So for a good few months now (Yes I know I shouldn't have ignored it for this long) malware bytes has been giving me notifs about malware and it's always these 3 or 4 "FOLDER.HIJACK OPTIONS" that pop up, I tell it to remove, and next day (or whenever I leave my pc on long enough for it to scan) it detects the exact same malware, how do I get rid of it?
Hijack.folderoptions won't remove.
Started by
oPiruz
, May 19 2016 07:02 AM
#2
Posted 20 May 2016 - 10:33 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
The report will be saved in the C:\AdwCleaner folder.
Junkware-Removal-Tool
Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
- Pause your anti-virus. Close all browsers.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
#3
Posted 21 May 2016 - 01:38 PM
oPiruz
- Topic Starter
-
- Member
-
- 23 posts
Member
# AdwCleaner v5.117 - Logfile created 21/05/2016 at 14:29:45
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 10 Home (X64)
# Username : oPiruz - DESKTOP-O1J00JT
# Running from : D:\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M0596A41A-A8AB-45B5-A0F1-0328A591AF69&SearchSource=55&CUI=&UM=6&UP=SP7D523BDA-67C8-46A7-964D-8F70B29724B2&SSPV=SE4NTPBGC_sp_ch
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2351 bytes] - [19/05/2016 07:52:00]
C:\AdwCleaner\AdwCleaner[C2].txt - [1351 bytes] - [21/05/2016 14:29:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [2135 bytes] - [19/05/2016 07:49:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1469 bytes] - [21/05/2016 14:29:01]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1570 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by oPiruz (Administrator) on Sat 05/21/2016 at 14:32:00.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)
Successfully deleted: C:\Users\oPiruz\AppData\Roaming\imvuclient (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/21/2016 at 14:32:45.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by oPiruz (administrator) on DESKTOP-O1J00JT (21-05-2016 14:35:38)
Running from D:\Desktop
Loaded Profiles: oPiruz (Available Profiles: oPiruz)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-25] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-18] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [595616 2016-04-21] (Razer Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => D:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Discord] => C:\Users\oPiruz\AppData\Local\Discord\app-0.0.290\Discord.exe [57924280 2016-05-05] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [uTorrent] => C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-20] (BitTorrent Inc.)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Clownfish] => D:\Program Files (x86)\Clownfish\Clownfish.exe [1366256 2016-02-19] (Bogdan Sharkov)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\MountPoints2: {2313fd91-cc9d-11e5-85b6-806e6f6e6963} - "E:\Launch.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-07]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> D:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-05-15]
ShortcutTarget: Curse.lnk -> C:\Users\oPiruz\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{c2edbb94-6b58-446b-b56e-91df71aca15a}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{f19e0db4-2aac-4597-aecb-15ad59084cf0}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-06] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-06] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-04-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-15] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-761187832-1820794338-2722413759-1001: @nsroblox.roblox.com/launcher -> C:\Users\oPiruz\AppData\Local\Roblox\Versions\version-ea1275ebfe8b4651\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-761187832-1820794338-2722413759-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\oPiruz\AppData\Local\Roblox\Versions\version-ea1275ebfe8b4651\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
CHR Extension: (BetterTTV) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-06]
CHR Extension: (Google Docs) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
CHR Extension: (YouTube) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
CHR Extension: (Adblock Plus) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (AVG Secure Search) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-05-21]
CHR Extension: (Google Search) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
CHR Extension: (Dark Theme v2) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlgdeklopcjagknhlchbdjekgpgenad [2016-02-06]
CHR Extension: (Google Sheets) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (ROBLOX+) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2016-05-20]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Oddshot) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnoeeagkgpkplnhmnnlgodjnjgckhja [2016-05-09]
CHR Extension: (Gmail) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
CHR Extension: (That's Pretty Good (iDubbbzTV)) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnidecdngnainebcfbmebgpkmnmljdng [2016-02-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-05-18] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-02-13] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-02-13] ()
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [65176 2016-04-28] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [28344 2015-10-09] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [4767488 2015-12-15] (Realtek Semiconductor Corporation )
S3 rzbtendpt; C:\Windows\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-08] (Razer Inc)
S3 rzhnet; C:\Windows\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 14:35 - 2016-05-21 14:35 - 00000000 ____D C:\FRST
2016-05-21 14:30 - 2016-05-21 14:30 - 00000000 ____D C:\Users\oPiruz\AppData\LocalLow\uTorrent
2016-05-20 21:49 - 2016-05-20 21:49 - 00015000 ___SH (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\BlFilter.sys
2016-05-19 07:49 - 2016-05-21 14:29 - 00000000 ____D C:\AdwCleaner
2016-05-18 17:28 - 2016-05-18 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-15 22:10 - 2016-05-21 14:31 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Curse Client
2016-05-15 22:10 - 2016-05-15 22:10 - 00001070 _____ C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-05-15 22:09 - 2016-05-15 22:09 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Curse
2016-05-15 15:05 - 2016-05-15 15:05 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\.mono
2016-05-15 15:05 - 2016-05-15 15:05 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Colossal Order
2016-05-15 15:05 - 2016-05-15 15:05 - 00000000 ____D C:\ProgramData\.mono
2016-05-14 15:52 - 2016-05-14 15:52 - 00000000 ____D C:\Users\oPiruz\AppData\Local\My Games
2016-05-14 15:51 - 2016-05-14 15:51 - 00000000 ____D C:\ProgramData\Steam
2016-05-13 22:44 - 2016-04-14 00:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-05-11 15:44 - 2016-05-11 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls III
2016-05-11 14:56 - 2016-04-23 01:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 14:56 - 2016-04-23 01:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 14:56 - 2016-04-23 01:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 14:56 - 2016-04-23 00:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 14:56 - 2016-04-23 00:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:56 - 2016-04-23 00:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 14:56 - 2016-04-23 00:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:56 - 2016-04-23 00:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 14:56 - 2016-04-23 00:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 14:56 - 2016-04-23 00:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 14:56 - 2016-04-23 00:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 14:56 - 2016-04-23 00:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 14:56 - 2016-04-23 00:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 14:56 - 2016-04-23 00:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:56 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 14:56 - 2016-04-22 23:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 14:56 - 2016-04-22 23:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 14:56 - 2016-04-22 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 14:56 - 2016-04-22 23:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 14:56 - 2016-04-22 23:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 14:56 - 2016-04-22 23:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 14:56 - 2016-04-22 23:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 14:56 - 2016-04-22 23:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:56 - 2016-04-22 23:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 14:56 - 2016-04-22 23:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 14:56 - 2016-04-22 23:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 14:56 - 2016-04-22 23:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 14:56 - 2016-04-22 23:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 14:56 - 2016-04-22 23:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 14:56 - 2016-04-22 23:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 14:56 - 2016-04-22 23:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:56 - 2016-04-22 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 14:56 - 2016-04-22 23:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 14:56 - 2016-04-22 23:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 14:56 - 2016-04-22 23:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 14:56 - 2016-04-22 23:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 14:56 - 2016-04-22 23:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 14:56 - 2016-04-22 23:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 14:56 - 2016-04-22 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 14:56 - 2016-04-22 23:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:56 - 2016-04-22 23:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 14:56 - 2016-04-22 23:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 14:56 - 2016-04-22 23:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 14:56 - 2016-04-22 23:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:56 - 2016-04-22 23:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:56 - 2016-04-22 23:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 14:56 - 2016-04-22 23:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 14:56 - 2016-04-22 23:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 14:56 - 2016-04-22 23:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 14:56 - 2016-04-22 23:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 14:56 - 2016-04-22 23:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 14:56 - 2016-04-22 23:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 14:56 - 2016-04-22 23:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 14:56 - 2016-04-22 23:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:56 - 2016-04-22 23:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 14:56 - 2016-04-22 23:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 14:56 - 2016-04-22 23:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 14:56 - 2016-04-22 23:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 14:55 - 2016-05-05 23:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 14:55 - 2016-05-05 23:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 14:55 - 2016-05-05 23:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 14:55 - 2016-05-05 22:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 14:55 - 2016-05-05 22:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 14:55 - 2016-05-05 22:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 14:55 - 2016-05-05 22:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 14:55 - 2016-05-05 22:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 14:55 - 2016-04-30 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 14:55 - 2016-04-30 01:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 14:55 - 2016-04-23 01:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 14:55 - 2016-04-23 01:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 14:55 - 2016-04-23 01:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 14:55 - 2016-04-23 01:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 14:55 - 2016-04-23 01:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 14:55 - 2016-04-23 00:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 14:55 - 2016-04-23 00:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:55 - 2016-04-23 00:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 14:55 - 2016-04-23 00:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 14:55 - 2016-04-23 00:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 14:55 - 2016-04-23 00:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 14:55 - 2016-04-23 00:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 14:55 - 2016-04-23 00:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:55 - 2016-04-23 00:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 14:55 - 2016-04-23 00:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 14:55 - 2016-04-23 00:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 14:55 - 2016-04-23 00:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 14:55 - 2016-04-23 00:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 14:55 - 2016-04-23 00:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 14:55 - 2016-04-23 00:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 14:55 - 2016-04-23 00:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 14:55 - 2016-04-23 00:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 14:55 - 2016-04-23 00:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 14:55 - 2016-04-23 00:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 14:55 - 2016-04-23 00:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 14:55 - 2016-04-23 00:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 14:55 - 2016-04-23 00:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:55 - 2016-04-23 00:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 14:55 - 2016-04-23 00:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 14:55 - 2016-04-23 00:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 14:55 - 2016-04-23 00:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 14:55 - 2016-04-23 00:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 14:55 - 2016-04-23 00:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 14:55 - 2016-04-23 00:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 14:55 - 2016-04-23 00:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 14:55 - 2016-04-23 00:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 14:55 - 2016-04-23 00:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 14:55 - 2016-04-23 00:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 14:55 - 2016-04-23 00:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 14:55 - 2016-04-23 00:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 14:55 - 2016-04-23 00:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 14:55 - 2016-04-23 00:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:55 - 2016-04-23 00:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 14:55 - 2016-04-23 00:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 14:55 - 2016-04-23 00:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:55 - 2016-04-23 00:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 14:55 - 2016-04-23 00:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 14:55 - 2016-04-23 00:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 14:55 - 2016-04-22 23:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 14:55 - 2016-04-22 23:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 14:55 - 2016-04-22 23:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 14:55 - 2016-04-22 23:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 14:55 - 2016-04-22 23:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 14:55 - 2016-04-22 23:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 14:55 - 2016-04-22 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 14:55 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 14:55 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 14:55 - 2016-04-22 23:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 14:55 - 2016-04-22 23:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 14:55 - 2016-04-22 23:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 14:55 - 2016-04-22 23:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 14:55 - 2016-04-22 23:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 14:55 - 2016-04-22 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 14:55 - 2016-04-22 23:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 14:55 - 2016-04-22 23:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 14:55 - 2016-04-22 23:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 14:55 - 2016-04-22 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 14:55 - 2016-04-22 23:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 14:55 - 2016-04-22 23:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 14:55 - 2016-04-22 23:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 14:55 - 2016-04-22 23:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 14:55 - 2016-04-22 23:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 14:55 - 2016-04-22 23:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 14:55 - 2016-04-22 23:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 14:55 - 2016-04-22 23:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 14:55 - 2016-04-22 23:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 14:55 - 2016-04-22 23:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 14:55 - 2016-04-22 23:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 14:55 - 2016-04-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 14:55 - 2016-04-22 23:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 14:55 - 2016-04-22 23:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 14:55 - 2016-04-22 23:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 14:55 - 2016-04-22 23:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 14:55 - 2016-04-22 23:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 14:55 - 2016-04-22 23:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 14:55 - 2016-04-22 23:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 14:55 - 2016-04-22 23:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 14:55 - 2016-04-22 23:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 14:55 - 2016-04-22 23:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 14:55 - 2016-04-22 23:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:55 - 2016-04-22 23:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 14:55 - 2016-04-22 23:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 14:55 - 2016-04-22 23:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 14:55 - 2016-04-22 23:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 14:55 - 2016-04-22 23:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 14:55 - 2016-04-22 23:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 14:55 - 2016-04-22 23:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 14:55 - 2016-04-22 23:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:55 - 2016-04-22 23:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 14:55 - 2016-04-22 23:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 14:55 - 2016-04-22 23:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 14:55 - 2016-04-22 23:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 14:55 - 2016-04-22 23:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 14:55 - 2016-04-22 23:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:55 - 2016-04-22 23:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 14:55 - 2016-04-22 23:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 14:55 - 2016-04-22 23:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 14:55 - 2016-04-22 23:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:55 - 2016-04-22 23:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:55 - 2016-04-22 23:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 14:55 - 2016-04-22 23:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 14:55 - 2016-04-22 23:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 14:55 - 2016-04-22 23:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 14:55 - 2016-04-22 23:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 14:55 - 2016-04-22 23:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 14:55 - 2016-04-22 23:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 14:55 - 2016-04-22 23:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:55 - 2016-04-22 23:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 14:55 - 2016-04-22 23:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 14:55 - 2016-04-22 23:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 14:55 - 2016-04-22 23:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 14:55 - 2016-04-22 23:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 14:55 - 2016-04-22 23:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:55 - 2016-04-22 23:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 14:55 - 2016-04-22 23:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 14:55 - 2016-04-22 23:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 14:55 - 2016-04-22 23:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:55 - 2016-04-22 23:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:55 - 2016-04-22 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 14:55 - 2016-04-22 23:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 14:55 - 2016-04-22 23:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 14:55 - 2016-04-22 23:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:55 - 2016-04-22 23:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 14:55 - 2016-04-22 23:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 14:55 - 2016-04-22 23:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 14:55 - 2016-04-22 23:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 14:55 - 2016-04-22 23:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:55 - 2016-04-22 23:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 14:55 - 2016-04-22 23:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 14:55 - 2016-04-22 23:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 14:55 - 2016-04-22 23:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 14:55 - 2016-04-22 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 14:55 - 2016-04-22 23:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 14:55 - 2016-04-22 23:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 14:55 - 2016-04-22 23:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 14:55 - 2016-04-22 23:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:55 - 2016-04-22 23:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 14:55 - 2016-04-22 23:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 14:55 - 2016-04-22 23:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 14:55 - 2016-04-22 23:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 14:55 - 2016-04-22 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 14:55 - 2016-04-22 23:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 14:55 - 2016-04-22 22:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 14:55 - 2016-04-22 21:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 14:55 - 2016-04-22 21:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 14:55 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 02:12 - 2016-05-11 02:13 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\DarkSoulsIII
2016-05-06 13:57 - 2016-05-06 13:57 - 00000000 ____D C:\Program Files\Java
2016-05-04 23:52 - 2016-05-04 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-05-04 23:09 - 2016-05-10 09:24 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Battle.net
2016-05-04 23:09 - 2016-05-05 13:11 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Battle.net
2016-05-04 23:09 - 2016-05-04 23:09 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Blizzard Entertainment
2016-05-04 23:09 - 2016-05-04 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-05-04 23:09 - 2016-05-04 23:09 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-05-04 23:07 - 2016-05-05 13:11 - 00000000 ____D C:\ProgramData\Battle.net
2016-04-29 23:48 - 2016-05-20 20:00 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\obs-studio
2016-04-29 23:48 - 2016-04-29 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-04-28 17:36 - 2016-04-28 17:36 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Black_Tree_Gaming
2016-04-28 17:36 - 2016-04-28 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-04-25 16:29 - 2016-04-25 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-04-25 16:29 - 2016-04-25 16:29 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-04-25 05:27 - 2016-04-25 05:27 - 01400792 _____ (Razer Inc) C:\WINDOWS\SysWOW64\rzdevicedll.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 14:31 - 2016-02-06 02:25 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Skype
2016-05-21 14:30 - 2016-02-06 02:22 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\uTorrent
2016-05-21 14:30 - 2016-02-06 02:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-21 14:30 - 2016-02-06 01:59 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 14:30 - 2016-02-06 01:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-21 14:30 - 2016-02-06 01:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-21 14:30 - 2016-02-06 01:37 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-21 14:23 - 2016-02-06 01:58 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7C9090F-3C4C-4A08-8466-ED3786203956}
2016-05-21 14:21 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-21 11:16 - 2016-02-06 01:59 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 02:24 - 2016-02-06 01:41 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-21 02:00 - 2016-02-06 02:17 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Adobe
2016-05-21 01:11 - 2016-02-13 21:08 - 00000000 ____D C:\ProgramData\Origin
2016-05-20 21:49 - 2016-02-06 02:19 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-20 14:47 - 2016-02-13 21:35 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-20 14:47 - 2016-02-13 21:35 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-05-20 13:03 - 2016-02-06 01:53 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-20 13:03 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\INF
2016-05-19 23:11 - 2016-02-07 17:47 - 00000080 _____ C:\Users\oPiruz\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2016-05-19 17:01 - 2016-02-08 07:34 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\TS3Client
2016-05-19 08:04 - 2016-02-24 02:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-18 14:13 - 2016-02-06 01:49 - 00000000 ____D C:\Users\oPiruz
2016-05-15 23:26 - 2016-02-07 06:43 - 00000000 ____D C:\Users\oPiruz\AppData\Local\CrashDumps
2016-05-15 15:02 - 2016-02-06 02:09 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-15 13:08 - 2016-02-06 19:59 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\OBS
2016-05-14 03:02 - 2016-02-06 01:38 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 23:43 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\discord
2016-05-13 17:04 - 2016-02-16 21:40 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-05-13 03:05 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 21:19 - 2016-02-06 01:59 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 15:01 - 2016-02-06 01:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 15:01 - 2016-02-06 01:45 - 04923704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-12 15:00 - 2016-02-06 01:41 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 15:30 - 2016-02-06 04:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 15:26 - 2016-02-06 04:10 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 14:57 - 2016-02-06 01:42 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 14:57 - 2016-02-06 01:42 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-10 16:11 - 2016-02-06 01:59 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:11 - 2016-02-06 01:59 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 15:34 - 2016-03-07 12:54 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-10 14:41 - 2016-03-18 13:08 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Arma 3
2016-05-06 13:59 - 2016-03-27 00:32 - 00000000 ____D C:\ProgramData\Oracle
2016-05-06 13:57 - 2016-03-27 00:32 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-05-06 13:57 - 2016-03-27 00:32 - 00000000 ____D C:\Users\oPiruz\.oracle_jre_usage
2016-05-06 13:57 - 2016-03-27 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-06 11:30 - 2016-02-06 02:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-06 11:30 - 2016-02-06 02:25 - 00000000 ____D C:\ProgramData\Skype
2016-05-06 11:30 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-05-06 11:30 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Local\SquirrelTemp
2016-05-06 11:30 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Discord
2016-05-04 21:53 - 2016-02-21 22:39 - 00000000 ____D C:\Users\oPiruz\AppData\Local\DayZ
2016-05-04 15:56 - 2016-02-06 01:45 - 00000000 ____D C:\ProgramData\Razer
2016-05-04 15:52 - 2016-02-06 01:52 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2016-05-02 16:10 - 2016-02-06 01:49 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Packages
2016-05-02 00:39 - 2016-02-06 02:51 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-05-02 00:39 - 2016-02-06 02:51 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-05-02 00:38 - 2016-02-06 02:51 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-05-02 00:38 - 2016-02-06 02:51 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-05-02 00:38 - 2016-02-06 02:51 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-04-28 17:36 - 2016-03-03 02:40 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Fallout4
2016-04-25 20:25 - 2016-02-06 01:51 - 00002366 _____ C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 20:25 - 2016-02-06 01:51 - 00000000 ___RD C:\Users\oPiruz\OneDrive
2016-04-25 16:29 - 2016-02-07 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-22 02:57 - 2016-02-06 04:11 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2016-02-06 01:45 - 2016-02-06 01:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\oPiruz\AppData\Local\Temp\5188800AB768.dll
C:\Users\oPiruz\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\oPiruz\AppData\Local\Temp\Bass.dll
C:\Users\oPiruz\AppData\Local\Temp\Bass.Net.dll
C:\Users\oPiruz\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\oPiruz\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\oPiruz\AppData\Local\Temp\InstallIMVU_525.0.exe
C:\Users\oPiruz\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\oPiruz\AppData\Local\Temp\libeay32.dll
C:\Users\oPiruz\AppData\Local\Temp\msvcr120.dll
C:\Users\oPiruz\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\oPiruz\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\oPiruz\AppData\Local\Temp\nvStInst.exe
C:\Users\oPiruz\AppData\Local\Temp\PerfectService.exe
C:\Users\oPiruz\AppData\Local\Temp\setup.dll
C:\Users\oPiruz\AppData\Local\Temp\sonarinst.exe
C:\Users\oPiruz\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-12 09:15
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by oPiruz (2016-05-21 14:35:58)
Running from D:\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-06 06:48:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-761187832-1820794338-2722413759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-761187832-1820794338-2722413759-503 - Limited - Disabled)
Guest (S-1-5-21-761187832-1820794338-2722413759-501 - Limited - Disabled)
oPiruz (S-1-5-21-761187832-1820794338-2722413759-1001 - Administrator - Enabled) => C:\Users\oPiruz
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
American Truck Simulator (HKLM-x32\...\Steam App 270880) (Version: - SCS Software)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version: - Infinity Ward)
Car Mechanic Simulator 2015 Gold Edition (HKLM-x32\...\Car Mechanic Simulator 2015 Gold Edition_is1) (Version: - )
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine)
Cities: Skylines (HKLM\...\Steam App 255710) (Version: - Colossal Order Ltd.)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version: - )
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Discord (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Discord) (Version: 0.0.290 - Hammer & Chisel, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Daybreak Games)
H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version: - Daybreak Game Company)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IMVU Avatar Chat Software (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\IMVU Avatar chat client software BETA) (Version: - )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{1B408C7B-4541-479A-BA4D-29BE885E6D27}) (Version: 14.0.103 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.20 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.1 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.6.2 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29092 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rise of the Tomb Raider (HKLM-x32\...\Steam App 391220) (Version: - Crystal Dynamics)
ROBLOX Player for oPiruz (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for oPiruz (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
The Enigma Protector v4.40 Build 20150619 (HKLM-x32\...\The Enigma Protector_is1) (Version: - The Enigma Protector Developers Team)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TruckersMP 0.2.0.8 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.8 Alpha - ETS2MP Team)
Uplay (HKLM-x32\...\Uplay) (Version: 13.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0-2) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (Version: 1.0.3.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-761187832-1820794338-2722413759-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\oPiruz\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-761187832-1820794338-2722413759-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\oPiruz\AppData\Local\Roblox\Versions\version-ea1275ebfe8b4651\RobloxProxy64.dll (ROBLOX Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {383880FB-F443-4052-A844-75B11B33034E} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {386A4466-93B2-4FB9-B266-12A05AB59DDD} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-O1J00JT-oPiruz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {466C7FAD-47BE-4137-80D9-9A72D25719C2} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {7A561BB9-A373-4C87-A4CA-BE1B716E7056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
Task: {C7A40AF3-A6CD-4477-ABBD-881DC0117413} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {C80A89B7-4A5D-475E-BA91-1413DA451D92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
Task: {FCA2DB2C-8816-4114-8CA5-233F1222C0E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-17 21:38 - 2015-12-17 21:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 21:38 - 2015-12-17 21:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-13 22:31 - 2016-02-13 22:31 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2016-03-01 12:43 - 2016-05-02 00:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-02-06 02:51 - 2016-05-02 00:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-01 12:43 - 2016-05-02 00:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-29 19:32 - 2016-05-02 00:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-04-12 14:09 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 14:09 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-25 20:25 - 2016-04-25 20:25 - 00959176 _____ () C:\Users\oPiruz\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-03-29 19:32 - 2016-05-02 00:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 19:32 - 2016-05-02 00:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 19:32 - 2016-05-02 00:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-06 02:51 - 2016-05-02 00:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-19 09:47 - 2016-04-19 09:47 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-29 18:16 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:55 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 14:56 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:56 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:56 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:56 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-29 19:32 - 2016-05-02 00:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 19:32 - 2016-05-02 00:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 01021792 _____ () C:\Windows\System32\speech\engines\tts\MSTTSEngine.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00528384 _____ () C:\Windows\System32\speech\engines\tts\MSTTSLoc.DLL
2016-05-12 21:18 - 2016-05-10 22:49 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 21:18 - 2016-05-10 22:49 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-04-19 09:47 - 2016-04-19 09:47 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 09:47 - 2016-04-19 09:47 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-06 02:51 - 2016-05-02 01:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-02-06 01:41 - 2016-02-06 01:40 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-761187832-1820794338-2722413759-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\best wallpaper NA.png
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{329C6BBE-B372-4CD5-9EC8-9BC2C2D6FC4E}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6259D9D1-8944-476F-B527-D7572AA9BE53}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{37B5D1E1-153C-4C44-BF16-55749BD8BF95}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6B1BA00B-CBA0-4C67-90D9-8D99D9A925EF}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5BB40CB1-2816-4385-80E6-FB85222654F4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{EB27140E-C6FA-43C1-8728-155CD07148AB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{0F42FDEA-C1E4-4D8E-B5CD-7926668DD7AF}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{88CA12B2-8120-460D-BB6C-29D2168BBBCE}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C73BACD7-6DFC-48D0-BDC5-CBAFFD095AFF}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EED05D5-BC9B-4416-84B5-AE98BBA9B4D9}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{25FDB943-7715-42A8-B8F9-1C14E3CE9934}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C6F92A6-D4F3-4C83-852C-05ABC22CD4FB}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{672C4668-A676-4683-92A6-90C10784B1A2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D327B293-DA0D-4E38-8470-264A95D5A603}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3EF196C1-07A8-471E-B9BD-0BD6A939C9B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{37D1E7EA-C77C-4A73-A74D-F9966D678C81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B53B49C0-F737-4516-9FF9-1E689677B20A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E5861763-5AAD-4F28-95B6-5E0B1A84E226}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FE6D9B01-67C7-4ACE-9203-6C823D3DB2BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B51CA9B-F8E0-45DF-8275-A35C5E76A5ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B3A77436-31C3-4133-A771-DA51CE8B8517}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{9C236E18-29A6-47C9-A43D-587E9C593001}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0019FA33-A62A-4D63-A201-B308FD57BCF1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{E693B41A-2494-46D4-AB5A-6CA64E706D73}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{7B84F76D-E92B-413C-9DF4-170F1C99EF4E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{A0E0D642-272E-4A77-A069-E22F88280BCD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{67DBE484-3F53-4985-9781-5B5AF6EDD9A4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{8F8810B0-D622-4672-8BC8-C42B94AF2493}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{71E95C7C-C72C-4A6A-B492-E63BCBED9B8A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1ECF4598-899B-4117-8174-702F8B47F7CF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{16D4A3A1-EBB0-4C48-A04B-8B3E5085948F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{856A17EF-05A3-40B7-9529-26C8632ED447}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{B0DFF9EA-5AE7-409A-AF4B-23DBB6A81809}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9FFCD56E-8DBF-4B88-B4DF-E59334F73CF3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{38BDAE98-29B7-430B-A4FA-B667DCCAD0BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8EE406BC-A8D5-4708-9A55-E8F61C427C10}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{F168C85A-4665-4B5D-B578-D3C0CF97749F}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{CCC55AEA-19F9-4AE8-AB68-5720706C0F81}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{1DFFEDC1-D30E-475B-9CAC-8CE4726B7B45}D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{625DAD58-EB61-4457-87DC-3223B17ABC1C}D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{93E2A689-8849-44B2-ACE0-40ACDCD737B1}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{FE19EE1C-4B51-48DE-B59E-67AC9886E9D5}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{83945BE1-1BF5-4300-8230-94738DDEDCE2}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{B0F76BBA-4F58-4141-BE1F-72F23D8F7F4D}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{272C1EE2-C63B-4464-964D-53EA41A645D2}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{DFA6EF84-84D7-4AA9-BED8-A3121F850C3E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{1AF72E99-0396-45C8-A6C1-6E21AD74724C}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E55B983C-2C25-4439-9A51-BBA787761B0B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{4B1EDFC0-BD37-48C0-9270-14BEB626B643}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{6FA9531C-CEFD-481C-A992-CD166988D322}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{0C81849F-1F8D-43CF-B33E-316BFA9F794B}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{036FA577-B434-4C3E-BCAE-4FF94B017E15}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{B8DB0440-546A-41D0-950D-DB4D050174DC}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{4079186F-B0B8-40C8-A911-29AD3E21D9A5}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{A24FBC66-8D67-4484-8DB0-386AA0CF456D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{E35DC302-9A07-4642-9D10-32D0E57A4611}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{2C282132-B3AB-46F0-BAA6-7141C85E0993}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{500D9323-AA6A-4169-ACE6-B873FA88580A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{565CC3AD-8D3D-4007-8EA7-5646840FFFD7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E3BB896D-1B34-4CD4-8149-C68914691A7C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{04FF806A-B980-4168-9847-30D8390DC873}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{E3387771-1FE2-4408-8A01-409325C4B57A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{C21E30D4-3BC8-4482-81F4-5A9009538856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{198551EC-2E3B-46C9-9BF3-B3AA60509606}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{AE4DFA9F-A261-430B-8724-93447E9338A0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{FCE61D5C-4B27-45B5-A813-7209A755D5F2}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{CB7B0F71-1F76-4183-9E65-6DF6A47C7F8A}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{2991041A-67AE-40D2-A51A-C2E135CF7818}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{38A83FB9-A78E-48C1-BF6F-01A6223E8356}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{AD943466-1E9C-4158-9B4D-3350D62877D0}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{AD500393-AAD2-4EB6-9D45-B72107ACBD0C}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
FirewallRules: [{0346311F-A3A1-460B-BE03-2BFFFBE1BC61}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{9215B303-A2CA-4877-B6C9-45A5C7A97124}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{8672652A-E93F-4BA2-8298-7D813C0637D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F537AAF-55AC-4E95-B5BB-7B483353785C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FD4C066-DFEA-4B0C-9A5B-037E917BB57B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E1CA759C-2D12-48CF-ABDE-07EE3BB119F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8029BCCC-1E3E-497F-8808-3F0F1454DF92}] => (Allow) D:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BBEDB89C-F863-46E9-830D-3786D9EA9A39}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{B0F4D177-5168-45BB-9C80-BC68C104D054}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{95392585-FDA3-47AC-9036-4F9FF3D0A575}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{710C1F17-BFC2-47FB-8891-49D3F51EF048}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{4A2F66EA-9B5C-4C87-A4E2-4144E4A176FD}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8B3387C2-CF21-42B5-9BD8-773D77DDE481}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{8ED7BA44-06C2-4B31-B3B2-396A7296A5EE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{C36C0A3B-097E-4055-9E40-C18855A956AE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{D037A408-90C2-48B8-956E-45C834502BA2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{C4460F77-AE42-4BA2-9E3D-8685B355947E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{A2DD93ED-ECAA-4221-AA16-1CF59A1015F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{62203BEE-1527-4B61-9701-E8B30BF0C206}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [TCP Query User{3577FB33-AEEB-4B38-81AE-0304FFEB5C0A}D:\program files\java\bin\javaw.exe] => (Allow) D:\program files\java\bin\javaw.exe
FirewallRules: [UDP Query User{D4884365-14C7-4DDB-853C-27601F044B52}D:\program files\java\bin\javaw.exe] => (Allow) D:\program files\java\bin\javaw.exe
FirewallRules: [{3622894A-FD94-4252-B8E8-6C44A227321B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{4019EECF-C30A-42E1-BD08-D00EAFF5D8AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{7722E7A5-F1ED-4B96-90A8-A714653D7D50}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C692AFF4-943C-44E1-9FD6-AC874CC4CFC6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{FB0EB6A8-199C-48D3-BAF7-8541C4F60D66}D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{61D5734B-E78E-4B1F-9C30-D57BB3FE4E42}D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{78AD15DD-C01C-4C03-8D68-712ECF8C2241}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{1404C6DF-2ACF-4D7A-B7BF-DDEBB70661AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{32ADED99-57FC-4AA4-B2B9-755417F5AC58}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{99340F1F-7564-4584-B11E-17E89E36CF3B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{A6465F6E-5BE4-41EC-A0E9-C66483CC032C}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{CDBBCD13-B5EE-4485-916A-7DD963C503D9}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{8B5ABA51-0759-49B3-8107-EC3F6EF82074}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{201DB205-5F6A-4CF9-BBC3-AA9B243D997A}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{68D0F5A0-33E3-4D38-BD3D-2C8A0B76AF67}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{4DCBD8B5-7CD3-458D-B19C-9D48150B7B06}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{EF4D8CA1-4869-4DF6-9F03-EA67D1FB8508}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{241C9023-40D0-47DC-A635-62A5CF1AEA89}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{807CA8D6-2976-4D01-89BE-5A7AF632148D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{37724DC3-4D9D-4EFF-A1C4-738494BC3AA9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BB638D5C-2CCF-43ED-A963-27C291B30F13}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{603033EC-9F2A-49DD-969B-3C123672BEC0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{A3660204-121C-4ACD-BFAA-2EDBF3698555}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{46CF0A0E-4AB6-482A-8403-F53093B65736}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{99B5C274-9593-488A-903D-295F7DE0C8D5}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{0ED17C45-A187-4905-8769-2F5DA2596BA7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{37F8086C-CE64-4BE2-BA14-F22B4CB25CF4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [TCP Query User{05EA16FF-6858-4887-B387-480F2AD938D1}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{52B1DC08-4602-411C-9343-B20F500BE563}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
==================== Restore Points =========================
20-05-2016 10:43:16 Scheduled Checkpoint
21-05-2016 14:32:01 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2016 02:32:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/21/2016 02:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0xf40
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3
Faulting package full name: NvStreamNetworkService.exe4
Faulting package-relative application ID: NvStreamNetworkService.exe5
Error: (05/21/2016 02:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x978
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
Error: (05/21/2016 02:29:55 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2424) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
Error: (05/20/2016 12:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x974
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
Error: (05/20/2016 12:57:28 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2420) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
Error: (05/20/2016 10:43:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/19/2016 06:07:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (05/19/2016 07:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/19/2016 07:52:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0x940
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
System errors:
=============
Error: (05/21/2016 02:32:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/21/2016 02:30:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/21/2016 02:29:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_14313c55 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (05/21/2016 02:29:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2016-05-21 14:36:00.107
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 14:36:00.097
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 14:29:49.508
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 14:29:49.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 14:28:11.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 14:28:11.764
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 14:27:02.021
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 14:27:02.011
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-21 02:14:02.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-20 23:20:18.404
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 21%
Total physical RAM: 16335.24 MB
Available physical RAM: 12883.37 MB
Total Virtual: 18767.24 MB
Available Virtual: 15076.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.29 GB) (Free:38.85 GB) NTFS
Drive d: (Hard Drive) (Fixed) (Total:1863.01 GB) (Free:1094.53 GB) NTFS
Drive e: (18WoSConvoy) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
Drive g: (ESD-USB) (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 5AD06E33)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C045CE2E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15.2 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
#4
Posted 21 May 2016 - 01:48 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Are you still seeing the hijack.folderoptions?
#5
Posted 22 May 2016 - 11:22 AM
oPiruz
- Topic Starter
-
- Member
-
- 23 posts
Member
They are still there, here is the log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/22/2016
Scan Time: 12:16 PM
Logfile:
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.05.22.04
Rootkit Database: v2016.05.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: oPiruz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311220
Time Elapsed: 5 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 3
Hijack.FolderOptions, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [b23ac90f3a5f5adcb55b4ccd9f64e719]
Hijack.FolderOptions, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [4ca05682b1e81d19ba565dbc679c43bd]
Hijack.FolderOptions, HKU\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [c9237f5976233ff7fd607d93e91aa55b]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
#6
Posted 22 May 2016 - 05:58 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
OK Let's look at the three registry entries:
Copy the next 4 lines:
reg query "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER" /s > \junk.txt reg query " HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER" /s >> \junk.txt reg query "HKU\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER" /s >> \junk.txt notepad \junk.txt
Open an elevate command prompt using one of the methods in this post:
http://www.eightforu...indows-8-a.html
Right click and Paste (or Edit then Paste) and the copied lines should appear. Hit Enter if notepad does not popup. Copy the text from notepad and paste it in a reply.
#7
Posted 23 May 2016 - 07:37 AM
oPiruz
- Topic Starter
-
- Member
-
- 23 posts
Member
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\Run
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\Run
HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
NoFolderOptions REG_DWORD 0x1
HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\Run
#8
Posted 23 May 2016 - 08:23 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I think MBAM is objecting to the entries with /Run rather than the NoFolderOptions but let's see what happens when we change then back to the default and remove the /Run entries.
Download and save the attached pol.zip.
[attachment=81211:pol.zip]
Right click on it and Extract All. Right click on pol.reg and MERGE. OK
After you do this repeat the instructions in my Copy the next 4 lines: post. You should see the
NoFolderOptions REG_DWORD 0x0
under each entry and the lines with /Run at the ends should be gone.
Reboot.
Repeat the instructions in my Copy the next 4 lines: post. Did it revert back to
NoFolderOptions REG_DWORD 0x1 ?
Did the /Run entries return?
If they did please post the results before running MBAM.
#9
Posted 23 May 2016 - 01:18 PM
oPiruz
- Topic Starter
-
- Member
-
- 23 posts
Member
This is upon first set of copy 4 lines again.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x0
HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
NoFolderOptions REG_DWORD 0x0
am now restarting PC to redo, will post back results.
#10
Posted 23 May 2016 - 01:20 PM
oPiruz
- Topic Starter
-
- Member
-
- 23 posts
Member
Here is the entries upon restart
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x0
HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
NoFolderOptions REG_DWORD 0x0
is my problem now fixed?
#11
Posted 23 May 2016 - 04:09 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Looks like. Run MBAM and see if it complains now.
#12
Posted 23 May 2016 - 04:42 PM
oPiruz
- Topic Starter
-
- Member
-
- 23 posts
Member
Still detected the same 3 :\
#13
Posted 23 May 2016 - 04:51 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Can you run the reg queries again to see if anything has changed? We may be looking at a false positive. Normally the NoFolderOptions is not in the registry (the default is 0) so if nothing has changed then try this pol.zip (same procedure as before).
[attachment=81223:pol.zip]
This will just remove the NoFolderOptions entries. Perhaps that will make MBAM happy.
#14
Posted 23 May 2016 - 05:51 PM
oPiruz
- Topic Starter
-
- Member
-
- 23 posts
Member
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
ForceActiveDesktopOn REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x1
NoActiveDesktopChanges REG_DWORD 0x1
NoRecentDocsHistory REG_DWORD 0x0
NoFolderOptions REG_DWORD 0x1
HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
NoFolderOptions REG_DWORD 0x1
from a glance it looks exactly the same as before.
#15
Posted 23 May 2016 - 06:45 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Yes something is changing the 0 back to 1.
Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls Change QuickScan to C:\
Click the "Scan" button to start scan
Allow it to download the Avasrt engine if it asks.
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
