steamapps\common\Beholder\Beholder.exe
FirewallRules: [{FA67FAE5-3293-4611-96D4-09CF58E2ECCE}] => (Allow) E:\Steam\steamapps\common\Beholder\Beholder.exe
FirewallRules: [{2F540637-86A1-4C2D-BF3E-1C27CB81DC51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{90CF0C0D-0C57-46D6-BBB2-7A218DDFABB3}] => (Allow) E:\Steam\steamapps\common\Verdun\1914-1918 Series.exe
FirewallRules: [{141B6738-DCE9-4AE5-98E3-04DE40839D72}] => (Allow) E:\Steam\steamapps\common\Verdun\1914-1918 Series.exe
FirewallRules: [{46C7AABE-DCB5-46A4-B965-A9F509607A80}] => (Allow) E:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{12C7ACC7-5533-49BB-B8BC-363B493E5DC5}] => (Allow) E:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{F50FD054-5F20-408A-B270-ABB2A7EB1D96}] => (Allow) E:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{D43A379E-E6DF-4504-BBB1-9AB9E29A0FD1}] => (Allow) E:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{AFD591AC-CACE-4CC4-ADE9-79A000FD507C}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{A40E91AC-62A0-4025-A742-323663882DD5}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe

==================== Restore Points =========================

08-09-2017 12:52:43 JRT Pre-Junkware Removal
09-09-2017 03:00:20 Windows Update
09-09-2017 17:27:36 Installed DirectX
11-09-2017 03:00:20 Windows Update
12-09-2017 03:00:20 Windows Update
13-09-2017 03:00:19 Windows Update
14-09-2017 03:00:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2017 09:03:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/14/2017 09:03:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 4.0.1000.0, time stamp: 0x54b5dc94
Faulting module name: nvstreamsvc.exe, version: 4.0.1000.0, time stamp: 0x54b5dc94
Exception code: 0x40000015
Fault offset: 0x00000000003e81fa
Faulting process id: 0x7fc
Faulting application start time: 0x01d32d947923fe9f
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Report Id: c010acb2-9987-11e7-b002-fcaa14c32797

Error: (09/14/2017 06:09:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (09/14/2017 06:07:25 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\microsoft office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2017 11:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/13/2017 11:51:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 4.0.1000.0, time stamp: 0x54b5dc94
Faulting module name: nvstreamsvc.exe, version: 4.0.1000.0, time stamp: 0x54b5dc94
Exception code: 0x40000015
Fault offset: 0x00000000003e81fa
Faulting process id: 0x70c
Faulting application start time: 0x01d32ce2c1e83578
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Report Id: 08c93b28-98d6-11e7-b8c2-fcaa14c32797

Error: (09/13/2017 03:20:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (09/13/2017 03:20:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\microsoft office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/12/2017 04:07:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (09/12/2017 04:06:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\microsoft office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/14/2017 09:04:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.

Error: (09/14/2017 09:03:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/14/2017 09:03:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/14/2017 09:03:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (09/14/2017 09:03:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (09/14/2017 07:37:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (09/13/2017 11:51:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2017 11:51:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/13/2017 11:51:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (09/13/2017 11:50:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 19%
Total physical RAM: 32629.22 MB
Available physical RAM: 26116.39 MB
Total Virtual: 65256.63 MB
Available Virtual: 57952.35 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:227.02 GB) (Free:57.09 GB) NTFS
Drive e: () (Fixed) (Total:1863.01 GB) (Free:486.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6D21D437)
Partition 1: (Active) - (Size=5.9 GB) - (Type=27)
Partition 2: (Not Active) - (Size=227 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A0B47ED7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[gus]

Hello 10months, please allow me a little time to check your log, but in the meantime I notice your logs prior to this one all refer to the administrator as "Dan" whereas this latest log lists the admin as "Alex" with no reference to Dan anywhere. Can you please advise how this came about?

 

[10months]

In the first log I changed the name to Dan.

 

[gus]

This can make things very difficult, if not impossible to help you, we will now have to start afresh, although our concern now is what else has been changed. Why does the list of installed programs have differences also in two recently obtained logs?

 

[10months]

Sorry about this. I don't know why there are differences, the only things I've changed this whole time is the name in some earlier logs, the name of the computer, and in one of the logs I removed a link including the name of the school I used to go to - but I think I marked where I did that - so I didn't change anything I thought would be necessary. I have not tampered with installed programs or anything else like that. Is it possible the changes are due to things such as games I deleted or updated between the two logs?

Also, as a side note, gifs aren't work now - I don't know if this was the case from the start, but I don't think it is, "class not registered"

 

[gus]

If we start again will you agree to not change any computer users, or settings unless asked by us. Will you also agree to not remove, install, or update any software, and not to change any logs produced by any tools, until we give you the all clear?

Please respond to the above before we proceed.

 

[10months]

Ah, Christ, I see... When you had me enter code into the ZHPfix...
Alright then, by start again, you mean completely from the beginning, or... Could I just swap back the names on that code and go on from there?

 

[gus]

We shall be starting again if you agree to the following.

If we start again will you agree to not change any computer users, or settings unless asked by us. Will you also agree to not remove, install, or update any software, and not to change any logs produced by any tools, until we give you the all clear?

Please respond to the above before we proceed.

We are all volunteers here who are happy to help but we will have to insist users not to change the pc configuration and requested logs.

 

[10months]

Software will keep automatically updating, other than that I can agree - so far it has been over a month since I started the thread, I can't prevent updating anything for so long.

 

[gus]

OK, it must be said you have an extraordinary amount of games installed on your machine and removing some of them would help the PC to cope. In your original post you mentioned difficulty installing Nvidia driver, and its evident in your logs that you have an Intel video driver installed. If you no longer intend to use the intel driver I would suggest you remove it. If you agree then I would suggest you use the following app to remove the Intel graphics driver and superfluous games.

Please go HERE and download Geek Uninstaller portable and save it to somewhere you can find later. Now use you favorite Unzip application to extract the zipped file from the download. This should create a new folder that contains a Geek.exe file which you can now double left click to open the program.

Optionally you can create a desktop shortcut by right clicking the Geek.exe file and choose "Send to" from the drop down menu. This will give you a shortcut icon on the desktop for future use of this handy application.

You can safely ignore any security pop ups that may appear before the program opens.

Either way you open it once Geek Uninstaller is running select the program you wish to uninstall by right clicking it and then choose "Uninstall" from the drop down menu.

Follow and accept all uninstall options once the uninstaller begins.

It is recommended when removing any Antivirus/Security program, or if you have errors or difficulty removing any program to use "Force removal" to uninstall the program.

Should you have any further difficulty removing any items please ask us for help

Once you have uninstalled your choice, can you then follow this guide to remove and reinstall your Nvidia drivers?

https://pchelpforum.net/resources/remove-nvidia-video-drivers-with-ddu.82/

 

[10months]

Okay, the intel driver is gone, alongside around 700GB+ of games. The reinstall worked this time and now nvidia seems to be working fine (the 6 different parts are all there, up to date, control panel and geforce work without any issue). But this has had no discernible effect on games. Those I have tested still crash the same way as before, even after a reinstall.

 

[gus]

Glad to hear your video driver issue is fixed, one maybe two more scans to go, and we will clean up our tools. Can you please get fresh FRST logs.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

1. Accept the default whitelist options,
2. If the additions.txt options box is not checked please select it.
   
3. Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please COPY and PASTE the contents of these two files in your next post.

 

[10months]

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01
Ran by Alex (administrator) on SEXY_BEAST (18-09-2017 00:44:28)
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Discord Inc.) C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) E:\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() E:\1A\TWCU.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [Steam] => E:\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [GoogleChromeAutoLaunch_AD2529C7DB5B63D28C23362385276129] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-09-23]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> E:\TWCU.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D6FE7615-E3F4-4DBD-B664-C7231B00AA05}: [DhcpNameServer] 192.168.0.5
Tcpip\..\Interfaces\{DE19D148-F66E-4E70-9848-0E911A76D5E4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQxcUwFIFAEUbQsNVFxcFQATIRRZAFtDDAxFcg4PWV1HEAIVdB9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM -> {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQxcUwFIFAEUbQsNVFxcFQATIRRZAFtDDAxFcg4PWV1HEAIVdB9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL =
SearchScopes: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> {A6A1D0B1-E2C0-425C-9FA5-600268E3E449} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-16] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-09-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-14] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-16] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-09-16] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-16] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: h90wxnqo.default
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h90wxnqo.default [2017-09-07]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\h90wxnqo.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\h90wxnqo.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\h90wxnqo.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\h90wxnqo.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Homepage: Mozilla\Firefox\Profiles\h90wxnqo.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-gb
FF Extension: (Bing Search) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h90wxnqo.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-11-23]
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\h90wxnqo.default\searchplugins\bing-.xml [2016-11-23]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon [2017-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-11] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-630333582-4039751370-1614634531-1000: SkypePlugin -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-630333582-4039751370-1614634531-1000: SkypePlugin64 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll [2016-10-20] (Skype Technologies S.A.)

Chrome:
=======
CHR DefaultProfile: Default
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWJAsAWAxFFhgRdQxdTA1EEVQOIVhaUxRIRwcUdwFcVwhGFwEFIk0FA1oDB0VXfV5bFElXTwhxJUpNDU0CaUBB"
CHR StartupUrls: Default -> "chrome://history/","hxxps://www.youtube.com/feed/subscriptions","hxxp://www.netflix.com/browse/","hxxps://twitter.com/","hxxp://www.schoolplannerbook.com/tanbridge/homework/?email=12afarr%40ths.uk.net&action=homeworkfromemail&view=due&as=list","hxxp://vle.ths.uk.net/"
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-09-18]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-13]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-13]
CHR Extension: (Skype Calling) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-08-13]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-05]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-08-13]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-13]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-08-13]
CHR Extension: (Skype) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-13]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2017-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-18] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NS.exe [326144 2017-08-24] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-22] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2142728 2016-10-26] (Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [2209296 2016-10-26] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-09-10] (Overwolf LTD)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-09-17] (Power Admin LLC)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [39424 2016-02-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\BASHDefs\20170908.001\BHDrvx64.sys [1872032 2017-09-07] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-08-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-08-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\IPSDefs\20170915.001\IDSvia64.sys [1056920 2017-09-01] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-08-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-08-22] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2013-08-30] (Microsoft Corporation) [File not signed]
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2013-11-14] (Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12464 2015-10-31] (Macrovision Europe Ltd) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-09-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [29696 2013-08-30] (Microsoft Corporation) [File not signed]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\SDSDefs\20170903.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\SDSDefs\20170903.001\NAVEX15.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-18 00:44 - 2017-09-18 00:44 - 000000000 ____D C:\Users\Alex\Downloads\FRST-OlderVersion
2017-09-17 21:39 - 2017-09-17 21:39 - 000880278 _____ C:\Users\Alex\Downloads\Studying Economics at University.pdf
2017-09-17 21:39 - 2017-09-17 21:39 - 000037715 _____ C:\Users\Alex\Downloads\Student Timetable SY170200 (1).pdf
2017-09-17 17:09 - 2017-09-17 17:09 - 000000000 ____D C:\Users\Alex\AppData\Local\NVIDIA
2017-09-17 17:00 - 2017-09-17 17:21 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-17 17:00 - 2017-09-17 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-09-17 17:00 - 2017-09-17 17:00 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-17 17:00 - 2017-09-17 17:00 - 000001429 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-09-17 17:00 - 2017-09-17 17:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-09-17 17:00 - 2017-09-17 17:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-17 17:00 - 2017-08-22 01:40 - 001923192 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 001755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 001505912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 001317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 000512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 000418936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 000179320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 000146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 000121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-09-17 17:00 - 2017-08-22 00:10 - 006463424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-09-17 17:00 - 2017-08-22 00:10 - 002479224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-09-17 17:00 - 2017-08-22 00:10 - 001762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-09-17 17:00 - 2017-08-22 00:10 - 000549312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-09-17 17:00 - 2017-08-22 00:10 - 000392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-09-17 17:00 - 2017-08-22 00:10 - 000082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-09-17 17:00 - 2017-08-22 00:10 - 000069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-09-17 17:00 - 2017-08-21 23:33 - 000135800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-09-17 17:00 - 2017-08-19 08:10 - 008142301 _____ C:\Windows\system32\nvcoproc.bin
2017-09-17 17:00 - 2017-06-15 20:32 - 000541984 _____ C:\Windows\system32\vulkan-1.dll
2017-09-17 17:00 - 2017-06-15 20:32 - 000525088 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-09-17 17:00 - 2017-06-15 20:32 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-09-17 17:00 - 2017-06-15 20:32 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-09-17 16:59 - 2017-09-17 17:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-17 16:59 - 2017-08-22 01:40 - 040240248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 035881592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 035314112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 028985976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 023132184 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 021405440 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 018849272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 018704744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 017807096 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 015409088 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-09-17 16:59 - 2017-08-22 01:40 - 014687256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 013782904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 012225984 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 011692528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 010072768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 004188872 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 003802048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 003692216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 003354560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438541.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 001615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 001597888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438541.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 001067456 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000972920 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000924280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000690320 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000512672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000491720 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000429920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-09-17 16:59 - 2017-08-22 01:40 - 000171384 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000149040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-09-17 16:59 - 2017-08-22 01:40 - 000048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-09-17 16:59 - 2017-08-22 01:40 - 000045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-09-17 16:59 - 2017-08-22 01:40 - 000044190 _____ C:\Windows\system32\nvinfo.pb
2017-09-17 16:59 - 2017-08-22 01:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-09-17 16:59 - 2017-08-22 01:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-09-17 15:45 - 2017-09-17 16:58 - 414447096 _____ (NVIDIA Corporation) C:\Users\Alex\Downloads\385.41-desktop-win8-win7-64bit-international-whql.exe
2017-09-17 15:34 - 2017-09-17 15:34 - 000189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2017-09-17 15:32 - 2017-09-17 15:34 - 000000000 ____D C:\Users\Alex\Downloads\ddu
2017-09-17 15:27 - 2017-09-17 15:27 - 000664256 _____ C:\Windows\Minidump\091717-203784-01.dmp
2017-09-17 15:08 - 2017-09-17 15:29 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Geek Uninstaller
2017-09-17 15:08 - 2017-07-04 13:07 - 007137216 _____ (Geek Unіnstaller) C:\Users\Alex\Downloads\geek.exe
2017-09-17 15:07 - 2017-09-17 15:08 - 003000643 _____ C:\Users\Alex\Downloads\geek.zip
2017-09-16 20:33 - 2017-09-16 20:33 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-09-14 22:23 - 2017-09-18 00:44 - 000025779 _____ C:\Users\Alex\Downloads\FRST.txt
2017-09-14 22:23 - 2017-09-14 22:23 - 000099197 _____ C:\Users\Alex\Downloads\Addition.txt
2017-09-14 22:22 - 2017-09-18 00:44 - 000000000 ____D C:\FRST
2017-09-14 22:21 - 2017-09-18 00:44 - 002399744 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2017-09-13 23:55 - 2017-09-13 23:55 - 000004652 _____ C:\Users\Alex\Desktop\ZHPFixReport.txt
2017-09-13 23:50 - 2017-09-13 23:50 - 000417344 _____ C:\Windows\Minidump\091317-6692-01.dmp
2017-09-13 23:43 - 2017-09-13 23:43 - 000000000 ____D C:\Users\Alex\Downloads\Quarantine
2017-09-13 23:42 - 2017-09-13 23:42 - 003061760 _____ (Nicolas Coolman) C:\Users\Alex\Downloads\ZHPFix.exe
2017-09-13 03:05 - 2017-08-19 16:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 03:05 - 2017-08-19 16:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 03:05 - 2017-08-16 16:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-13 03:05 - 2017-08-16 16:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-13 03:05 - 2017-08-16 15:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 03:05 - 2017-08-15 16:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 03:05 - 2017-08-15 16:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-13 03:05 - 2017-08-15 16:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 03:05 - 2017-08-15 16:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-13 03:05 - 2017-08-14 18:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-13 03:05 - 2017-08-14 18:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-13 03:05 - 2017-08-13 22:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-13 03:05 - 2017-08-13 22:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-13 03:05 - 2017-08-11 07:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 03:05 - 2017-08-11 07:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 03:05 - 2017-08-11 07:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 03:05 - 2017-08-11 07:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-13 03:05 - 2017-08-11 07:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-13 03:05 - 2017-08-11 07:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-13 03:05 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 03:05 - 2017-08-11 07:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 03:05 - 2017-08-11 07:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 03:05 - 2017-08-11 07:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-09-13 03:05 - 2017-08-11 07:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-13 03:05 - 2017-08-11 07:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-13 03:05 - 2017-08-11 07:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 07:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-13 03:05 - 2017-08-11 07:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-13 03:05 - 2017-08-11 07:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 03:05 - 2017-08-11 07:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-13 03:05 - 2017-08-11 07:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 03:05 - 2017-08-11 07:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-13 03:05 - 2017-08-11 07:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-13 03:05 - 2017-08-11 07:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-13 03:05 - 2017-08-11 07:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-13 03:05 - 2017-08-11 07:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-13 03:05 - 2017-08-11 07:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 03:05 - 2017-08-11 07:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-13 03:05 - 2017-08-11 07:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-13 03:05 - 2017-08-11 06:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 03:05 - 2017-08-11 06:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-13 03:05 - 2017-08-11 06:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-13 03:05 - 2017-08-11 06:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-13 03:05 - 2017-08-11 06:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 03:05 - 2017-08-11 06:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-13 03:05 - 2017-08-11 06:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 03:05 - 2017-08-11 06:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-13 03:05 - 2017-08-11 06:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-13 03:05 - 2017-08-11 06:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 03:05 - 2017-08-11 06:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-13 03:05 - 2017-07-07 16:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-13 03:05 - 2017-07-07 16:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-11 07:41 - 2017-09-11 07:41 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security
2017-09-11 07:35 - 2017-09-11 07:35 - 000417368 _____ C:\Windows\Minidump\091117-6676-01.dmp
2017-09-11 07:35 - 2017-09-11 07:35 - 000003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-09-10 23:40 - 2017-09-10 23:40 - 001422530 _____ C:\Users\Alex\Documents\STARTING WITH CONFIDENCE 2017 final.pdf
2017-09-10 20:39 - 2017-09-10 20:39 - 000037726 _____ C:\Users\Alex\Documents\Student Timetable SY170200.pdf
2017-09-09 22:11 - 2017-09-09 22:11 - 000000000 ____D C:\Users\Alex\Documents\Fear Equation
2017-09-09 22:11 - 2017-09-09 22:11 - 000000000 ____D C:\Users\Alex\AppData\LocalLow\Screwfly Studios
2017-09-09 20:13 - 2017-09-09 20:13 - 000417384 _____ C:\Windows\Minidump\090917-6723-01.dmp
2017-09-09 10:52 - 2017-09-09 10:52 - 000037726 _____ C:\Users\Alex\Downloads\Student Timetable SY170200.pdf
2017-09-08 16:02 - 2017-09-10 11:08 - 000000000 ____D C:\AdwCleaner
2017-09-08 16:01 - 2017-09-08 16:01 - 008182736 _____ (Malwarebytes) C:\Users\Alex\Downloads\adwcleaner_7.0.2.1.exe
2017-09-08 15:58 - 2017-09-08 15:58 - 000009674 _____ C:\Users\Alex\Documents\roguekiller.txt
2017-09-08 15:47 - 2017-09-08 15:47 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-08 15:45 - 2017-09-08 15:59 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-08 15:44 - 2017-09-08 15:44 - 035802208 _____ (Adlice Software ) C:\Users\Alex\Downloads\setup.exe
2017-09-08 13:04 - 2017-09-08 13:04 - 000000000 ____D C:\Users\Alex\AppData\Roaming\3909
2017-09-08 12:45 - 2017-09-17 15:27 - 1475874362 _____ C:\Windows\MEMORY.DMP
2017-09-08 12:39 - 2017-09-08 12:54 - 000002733 _____ C:\Users\Alex\Desktop\JRT.txt
2017-09-08 12:36 - 2017-09-08 12:36 - 001790024 _____ (Malwarebytes) C:\Users\Alex\Downloads\JRT.exe
2017-09-05 13:01 - 2017-09-05 13:01 - 000176813 _____ C:\Users\Alex\Documents\ZHPDiag.txt
2017-09-05 12:51 - 2017-09-05 12:51 - 000177419 _____ C:\Users\Alex\Desktop\ZHPDiag.txt
2017-09-05 12:48 - 2017-09-13 23:55 - 000000000 ____D C:\Users\Alex\AppData\Roaming\ZHP
2017-09-05 12:48 - 2017-09-05 12:49 - 000000000 ____D C:\Users\Alex\AppData\Local\ZHP
2017-09-05 12:48 - 2017-09-05 12:48 - 002831744 _____ C:\Users\Alex\Downloads\zhpdiag3.exe
2017-09-05 12:48 - 2017-09-05 12:48 - 000000788 _____ C:\Users\Alex\Desktop\ZHPDiag.lnk
2017-08-31 00:01 - 2017-08-31 00:01 - 005916576 _____ C:\Users\Alex\Downloads\econ around you - intro to econ vle.pptx
2017-08-30 13:23 - 2017-08-30 13:23 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-08-29 18:33 - 2017-08-29 18:33 - 000000000 ____D C:\Users\Alex\Documents\Warm Lamp Games
2017-08-20 22:13 - 2017-09-17 15:41 - 000280278 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-18 00:43 - 2015-09-23 17:35 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2017-09-18 00:27 - 2009-07-14 05:45 - 000035312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-18 00:27 - 2009-07-14 05:45 - 000035312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-17 17:25 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-17 17:25 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-17 17:20 - 2017-08-11 12:36 - 000000000 ____D C:\Users\Alex\AppData\Roaming\discord
2017-09-17 17:20 - 2015-09-23 02:28 - 000000000 __SHD C:\Users\Alex\IntelGraphicsProfiles
2017-09-17 17:19 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-17 17:09 - 2016-09-29 23:20 - 000000000 ____D C:\Users\Alex\AppData\Local\NVIDIA Corporation
2017-09-17 17:01 - 2015-09-23 02:28 - 000000000 ____D C:\Users\Alex\AppData\Local\VirtualStore
2017-09-17 17:00 - 2017-08-13 19:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-17 17:00 - 2015-09-18 22:28 - 000000000 ____D C:\temp
2017-09-17 17:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Help
2017-09-17 15:41 - 2009-07-14 06:08 - 000014642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-17 15:27 - 2017-08-14 15:12 - 000000000 ____D C:\Windows\Minidump
2017-09-17 15:18 - 2016-05-26 16:27 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-17 11:04 - 2016-02-29 02:41 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2017-09-16 20:11 - 2015-09-18 22:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-16 15:09 - 2015-09-18 22:28 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-14 21:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-09-14 21:03 - 2009-07-14 05:45 - 005049072 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-13 18:16 - 2015-12-06 18:16 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-09-12 17:07 - 2015-09-24 17:53 - 000000000 ____D C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2017-09-11 08:01 - 2016-04-23 15:45 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-11 07:35 - 2016-04-23 15:44 - 000002308 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-09-11 07:35 - 2016-04-23 15:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-09-11 07:35 - 2016-04-23 15:44 - 000000000 ____D C:\Windows\system32\Drivers\NSx64
2017-09-08 16:07 - 2016-10-10 16:48 - 000000000 ____D C:\Users\Alex\AppData\Local\CrashDumps
2017-09-08 12:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-04 03:38 - 2016-04-23 15:44 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-09-04 03:38 - 2016-04-23 15:44 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-08-29 01:36 - 2017-08-11 12:30 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 01:36 - 2017-08-11 12:30 - 000002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-26 21:20 - 2017-08-13 20:01 - 001281162 ____N C:\Windows\Minidump\082617-6957-01.dmp
2017-08-22 01:40 - 2016-11-22 00:42 - 000001951 _____ C:\Windows\NvContainerRecovery.bat

==================== Files in the root of some directories =======

2017-08-13 19:15 - 2017-08-13 19:15 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-09-17 15:08 - 2017-09-17 15:08 - 004043712 _____ (Geek Unіnstaller) C:\Users\Alex\AppData\Local\Temp\geek64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-12 16:06

==================== End of FRST.txt ============================

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by Alex (18-09-2017 00:44:44)
Running from C:\Users\Alex\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-08-13 18:40:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-630333582-4039751370-1614634531-500 - Administrator - Disabled)
Alex (S-1-5-21-630333582-4039751370-1614634531-1000 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-630333582-4039751370-1614634531-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Game of Thrones version 1.2 (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 1.2 - AGOT TEAM)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly)
American Truck Simulator (HKLM\...\Steam App 270880) (Version: - SCS Software)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Astroloco: Worst Contact (HKLM\...\Steam App 357490) (Version: - Hungry Planet Games)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audiosurf (HKLM\...\Steam App 12900) (Version: - Dylan Fitterer)
Audiosurf 2 (HKLM\...\Steam App 235800) (Version: - Dylan Fitterer)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.2.1014 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version: - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version: - )
Beholder (HKLM\...\Steam App 475550) (Version: - Warm Lamp Games)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Betrayer (HKLM-x32\...\Steam App 243120) (Version: - Blackpowder Games)
Blackwake (HKLM\...\Steam App 420290) (Version: - Mastfire Studios Pty Ltd)
Braid (HKLM\...\Steam App 26800) (Version: - Number None)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Crusader Kings II (HKLM\...\Steam App 203770) (Version: - Paradox Development Studio)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version: - Red Hook Studios)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DarthMod: Shogun II (HKLM-x32\...\DarthMod: Shogun II) (Version: - )
DEFCON (HKLM\...\Steam App 1520) (Version: - Introversion Software)
Democracy 3 (HKLM\...\Steam App 245470) (Version: - Positech Games)
Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
Discord (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Domina (HKLM\...\Steam App 535230) (Version: - DolphinBarn)
Empire TV Tycoon (HKLM-x32\...\Steam App 377900) (Version: - Dreamsite Games)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version: - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Europa Universalis IV (HKLM\...\Steam App 236850) (Version: - Paradox Development Studio)
First Strike Final Hour (HKLM\...\Steam App 587000) (Version: - Blindflug Studios AG)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version: - Subset Games)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version: - Paradox Development Studio)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
Hexcells Infinite (HKLM-x32\...\Steam App 304410) (Version: - Matthew Brown)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version: - Squad)
KHOLAT (HKLM-x32\...\Steam App 343710) (Version: - IMGN.PRO)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Mafia III (HKLM\...\Steam App 360430) (Version: - Hangar 13)
Medieval Kingdoms 1212 Part 1 (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Medieval Kingdoms 1212 Part 1) (Version: - )
Medieval Kingdoms 1212 Part 2 (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\Medieval Kingdoms 1212 Part 2) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Small Basic v1.1 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.1.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mini Metro (HKLM-x32\...\Steam App 287980) (Version: - Dinosaur Polo Club)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Napoleon: Total War (HKLM\...\Steam App 34030) (Version: - The Creative Assembly)
Naval War: Arctic Circle (HKLM-x32\...\Steam App 200050) (Version: - TURBO TAPE GAMES)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.16 - Black Tree Gaming)
Norton Security (HKLM-x32\...\NS) (Version: 22.10.1.10 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
One Finger Death Punch (HKLM\...\Steam App 264200) (Version: - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version: - Wolfire)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.36.0 - Overwolf Ltd.)
Panzermadels: Tank Dating Simulator (HKLM\...\Steam App 379980) (Version: - DEVGRU-P)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version: - Ndemic Creations)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Project Zomboid (HKLM\...\Steam App 108600) (Version: - The Indie Stone)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.5.0 (32-bit) (HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\{1197d2bb-6cf8-488a-b994-d5bf6d7efe7b}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Core Interpreter (32-bit) (HKLM-x32\...\{E9E55FC3-A47F-4ACA-8691-C22469450FB1}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (32-bit) (HKLM-x32\...\{D5A057BD-471E-40D6-B7E0-79E08210D8F6}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (32-bit) (HKLM-x32\...\{169B7A58-FE29-48E8-8773-9D6390815C8C}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (32-bit) (HKLM-x32\...\{CE48771A-4CC2-4F35-A7B3-D136E91D04F3}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (HKLM-x32\...\{CAA5FC80-DEF6-4DFA-9C06-23921A87F092}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (32-bit) (HKLM-x32\...\{11187860-0D92-490D-86EC-3A941C98D451}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (32-bit) (HKLM-x32\...\{0740B2CD-63EC-44C7-B39E-B6EB579773E6}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{7AB85182-2EE4-4137-A5C6-D8C03958DCBA}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (32-bit) (HKLM-x32\...\{2234BC4D-E95D-40C2-818D-7845760C510F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (32-bit) (HKLM-x32\...\{4A69B338-2C0C-4726-A261-44DBCF0DA94A}) (Version: 3.5.150.0 - Python Software Foundation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Reigns (HKLM\...\Steam App 474750) (Version: - Nerial)
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Rising Storm 2: Vietnam (HKLM\...\Steam App 418460) (Version: - Antimatter Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.2 - Rockstar Games)
Rodina (HKLM-x32\...\Steam App 314230) (Version: - Elliptic Games)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Sir, You Are Being Hunted (HKLM\...\Steam App 242880) (Version: - Big Robot Ltd)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{AC7406B6-BB3B-4CD1-AEBA-0527B9CB16FE}) (Version: 7.27.0.105 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{FAD5089C-EB67-442F-89A3-970BCD034D40}) (Version: 7.14.0.184 - Skype Technologies S.A.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spermination (HKLM-x32\...\Steam App 363460) (Version: - Phr00t's Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version: - Paradox Development Studio)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)
Sword With Sauce: Alpha (HKLM\...\Steam App 581630) (Version: - Diatomic Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Curious Expedition (HKLM-x32\...\Steam App 358130) (Version: - Maschinen-Mensch)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Howler (HKLM-x32\...\Steam App 306040) (Version: - Antanas Marcelionis)
The Swindle (HKLM-x32\...\Steam App 369110) (Version: - Size Five Games)
theHunter™: Call of the Wild (HKLM\...\Steam App 518790) (Version: - Expansive Worlds)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal)
Total War: ATTILA (HKLM\...\Steam App 325610) (Version: - Creative Assembly)
Total War: ROME II - Emperor Edition (HKLM\...\Steam App 214950) (Version: - Creative Assembly)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version: - Creative Assembly)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{7094abcc-0311-45f4-aaac-638bf633a58a}) (Version: 2.3.22.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{EFF0A0F1-E557-4228-8F55-E6DD94516FDC}) (Version: 2.3.22.0 - TunnelBear) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Verdun (HKLM\...\Steam App 242860) (Version: - M2H)
Victoria II (HKLM\...\Steam App 42960) (Version: - Paradox Development Studio)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Warhammer: End Times - Vermintide (HKLM\...\Steam App 235540) (Version: - Fatshark)
Westerado: Double Barreled (HKLM-x32\...\Steam App 275200) (Version: - Ostrich Banditos)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{58743271-597A-401B-AF4A-1450179151C0}\InprocServer32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{AB08C8FC-971C-4AE2-B23D-D76AC42C46E9}\localserver32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.14.0.184\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{ABB7ECA5-6973-499F-B610-80173795847A}\InprocServer32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.14.0.184\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{D0FC4B60-C60D-4908-8365-0C64C03E0291}\localserver32 -> C:\Users\Alex\AppData\Local\SkypePlugin\7.27.0.105\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-630333582-4039751370-1614634531-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E10E79B-1E11-4FE0-8E62-AA7A2FEBDEBB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-630333582-4039751370-1614634531-1000
Task: {0E2760F8-3F8C-475B-857C-6F966EB51CFD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-16] (Microsoft Corporation)
Task: {1B52B129-F8C3-440F-ABFF-87CBACAAD825} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {2D7FFE4C-4FD2-4698-9968-5BDA2564A4BD} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-08-24] (Symantec Corporation)
Task: {333417FE-D85C-41DA-A0E4-3570F2DB8D8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-16] (Microsoft Corporation)
Task: {3C6655B2-C4F1-48D6-8626-C00343860F72} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {4C621390-2ED0-4DC8-8214-3CC44517B6F5} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {545B86B2-596D-4117-AB6D-E9F723D954F9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-16] ()
Task: {641A6F4E-DAB3-4C5B-9108-FF3513DEA8C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-11] (Google Inc.)
Task: {6C337603-206E-4433-A7C7-BC2EC64E2A6D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-22] (NVIDIA Corporation)
Task: {6C64553E-F232-4DE0-972A-F5275F25F314} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {6F344BC0-2C6B-4B4F-8420-06B6452BD820} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-16] (Microsoft Corporation)
Task: {7A180518-D8DF-41D3-8C8F-E1D26DA021C7} - System32\Tasks\DllKitPRO => C:\Program Files (x86)\DllKitPRO\dllkitpro.exe
Task: {8984C734-EF5B-477D-9477-23C78298AC9E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {9350ECA1-A41C-4A0D-B77D-1A79EF41587F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-09-10] (Overwolf LTD)
Task: {9BFBCD6F-4A43-4019-B9F7-27446FFA8875} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-22] (NVIDIA Corporation)
Task: {9D291AE7-9EA7-4F81-8894-A9BA14CD736A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {B9B207BE-FDC2-4CF3-B617-5B8EF9FE99EF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-22] (NVIDIA Corporation)
Task: {CA7A9A3C-D0EB-4DB4-BD2D-FB2E4D3A6DAC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {D556B455-9C86-4F05-AA5E-1F501B329789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-11] (Google Inc.)
Task: {D8C22827-26A2-4491-9FB3-6C5C06A96BF5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\WSCStub.exe [2017-08-24] (Symantec Corporation)
Task: {E5AD3D8F-8DE9-4495-84C4-8001C1AE137B} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {E8FDE3AE-AC85-4A31-9C6A-FEF251529C48} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-16] ()
Task: {F50F6D2F-D9C1-4765-801D-ACFDDD8EEE31} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-22] (NVIDIA Corporation)
Task: {F7833A2D-DC5B-4F58-B533-AF4B948C8207} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-17 17:00 - 2017-08-22 00:10 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-09-23 06:10 - 2013-10-18 17:42 - 000048856 _____ () C:\Windows\runSW.exe
2016-02-10 13:24 - 2016-02-10 13:24 - 000039424 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-03-16 17:23 - 2017-09-16 20:10 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-09-23 06:10 - 2013-12-16 09:52 - 000847872 _____ () E:\1A\TWCU.exe
2017-08-29 01:36 - 2017-08-23 09:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 01:36 - 2017-08-23 09:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-08-11 12:36 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Alex\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 002005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-06-01 02:18 - 2017-09-16 20:10 - 008928968 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-09-23 06:22 - 2017-08-04 22:19 - 000678176 _____ () E:\Steam\SDL2.dll
2015-09-23 06:22 - 2016-09-01 02:02 - 004969248 _____ () E:\Steam\v8.dll
2015-09-23 06:22 - 2016-09-01 02:02 - 001563936 _____ () E:\Steam\icui18n.dll
2015-09-23 06:22 - 2016-09-01 02:02 - 001195296 _____ () E:\Steam\icuuc.dll
2015-09-23 06:22 - 2017-09-07 05:51 - 002505504 _____ () E:\Steam\video.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 002549760 _____ () E:\Steam\libavcodec-56.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000442880 _____ () E:\Steam\libavutil-54.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000491008 _____ () E:\Steam\libavformat-56.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000332800 _____ () E:\Steam\libavresample-2.dll
2015-09-23 06:22 - 2016-01-27 08:49 - 000485888 _____ () E:\Steam\libswscale-3.dll
2015-09-23 06:22 - 2017-09-07 05:51 - 000885024 _____ () E:\Steam\bin\chromehtml.DLL
2016-03-09 09:19 - 2016-07-04 23:17 - 000266560 _____ () E:\Steam\openvr_api.dll
2015-09-23 06:10 - 2013-11-21 16:13 - 001411072 _____ () E:\1A\nicLan.dll
2015-09-23 06:10 - 2013-07-23 16:21 - 000193024 _____ () E:\1A\DC_WFF.dll
2015-09-23 06:10 - 2013-12-20 11:13 - 000300544 _____ () E:\1A\WJRtl.dll
2017-08-11 12:36 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Alex\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-11 12:36 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Alex\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-11 12:36 - 2017-08-31 17:42 - 009622008 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-11 12:36 - 2017-08-11 12:36 - 001440248 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-17 17:20 - 2017-09-17 17:21 - 000148992 _____ () \\?\C:\Users\Alex\AppData\Local\Temp\DF37.tmp.node
2017-08-11 12:36 - 2017-08-11 12:36 - 002658296 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-11 12:36 - 2017-08-11 12:36 - 002673656 _____ () \\?\C:\Users\Alex\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2016-12-13 01:11 - 2017-07-17 23:50 - 073115424 _____ () E:\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 08:00 - 2017-05-17 02:54 - 000678176 _____ () E:\Steam\bin\cef\cef.win7\SDL2.dll
2015-09-23 06:22 - 2015-09-25 00:52 - 000119208 _____ () E:\Steam\winh264.dll
2017-09-17 17:00 - 2017-08-22 01:40 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-630333582-4039751370-1614634531-1000\...\sharepoint.com -> hxxps://thsuknet-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-630333582-4039751370-1614634531-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{42E0D8E2-640C-4DD9-BAD7-CD09051FF44C}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{97C74FD9-8B9C-4AF0-A2AC-83129914792B}] => (Allow) E:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{9EF21195-2FF3-469C-A2E6-C75F54C9E403}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{8751276E-0CFE-488F-B354-0042937D54ED}] => (Allow) E:\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{7E36EA14-0843-4D27-B8A3-57ABA1569D41}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{12BBAF68-B76C-47BA-A8D7-9D62172DCB8C}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{2CA463D1-4AB4-44A6-87F4-8FFC550DF098}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{EE5715D8-7C4F-43BD-9DD8-269A6389A3FF}] => (Allow) E:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{FA795D5E-A9B9-4D7E-9D00-E16CA398D6EE}E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe] => (Block) E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe
FirewallRules: [TCP Query User{CFFE91F1-1D3F-4835-B704-F5F4A9262B91}E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe] => (Block) E:\steam\steamapps\common\sword with sauce alpha\swordwithsauce\binaries\win64\swordwithsauce-win64-shipping.exe
FirewallRules: [{31DBB65F-F7A5-4814-B503-25F4476524D0}] => (Allow) E:\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [{2E786667-6141-434C-A780-255A6910E673}] => (Allow) E:\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [{DEBF978F-35D0-4D7E-AD01-31B137442E90}] => (Allow) E:\Steam\steamapps\common\theHunterCotW\theHunterCotW_F.exe
FirewallRules: [{D4F83BA4-18EE-41D3-9A9F-9240A5C38382}] => (Allow) E:\Steam\steamapps\common\theHunterCotW\theHunterCotW_F.exe
FirewallRules: [{9245239C-163E-414D-8D24-B1D9CE981418}] => (Allow) E:\Steam\steamapps\common\Domina\Domina.exe
FirewallRules: [{229F5F9A-4796-45AB-894A-1372D1023DD6}] => (Allow) E:\Steam\steamapps\common\Domina\Domina.exe
FirewallRules: [{963B376C-72B4-4BAE-A07D-738D4777137D}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{7419C265-AC33-4499-AC29-7E0BC36F8466}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{EA1E0400-571F-4557-A2A6-E1CB9748F5C7}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{1DD7BC8B-9BBE-4727-84BE-3BAA91C13E57}] => (Allow) E:\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{DC51661D-7F68-457D-8430-3B0E93495A8F}] => (Allow) E:\Steam\steamapps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B9BDF904-4648-4ADB-B3CA-0E59657FFFEB}] => (Allow) E:\Steam\steamapps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{F84E3176-CF7B-409C-A59E-FC647FBC883F}] => (Allow) E:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{55FB82E4-5B01-46C5-85D1-9401F194E31D}] => (Allow) E:\Steam\steamapps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{DC79F007-2E33-40E4-9745-565B808B77D2}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{AD840992-EE07-40AB-AD89-B6E1EFAD6037}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{C8981042-BF2C-495F-9EE0-F9456AACC242}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{221E8CC9-8AAA-4C6A-93A1-2E0B40377098}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{2E49665E-D241-4A03-98DA-5852486E1F6E}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{D2C17914-8F24-447A-82DE-458D5DEC49A2}] => (Allow) E:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5E474619-4428-4094-BCB0-944940119757}] => (Allow) E:\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{5D164E49-48CF-434F-95D0-F49C31D49B25}] => (Allow) E:\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{A24226EA-DE5B-4E8D-BDBC-FF9FC2575D32}] => (Allow) E:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{99FDF815-F77C-426E-8019-A3AB6C6C1FAF}] => (Allow) E:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{97BEEF9C-E91C-467B-B7AF-7678E676FD8C}] => (Allow) E:\Steam\steamapps\common\FirstStrikeFinalHour\FirstStikeFinalHour.exe
FirewallRules: [{47544D27-5040-44E8-931A-050BD916A9F9}] => (Allow) E:\Steam\steamapps\common\FirstStrikeFinalHour\FirstStikeFinalHour.exe
FirewallRules: [{34E0F4B3-7120-4A6F-B43D-858E002010D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2A80FDE2-53BC-48B0-853F-BF2595A249C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2D89E8FC-673D-4C02-A54E-383DF0AD9D29}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{01ED11F7-73E4-412C-AE10-CFED915ED1B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{B9388CB9-F2E6-4CB4-86E4-98275B380A1B}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [TCP Query User{67039C1E-BFC8-492E-83C3-F4ECC6B74401}E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe] => (Allow) E:\steam\steamapps\common\rising storm 2\binaries\win64\vngame.exe
FirewallRules: [{F6C784AB-160A-4DB3-8C16-69071E357605}] => (Allow) E:\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{E79E930E-783C-4A36-B7AB-DBEC5868A58E}] => (Allow) E:\Steam\steamapps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{79398897-AA55-4EBE-A4CF-174B9FF29F98}] => (Allow) E:\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{F737ED71-AC79-42DD-931A-9497AB46210D}] => (Allow) E:\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{68B62FC8-6D34-4C1B-B8F0-87B5D9CC3B57}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{B9DEC131-09F7-4D63-8143-826784481799}] => (Allow) E:\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [UDP Query User{24FDCDC8-83F0-4A0E-AFC3-4323B8792A0B}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [TCP Query User{7899C3B7-030D-4A96-89BD-0A47CB7D3C49}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{BEDAA2FC-1151-427E-A29B-A2CD05CCF440}] => (Allow) E:\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{81C8211F-1347-48D7-90BF-432BBFD7037B}] => (Allow) E:\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{DE521477-84D2-40CB-90CC-43C913133255}] => (Allow) E:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{B7D6DA9C-12FA-4AE7-B93B-30529673D824}] => (Allow) E:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{A7B9060E-8C9A-48B3-B6B3-F7FB977D05A2}] => (Allow) E:\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{91645FE8-B95A-4456-AAC6-D2D312E86449}] => (Allow) E:\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{90CBC851-432B-403E-87EA-51993853EB89}] => (Allow) E:\Steam\steamapps\common\Blackwake\Blackwake.exe
FirewallRules: [{217A27C8-548A-4B26-87FB-E157D5C90A94}] => (Allow) E:\Steam\steamapps\common\Blackwake\Blackwake.exe
FirewallRules: [{89BC7FAB-24B9-418F-9C7E-534A3123B1D5}] => (Allow) E:\Steam\steamapps\common\Braid\braid.exe
FirewallRules: [{E715CA75-720B-40BA-87C6-6002A33AE2AE}] => (Allow) E:\Steam\steamapps\common\Braid\braid.exe
FirewallRules: [{D30F36CB-7D63-4A3B-A961-30A61D2DE9C5}] => (Allow) E:\Steam\steamapps\common\Panzermadels\Panzermadels.exe
FirewallRules: [{A9BE815F-B4E1-4EDF-A90E-636DB852B603}] => (Allow) E:\Steam\steamapps\common\Panzermadels\Panzermadels.exe
FirewallRules: [{830C5052-BA2D-4297-8664-99690D6F439B}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1DCDECD8-32DE-47B3-A9A7-15D576E33A17}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{D116D235-915C-4B9B-BE16-7508264D880E}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{CC2C3EBA-0395-4908-AAE4-32BF1CB39141}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E981DFD8-5E0A-4383-A80F-3F18F88F4D0A}] => (Allow) E:\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{F0C441EC-8414-4475-B70F-3BA5EF502412}] => (Allow) E:\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{F85A05B8-5A75-4C25-8862-A43F6F11A7B2}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{17A9FEDA-B52D-4F6C-A98C-3C90BB351D52}] => (Allow) E:\Steam\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{1D8E899E-C77B-4072-8868-814363CED353}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B352F41F-1964-4274-BB28-091EF60E8B86}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1767CAD6-9A86-414E-8B02-FC3A28CCFB14}] => (Allow) E:\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{97691625-7572-4769-870A-0D530DDB4C03}] => (Allow) E:\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{25BC2235-AE52-47C4-A548-842CD0F4BECD}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{6B81137A-C5E8-423A-AD96-B2574B330D61}] => (Allow) E:\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{24F33C97-33F4-44AC-90B1-B11B5A13135F}] => (Allow) E:\Steam\steamapps\common\Reigns\Reigns.exe
FirewallRules: [{3CC4B159-BA84-4086-A80B-F486438F3F81}] => (Allow) E:\Steam\steamapps\common\Reigns\Reigns.exe
FirewallRules: [{6BD83D17-FA37-49B5-B749-A80DC3DC8B6C}] => (Allow) E:\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{81BFBDCC-FA70-4BBD-BF07-FFAAE4F1A0E0}] => (Allow) E:\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{638F03D5-B23E-4D45-A336-358F4B01FAD9}] => (Allow) E:\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{BE1C0583-684C-4250-B6CE-E136CF57FBED}] => (Allow) E:\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{0D483D8E-E7A6-4A4D-9688-DBDC4B811C3D}] => (Allow) E:\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{432A5774-162A-4E5F-8794-B533C7CC590A}] => (Allow) E:\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{76A220E4-C543-4F0E-A0F6-894E318EB56F}] => (Allow) E:\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{27A2611C-D8BD-4E1A-87DA-0EB1837E9689}] => (Allow) E:\Steam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{3F21D295-365B-4A2D-A6B0-CEBF9A6BE268}] => (Allow) E:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{62C82668-0ACB-4BC7-A472-8FA79FA41669}] => (Allow) E:\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [UDP Query User{FBB7209E-6933-4015-9A9B-9924F738AEDD}E:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Block) E:\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{88DF63A5-2BE8-47A0-8981-8F6210D2D801}E:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Block) E:\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{5A437811-D259-4952-AC45-A3112F4F36D4}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{72D1CB53-12F4-4FE5-B188-5A92A29E2AA1}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{DE40EABE-FBAA-4DE7-9E41-D784D2BE795E}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{C40CAABE-3F50-43CD-9C0B-944E643D1F0B}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{3B387808-6641-4704-95BD-43C4B161627C}] => (Allow) E:\Steam\steamapps\common\Astroloco1\winsetup.exe
FirewallRules: [{0811C7C5-BABE-4F4F-833F-B66A7047F02C}] => (Allow) E:\Steam\steamapps\common\Astroloco1\winsetup.exe
FirewallRules: [{20E32851-A107-4FE9-8415-65AFF7306D05}] => (Allow) E:\Steam\steamapps\common\Astroloco1\AstroLoco1.exe
FirewallRules: [{FB4AE6F0-9CFE-4937-BC03-0C3CF0853A77}] => (Allow) E:\Steam\steamapps\common\Astroloco1\AstroLoco1.exe
FirewallRules: [{669200CB-CC12-4307-894C-E7D19A0E7795}] => (Allow) E:\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{31410A78-3B3C-4CFC-90D1-0471D27E4D04}] => (Allow) E:\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{E986416F-C4ED-4608-B49E-A138F2211A11}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{A528405E-8BB8-4BF3-BB58-30731328943D}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{9A5A74F0-4D33-4B4E-8538-4D5772003F1E}] => (Allow) E:\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{E76347D7-E4D7-4044-AA54-C17AE849BA91}] => (Allow) E:\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{9A5024AF-9A1D-4D67-AF35-9DC77D4AF1A8}] => (Allow) E:\Steam\steamapps\common\The Curious Expedition\electron.exe
FirewallRules: [{16538FC7-E5FB-4DA9-B153-25BED221170B}] => (Allow) E:\Steam\steamapps\common\The Curious Expedition\electron.exe
FirewallRules: [{707CA1CC-E0C6-415E-BF70-C8751C72B299}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DDDDBE11-3799-4CDA-B6B3-078733C0FC91}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{B67BDE6A-907E-4D2B-B7E2-AF83CD46DC50}C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe] => (Block) C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe
FirewallRules: [TCP Query User{8B47E8E4-3C58-43CC-A249-39B14FB07B6F}C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe] => (Block) C:\users\alex\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe
FirewallRules: [{6B502C33-FE25-41DA-8340-C8E8BE3AA202}] => (Allow) E:\Steam\steamapps\common\Hexcells Infinite\Hexcells Infinite.exe
FirewallRules: [{216A7F06-258B-4771-9138-2C7F8673266B}] => (Allow) E:\Steam\steamapps\common\Hexcells Infinite\Hexcells Infinite.exe
FirewallRules: [{D3D9BFBE-1FE0-48D3-BE01-2AA08697776C}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{AACDAA37-61D5-49A5-B830-18C529AE01D4}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{13569324-A13A-4DE8-8A29-4D356CECEE9E}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{AB6CB6EB-5898-4868-8068-1890315616DF}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{F917580D-38D1-447F-8A33-45A969C9D034}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{02DB5186-DB06-4C8C-9B90-CF23CC415C7B}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{33FC265F-D9DC-49AF-92CC-79F0643C04D2}] => (Allow) E:\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{82EAD0A7-F1E2-48A8-934E-7694EBAB49AA}] => (Allow) E:\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{D21D3DDF-E0A0-4DC1-AB84-03554C988AF8}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{382E2789-7BC3-4A3B-982A-98D06D5FABA9}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{23CC8488-320F-41FD-A7DB-51D8C5F1BBD0}] => (Allow) E:\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{9E2B6E6C-D761-42C7-8054-533EE8B9121D}] => (Allow) E:\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{C01E9C4E-BBC0-4636-ADE0-DC5024B5571B}] => (Allow) E:\Steam\steamapps\common\KHOLAT\Kholat.exe
FirewallRules: [{CC009619-4293-4E81-83F7-CCACF57A3BA8}] => (Allow) E:\Steam\steamapps\common\KHOLAT\Kholat.exe
FirewallRules: [{47539AD8-F699-4075-89EA-D4B16DAC6A73}] => (Allow) LPort=1900
FirewallRules: [{60D9618F-9D12-4128-B29C-C49455BE5DA6}] => (Allow) LPort=2869
FirewallRules: [{E1719443-8853-4CC3-9B84-95DD1EC708D1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2C0384B5-AB33-4A4E-8D81-C04C16C02762}] => (Allow) E:\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{75FAA455-D3E0-42B7-AF88-FABA47C7AE50}] => (Allow) E:\Steam\steamapps\common\SunlessSea\Sunless Sea.exe
FirewallRules: [{19498042-C076-40DC-91E6-098E3D1C2D36}] => (Allow) E:\Steam\steamapps\common\Howler\Howler.exe
FirewallRules: [{5FA0E1FF-1811-4489-AA53-037F92F270F1}] => (Allow) E:\Steam\steamapps\common\Howler\Howler.exe
FirewallRules: [{1448BA25-590A-41A5-BD28-50B2BBF34D86}] => (Allow) E:\Steam\steamapps\common\Empire TV Tycoon\EmpireTV.exe
FirewallRules: [{7B2B72E1-D744-4AD3-8826-57AED661EAF2}] => (Allow) E:\Steam\steamapps\common\Empire TV Tycoon\EmpireTV.exe
FirewallRules: [{68C4BA0D-0783-4F45-9E1D-C34CFB96AAFD}] => (Allow) E:\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{AA23588A-A03C-44D5-B53E-6723F4F2E201}] => (Allow) E:\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{7724CFD5-31FC-4A19-BD34-B9BA0AF24661}] => (Allow) E:\Steam\steamapps\common\The Swindle\TheSwindle.exe
FirewallRules: [{DC0EF240-DC38-4DA6-84E4-537114BFA7B4}] => (Allow) E:\Steam\steamapps\common\The Swindle\TheSwindle.exe
FirewallRules: [{84F9DC32-5293-4774-B36D-E8F44C44D282}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{973B707E-89EF-46A6-B5E6-56B2C3DCD6B4}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{431DAC89-E340-4DD1-96A4-53A33A1A2DF0}] => (Allow) E:\Steam\steamapps\common\Rodina\Rodina_Steam.exe
FirewallRules: [{55D36DCC-D3A6-4256-9C99-CC1A162545CF}] => (Allow) E:\Steam\steamapps\common\Rodina\Rodina_Steam.exe
FirewallRules: [{7CEC57F9-D511-45D9-A137-BEDADCEB920B}] => (Allow) E:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{BD430A1E-086F-4F5A-8465-BBF42C5A4DD4}] => (Allow) E:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [UDP Query User{7DA012B3-6B97-4F21-8658-4B432060A4B4}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{788EAAA3-ABF4-4CAC-B9B0-487216940C79}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Block) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{B1961B26-11B2-43D1-9298-AD44D596DC72}] => (Allow) E:\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{2C687411-8DE4-4695-9DCD-0DF12ADC43C0}] => (Allow) E:\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{AFC963A7-0506-473D-AB2D-5C34C49A4A7C}] => (Allow) E:\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{FA1AE159-6B0F-4876-A169-C92B26F9A330}] => (Allow) E:\Steam\steamapps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{F904C541-FB04-46E7-BBBF-0D23915A34E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{95CDE522-2BC2-4BF6-BB2A-20E988DEB5FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{53A68656-E320-4EFB-868F-C3278D7CC6A5}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{EB5330A2-FF1A-48B8-9F0C-1CB31701CC34}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A22DDE37-3357-4F80-9975-662DBD11CD1A}C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe] => (Block) C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [TCP Query User{D470F145-DBAB-4712-A507-8CDC5D7A3ABF}C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe] => (Block) C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe
FirewallRules: [{5EB6144C-17C7-4A08-807A-B8C7F37B83BF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0A8BDE35-C0B0-4BB8-881E-C17E1BF8373B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{364C1438-B6A9-48FB-B3A0-3A3697EBE5A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A804557F-B272-4CA7-B433-379FB196B77A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7871B363-C137-4E69-B738-84BFF793F221}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{E5E38B0F-C356-4961-BB23-A5B9992B1721}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{2F32C1BD-026D-440F-BB09-1D284E8E5D5C}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{19285886-F36F-4AA2-A87B-D274DF754BC5}] => (Allow) E:\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{D55C3026-CF01-435E-B93D-A18323811FCE}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7A2B3893-9D9F-4F61-BFF9-F15E19D8DC9F}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{804661D2-E50A-4486-8AEB-94E0197928D0}] => (Allow) E:\Steam\steamapps\common\Westerado\WesteradoDB.exe
FirewallRules: [{B1F63AFE-4C8D-44D3-9F9B-AF879136B157}] => (Allow) E:\Steam\steamapps\common\Westerado\WesteradoDB.exe
FirewallRules: [{54409E8C-8D01-4435-BA9C-5CEC57CCED21}] => (Allow) E:\Steam\steamapps\common\Naval War Arctic Circle\NWAC.exe
FirewallRules: [{44C58591-853D-4720-BECF-BFA5C33AB711}] => (Allow) E:\Steam\steamapps\common\Naval War Arctic Circle\NWAC.exe
FirewallRules: [{9604FC57-4CCF-4D1C-8B0D-018E398B9CF0}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2F984FA6-3F9F-4BD4-8888-78EFD19DE263}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D66E2B93-4647-4F74-B284-6451632088AB}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{06E982CE-5605-4D95-90A6-7CF3E266E380}] => (Allow) E:\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{F9C922EC-ADA5-4083-833F-0459141144D4}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{92EDC087-8DD4-4A74-B13F-E9906D60F831}] => (Allow) E:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{58155C47-495C-49B8-A90B-5C0EBDF2EF90}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{A9A66C06-6376-4396-A3DC-E40364C946E2}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{423B688C-6B43-4659-A471-03B66F857889}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{A5FE7682-0818-4E8B-A6A6-566EFADADD08}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{F796B4B4-1F7A-4D24-BF22-321C3FDB3B82}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{BD5D063E-88CC-4F0D-8F95-D7CEDD5AD206}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{D1A87504-C435-417C-86F4-D59C69BC93FE}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{BA7A361D-9F1D-4EFA-A38D-5D6882D29FCC}] => (Allow) E:\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{2C26FEBC-10A7-44E2-916E-59EA27E7044B}] => (Allow) E:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{8B59C55D-83D0-4872-8980-A584B27F34E4}] => (Allow) E:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{B94486E4-B0C8-4DCE-BB9E-07D2C1820114}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{E3A2D27F-63F4-46AB-84A8-44607939B9D3}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7B0149ED-B97A-42EE-9346-C611D26C9072}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{9C3B6A05-CC77-4942-84D6-596B1741B647}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{88138129-409E-4C8A-877A-9ADA8EB205FD}] => (Allow) E:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{8C81187B-7DA3-4FEB-AEA5-43C070B8CD3C}] => (Allow) E:\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{CE65FD72-AAF6-43EB-BC91-DFC7DB02622E}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C05D7E65-7A05-47BD-938D-47FD5E6A793E}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{F89D9D8B-8F5F-405E-AF70-93085D9EB57D}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{1B85F771-A5F4-419E-A0A9-1A55AF524C47}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{F029FA80-2EE1-4D56-BA7F-4DCB400E9DDD}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{4A79F3FB-2D3A-447F-B98F-B921BF91B69F}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{5CF3CCFE-06D4-420E-92C7-97306CC9BDCE}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{83CF1D96-3135-43E9-88AB-767C9827B614}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{2D4FF11C-A0D9-4586-B8DC-0CD9B2847568}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{6362D936-34F4-46EC-A216-7E26B633D0FF}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{3D7F4B70-337C-4710-8161-6868FCA7E18D}] => (Allow) E:\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{DAFBB32B-1CDB-438F-A697-592636C7D7BE}] => (Allow) E:\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{3BECF9E9-4FFD-4743-9464-486B115D6D40}] => (Allow) E:\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{4B9B38DB-A288-442A-86C6-3EBCA7214BA2}] => (Allow) E:\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{78E8D1FF-A533-4DC3-971B-F014C9CF2B28}] => (Allow) E:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{38951131-905C-47D2-B57B-646DF9AADFA1}] => (Allow) E:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{9E1F2C96-4CF6-4FEF-8331-647E4CED1B16}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{77CD7DBC-6942-4274-AAFD-3A837CF21061}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{104AE981-B2B4-4886-B8C5-EE4D7BDA5444}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{8119A035-E01C-4CA3-ADAF-1860F7D7EA94}] => (Allow) E:\Steam\steamapps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{29253754-6C95-4AE9-986C-B3824E346FF5}] => (Allow) E:\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{DFDF93C6-D21F-42E3-8A41-B56CA7C3826F}] => (Allow) E:\Steam\steamapps\common\Betrayer\Binaries\Win32\Betrayer.exe
FirewallRules: [{E5C7965B-9AF7-4E1A-BB56-A77576D86147}] => (Allow) C:\Users\Alex\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{727C172C-ED74-4700-ABB0-AFB2AC7D9945}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{080DF596-7203-4A93-9043-04A70CB70A8A}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{465E9387-B3EE-4411-B1AD-6590229DF0C3}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{78D55DC1-318C-4CCF-96AD-466B34F9BD3B}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{82A7C749-EFF2-4FC8-BEA2-F60234722A3E}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{9289FCA1-40AE-4A93-B3D4-EB855DE9B8FF}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6A684CB5-FA9F-46D5-8EB9-42B1A50241FC}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3FAE821B-F0C8-4AD1-9F0C-33CD07C80D13}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{DC8BBF33-0B86-4200-9305-42A8F751ECF9}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{31CB8B80-E386-428D-87FD-0516F871FCDC}] => (Allow) E:\Steam\steamapps\common\Reus\Reus.exe
FirewallRules: [{DAD8A397-D99A-416E-9581-4672D4456CBB}] => (Allow) E:\Steam\steamapps\common\Reus\Reus.exe
FirewallRules: [{3C406D74-9AAD-41CD-938F-D817F2A51B38}] => (Allow) E:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{CAF31C4F-7A74-41F3-8DDD-E12903D2645A}] => (Allow) E:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F1B3BD40-3A40-438D-9CBF-03F463B6E564}] => (Allow) E:\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{E04E4B65-01E2-4C95-9C3A-4C7B22E90D37}] => (Allow) E:\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{4B9C5204-0B03-45DC-86BD-F0114E09098A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A3CF985B-8C0F-4F3E-A71C-40FD10804A60}] => (Allow) E:\Steam\steamapps\common\Beholder\Beholder.exe
FirewallRules: [{FA67FAE5-3293-4611-96D4-09CF58E2ECCE}] => (Allow) E:\Steam\steamapps\common\Beholder\Beholder.exe
FirewallRules: [{2F540637-86A1-4C2D-BF3E-1C27CB81DC51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46C7AABE-DCB5-46A4-B965-A9F509607A80}] => (Allow) E:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{12C7ACC7-5533-49BB-B8BC-363B493E5DC5}] => (Allow) E:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{F50FD054-5F20-408A-B270-ABB2A7EB1D96}] => (Allow) E:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{D43A379E-E6DF-4504-BBB1-9AB9E29A0FD1}] => (Allow) E:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{AFD591AC-CACE-4CC4-ADE9-79A000FD507C}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{A40E91AC-62A0-4025-A742-323663882DD5}] => (Allow) E:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{628766E9-4C93-450D-A313-BB0144C22DCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{22FBB92E-EEFA-4804-A0C7-444B82579374}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C97E9772-ECBD-4C90-A901-9FF60D660467}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B97361DA-040D-430F-BD5F-88EF314620D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E70DF23-42C8-432D-B18B-A1808B97E212}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{10AB831B-C889-490C-8F60-96AB1C7502C1}] => (Allow) E:\Steam\steamapps\common\Verdun\1914-1918 Series.exe
FirewallRules: [{A9AB1628-93F0-4387-8935-76B8F7B87FB0}] => (Allow) E:\Steam\steamapps\common\Verdun\1914-1918 Series.exe

==================== Restore Points =========================

11-09-2017 03:00:20 Windows Update
12-09-2017 03:00:20 Windows Update
13-09-2017 03:00:19 Windows Update
14-09-2017 03:00:20 Windows Update
15-09-2017 03:00:19 Windows Update
17-09-2017 03:00:10 Windows Update
17-09-2017 15:37:30 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2017 05:29:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/17/2017 05:29:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/17/2017 05:19:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 05:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 05:01:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 04:10:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (09/17/2017 04:09:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\microsoft office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/17/2017 03:41:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 03:28:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2017 03:27:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 4.0.1000.0, time stamp: 0x54b5dc94
Faulting module name: nvstreamsvc.exe, version: 4.0.1000.0, time stamp: 0x54b5dc94
Exception code: 0x40000015
Fault offset: 0x00000000003e81fa
Faulting process id: 0x60c
Faulting application start time: 0x01d32fc11ba29c1e
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Report Id: 6282a7ce-9bb4-11e7-9896-fcaa14c32797


System errors:
=============
Error: (09/17/2017 05:19:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2017 05:19:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (09/17/2017 05:19:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (09/17/2017 05:19:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:18:25 PM on ‎9/‎17/‎2017 was unexpected.

Error: (09/17/2017 05:08:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2017 05:08:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (09/17/2017 05:08:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (09/17/2017 05:08:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:07:20 PM on ‎9/‎17/‎2017 was unexpected.

Error: (09/17/2017 05:01:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/17/2017 05:01:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 18%
Total physical RAM: 32629.22 MB
Available physical RAM: 26603.08 MB
Total Virtual: 65256.63 MB
Available Virtual: 57121.63 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:227.02 GB) (Free:61.35 GB) NTFS
Drive e: () (Fixed) (Total:1863.01 GB) (Free:1209.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6D21D437)
Partition 1: (Active) - (Size=5.9 GB) - (Type=27)
Partition 2: (Not Active) - (Size=227 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A0B47ED7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[gus]

Hi 10months, Thank you for the log, whilst I check it would recommend you remove some newly acquired junk. Unfortunately when you install Nvidia drivers these days you get some bundled junk that sends information back to Nvidia. It's no big deal but you might like to follow this guide and remove their telemetry?

The guide is HERE

 

[gus]

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"

Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post

 

[gus]

Hi 10months, any update for us?

 

[10months]

Hey, sorry again (again) for the slow responses
I haven't done the telemetry removal, I don't particularly mind it if it won't cause any performance issues.
My Chrome extensions were removed with the fix, is it fine to reinstall them?


Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by Alex (21-09-2017 21:51:02) Run:1
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available Profiles: Alex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorepoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQxcUwFIFAEUbQsNVFxcFQATIRRZAFtDDAxFcg4PWV1HEAIVdB9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM -> {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQxcUwFIFAEUbQsNVFxcFQATIRRZAFtDDAxFcg4PWV1HEAIVdB9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} URL =
SearchScopes: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-630333582-4039751370-1614634531-1000 -> {A6A1D0B1-E2C0-425C-9FA5-600268E3E449} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWJAsAWAxFFhgRdQxdTA1EEVQOIVhaUxRIRwcUdwFcVwhGFwEFIk0FA1oDB0VXfV5bFElXTwhxJUpNDU0CaUBB"
CHR StartupUrls: Default -> "chrome://history/","hxxps://www.youtube.com/feed/subscriptions","hxxp://www.netflix.com/browse/","hxxps://twitter.com/","hxxp://www.schoolplannerbook.com/tanbridge/homework/?email=12afarr%40ths.uk.net&action=homeworkfromemail&view=due&as=list","hxxp://vle.ths.uk.net/"
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\SDSDefs\20170903.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\SDSDefs\20170903.001\NAVEX15.SYS [X]
Task: {0E10E79B-1E11-4FE0-8E62-AA7A2FEBDEBB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-630333582-4039751370-1614634531-1000
Task: {0E2760F8-3F8C-475B-857C-6F966EB51CFD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-16] (Microsoft Corporation)
Task: {333417FE-D85C-41DA-A0E4-3570F2DB8D8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-16] (Microsoft Corporation)
Task: {3C6655B2-C4F1-48D6-8626-C00343860F72} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {4C621390-2ED0-4DC8-8214-3CC44517B6F5} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {545B86B2-596D-4117-AB6D-E9F723D954F9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-16] ()
Task: {6C64553E-F232-4DE0-972A-F5275F25F314} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {6F344BC0-2C6B-4B4F-8420-06B6452BD820} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-16] (Microsoft Corporation)
Task: {7A180518-D8DF-41D3-8C8F-E1D26DA021C7} - System32\Tasks\DllKitPRO => C:\Program Files (x86)\DllKitPRO\dllkitpro.exe
Task: {9350ECA1-A41C-4A0D-B77D-1A79EF41587F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-09-10] (Overwolf LTD)
Task: {CA7A9A3C-D0EB-4DB4-BD2D-FB2E4D3A6DAC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {E8FDE3AE-AC85-4A31-9C6A-FEF251529C48} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-16] ()
Task: {F50F6D2F-D9C1-4765-801D-ACFDDD8EEE31} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-22] (NVIDIA Corporation)
Task: {F7833A2D-DC5B-4F58-B533-AF4B948C8207} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
C:\Program Files (x86)\DllKitPRO\dllkitpro.exe
C:\ProgramData\DP45977C.lfl
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: ipconfig /flushdns
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => key removed successfully
HKLM\Software\Classes\CLSID\OldSearch => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} => key removed successfully
HKLM\Software\Classes\CLSID\{E5C08DF4-F5F1-4F74-B779-C18750CDCC3F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => key removed successfully
HKLM\Software\Classes\CLSID\OldSearch => key not found.
HKU\S-1-5-21-630333582-4039751370-1614634531-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A6A1D0B1-E2C0-425C-9FA5-600268E3E449} => key removed successfully
HKLM\Software\Classes\CLSID\{A6A1D0B1-E2C0-425C-9FA5-600268E3E449} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E10E79B-1E11-4FE0-8E62-AA7A2FEBDEBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E10E79B-1E11-4FE0-8E62-AA7A2FEBDEBB} => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-630333582-4039751370-1614634531-1000 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-630333582-4039751370-1614634531-1000 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E2760F8-3F8C-475B-857C-6F966EB51CFD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E2760F8-3F8C-475B-857C-6F966EB51CFD} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Subscription Maintenance => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Subscription Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{333417FE-D85C-41DA-A0E4-3570F2DB8D8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{333417FE-D85C-41DA-A0E4-3570F2DB8D8E} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C6655B2-C4F1-48D6-8626-C00343860F72} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C6655B2-C4F1-48D6-8626-C00343860F72} => key removed successfully
C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C621390-2ED0-4DC8-8214-3CC44517B6F5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C621390-2ED0-4DC8-8214-3CC44517B6F5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{545B86B2-596D-4117-AB6D-E9F723D954F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{545B86B2-596D-4117-AB6D-E9F723D954F9} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C64553E-F232-4DE0-972A-F5275F25F314} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C64553E-F232-4DE0-972A-F5275F25F314} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F344BC0-2C6B-4B4F-8420-06B6452BD820} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F344BC0-2C6B-4B4F-8420-06B6452BD820} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A180518-D8DF-41D3-8C8F-E1D26DA021C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A180518-D8DF-41D3-8C8F-E1D26DA021C7} => key removed successfully
C:\Windows\System32\Tasks\DllKitPRO => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DllKitPRO => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9350ECA1-A41C-4A0D-B77D-1A79EF41587F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9350ECA1-A41C-4A0D-B77D-1A79EF41587F} => key removed successfully
C:\Windows\System32\Tasks\Overwolf Updater Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA7A9A3C-D0EB-4DB4-BD2D-FB2E4D3A6DAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA7A9A3C-D0EB-4DB4-BD2D-FB2E4D3A6DAC} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8FDE3AE-AC85-4A31-9C6A-FEF251529C48} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8FDE3AE-AC85-4A31-9C6A-FEF251529C48} => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F50F6D2F-D9C1-4765-801D-ACFDDD8EEE31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50F6D2F-D9C1-4765-801D-ACFDDD8EEE31} => key removed successfully
C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7833A2D-DC5B-4F58-B533-AF4B948C8207} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7833A2D-DC5B-4F58-B533-AF4B948C8207} => key removed successfully
C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
"C:\Program Files (x86)\DllKitPRO\dllkitpro.exe" => not found.
C:\ProgramData\DP45977C.lfl => moved successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state Off =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-09-2017 21:52:16)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NAVENG => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => key could not remove. Access Denied.

==== End of Fixlog 21:52:16 ====