Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.folderoptions won't remove.


  • Please log in to reply

#1
oPiruz

oPiruz

    Member

  • Member
  • PipPip
  • 23 posts

So for a good few months now (Yes I know I shouldn't have ignored it for this long) malware bytes has been giving me notifs about malware and it's always these 3 or 4 "FOLDER.HIJACK OPTIONS" that pop up, I tell it to remove, and next day (or whenever I leave my pc on long enough for it to scan) it detects the exact same malware, how do I get rid of it?


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    oPiruz

    oPiruz

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts
    # AdwCleaner v5.117 - Logfile created 21/05/2016 at 14:29:45
    # Updated 15/05/2016 by Xplode
    # Database : 2016-05-15.2 [Server]
    # Operating system : Windows 10 Home  (X64)
    # Username : oPiruz - DESKTOP-O1J00JT
    # Running from : D:\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Folders ] *****
     
    [-] Folder Deleted : C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
     
    ***** [ Files ] *****
     
     
    ***** [ DLLs ] *****
     
     
    ***** [ WMI ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
    [-] [C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M0596A41A-A8AB-45B5-A0F1-0328A591AF69&SearchSource=55&CUI=&UM=6&UP=SP7D523BDA-67C8-46A7-964D-8F70B29724B2&SSPV=SE4NTPBGC_sp_ch
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C1].txt - [2351 bytes] - [19/05/2016 07:52:00]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1351 bytes] - [21/05/2016 14:29:45]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2135 bytes] - [19/05/2016 07:49:27]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1469 bytes] - [21/05/2016 14:29:01]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1570 bytes] ##########
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 10 Home x64 
    Ran by oPiruz (Administrator) on Sat 05/21/2016 at 14:32:00.77
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 4 
     
    Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut) 
    Successfully deleted: C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 
    Successfully deleted: C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
    Successfully deleted: C:\Users\oPiruz\AppData\Roaming\imvuclient (Folder) 
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 05/21/2016 at 14:32:45.31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
    Ran by oPiruz (administrator) on DESKTOP-O1J00JT (21-05-2016 14:35:38)
    Running from D:\Desktop
    Loaded Profiles: oPiruz (Available Profiles: oPiruz)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Windows\System32\PnkBstrA.exe
    (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-25] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-18] (Apple Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [595616 2016-04-21] (Razer Inc.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => D:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Discord] => C:\Users\oPiruz\AppData\Local\Discord\app-0.0.290\Discord.exe [57924280 2016-05-05] (Hammer & Chisel, Inc.)
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [uTorrent] => C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-20] (BitTorrent Inc.)
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Run: [Clownfish] => D:\Program Files (x86)\Clownfish\Clownfish.exe [1366256 2016-02-19] (Bogdan Sharkov)
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\MountPoints2: {2313fd91-cc9d-11e5-85b6-806e6f6e6963} - "E:\Launch.exe" 
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-07]
    ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> D:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
    Startup: C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-05-15]
    ShortcutTarget: Curse.lnk -> C:\Users\oPiruz\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{c2edbb94-6b58-446b-b56e-91df71aca15a}: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{f19e0db4-2aac-4597-aecb-15ad59084cf0}: [DhcpNameServer] 192.168.1.254
     
    Internet Explorer:
    ==================
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-06] (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-06] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
     
    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-06] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-06] (Oracle Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-04-25] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-15] ()
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-761187832-1820794338-2722413759-1001: @nsroblox.roblox.com/launcher -> C:\Users\oPiruz\AppData\Local\Roblox\Versions\version-ea1275ebfe8b4651\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-761187832-1820794338-2722413759-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\oPiruz\AppData\Local\Roblox\Versions\version-ea1275ebfe8b4651\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
     
    Chrome: 
    =======
    CHR HomePage: Default -> mysearch.avg.com/?rvt=1
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
    CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
    CHR Profile: C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-06]
    CHR Extension: (BetterTTV) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-06]
    CHR Extension: (Google Docs) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06]
    CHR Extension: (Google Drive) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-06]
    CHR Extension: (YouTube) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-06]
    CHR Extension: (Adblock Plus) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
    CHR Extension: (AVG Secure Search) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-05-21]
    CHR Extension: (Google Search) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-06]
    CHR Extension: (Dark Theme v2) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlgdeklopcjagknhlchbdjekgpgenad [2016-02-06]
    CHR Extension: (Google Sheets) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-06]
    CHR Extension: (Google Docs Offline) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (ROBLOX+) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2016-05-20]
    CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-05-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
    CHR Extension: (Oddshot) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnoeeagkgpkplnhmnnlgodjnjgckhja [2016-05-09]
    CHR Extension: (Gmail) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-06]
    CHR Extension: (That's Pretty Good (iDubbbzTV)) - C:\Users\oPiruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnidecdngnainebcfbmebgpkmnmljdng [2016-02-24]
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
    U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
    R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
    S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-05-18] (Electronic Arts)
    R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-02-13] ()
    R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-02-13] ()
    R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [65176 2016-04-28] (Razer Inc.)
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-21] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
    S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [28344 2015-10-09] (Windows ® Win 7 DDK provider)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
    S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [4767488 2015-12-15] (Realtek Semiconductor Corporation                           )
    S3 rzbtendpt; C:\Windows\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc)
    S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
    R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-08] (Razer Inc)
    S3 rzhnet; C:\Windows\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
    S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
    S3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
    S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
    S3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
    S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
    S3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-05-21 14:35 - 2016-05-21 14:35 - 00000000 ____D C:\FRST
    2016-05-21 14:30 - 2016-05-21 14:30 - 00000000 ____D C:\Users\oPiruz\AppData\LocalLow\uTorrent
    2016-05-20 21:49 - 2016-05-20 21:49 - 00015000 ___SH (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\BlFilter.sys
    2016-05-19 07:49 - 2016-05-21 14:29 - 00000000 ____D C:\AdwCleaner
    2016-05-18 17:28 - 2016-05-18 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-05-15 22:10 - 2016-05-21 14:31 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Curse Client
    2016-05-15 22:10 - 2016-05-15 22:10 - 00001070 _____ C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
    2016-05-15 22:09 - 2016-05-15 22:09 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Curse
    2016-05-15 15:05 - 2016-05-15 15:05 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\.mono
    2016-05-15 15:05 - 2016-05-15 15:05 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Colossal Order
    2016-05-15 15:05 - 2016-05-15 15:05 - 00000000 ____D C:\ProgramData\.mono
    2016-05-14 15:52 - 2016-05-14 15:52 - 00000000 ____D C:\Users\oPiruz\AppData\Local\My Games
    2016-05-14 15:51 - 2016-05-14 15:51 - 00000000 ____D C:\ProgramData\Steam
    2016-05-13 22:44 - 2016-04-14 00:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2016-05-11 15:44 - 2016-05-11 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls III
    2016-05-11 14:56 - 2016-04-23 01:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-05-11 14:56 - 2016-04-23 01:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-05-11 14:56 - 2016-04-23 01:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-05-11 14:56 - 2016-04-23 00:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-05-11 14:56 - 2016-04-23 00:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-05-11 14:56 - 2016-04-23 00:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-05-11 14:56 - 2016-04-23 00:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-05-11 14:56 - 2016-04-23 00:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-05-11 14:56 - 2016-04-23 00:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-05-11 14:56 - 2016-04-23 00:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-05-11 14:56 - 2016-04-23 00:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-05-11 14:56 - 2016-04-23 00:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-05-11 14:56 - 2016-04-23 00:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-05-11 14:56 - 2016-04-23 00:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-05-11 14:56 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-05-11 14:56 - 2016-04-22 23:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-05-11 14:56 - 2016-04-22 23:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-05-11 14:56 - 2016-04-22 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-05-11 14:56 - 2016-04-22 23:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-05-11 14:56 - 2016-04-22 23:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-05-11 14:56 - 2016-04-22 23:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-05-11 14:56 - 2016-04-22 23:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-05-11 14:56 - 2016-04-22 23:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-05-11 14:56 - 2016-04-22 23:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-05-11 14:56 - 2016-04-22 23:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-05-11 14:56 - 2016-04-22 23:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-05-11 14:56 - 2016-04-22 23:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-05-11 14:56 - 2016-04-22 23:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-05-11 14:56 - 2016-04-22 23:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-05-11 14:56 - 2016-04-22 23:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-05-11 14:56 - 2016-04-22 23:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-05-11 14:56 - 2016-04-22 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-05-11 14:56 - 2016-04-22 23:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-05-11 14:56 - 2016-04-22 23:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-05-11 14:56 - 2016-04-22 23:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-05-11 14:56 - 2016-04-22 23:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-05-11 14:56 - 2016-04-22 23:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-05-11 14:56 - 2016-04-22 23:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-05-11 14:56 - 2016-04-22 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-05-11 14:56 - 2016-04-22 23:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-05-11 14:56 - 2016-04-22 23:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-05-11 14:56 - 2016-04-22 23:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-05-11 14:56 - 2016-04-22 23:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-05-11 14:56 - 2016-04-22 23:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-05-11 14:56 - 2016-04-22 23:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-05-11 14:56 - 2016-04-22 23:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-05-11 14:56 - 2016-04-22 23:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-05-11 14:56 - 2016-04-22 23:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-05-11 14:56 - 2016-04-22 23:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-05-11 14:56 - 2016-04-22 23:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-05-11 14:56 - 2016-04-22 23:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-05-11 14:56 - 2016-04-22 23:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-05-11 14:56 - 2016-04-22 23:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-05-11 14:56 - 2016-04-22 23:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-05-11 14:56 - 2016-04-22 23:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-05-11 14:56 - 2016-04-22 23:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-05-11 14:56 - 2016-04-22 23:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-05-11 14:56 - 2016-04-22 23:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-05-11 14:55 - 2016-05-05 23:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
    2016-05-11 14:55 - 2016-05-05 23:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-05-11 14:55 - 2016-05-05 23:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-05-11 14:55 - 2016-05-05 22:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-05-11 14:55 - 2016-05-05 22:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2016-05-11 14:55 - 2016-05-05 22:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-05-11 14:55 - 2016-05-05 22:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-05-11 14:55 - 2016-05-05 22:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2016-05-11 14:55 - 2016-04-30 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-05-11 14:55 - 2016-04-30 01:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-05-11 14:55 - 2016-04-23 01:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-05-11 14:55 - 2016-04-23 01:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-05-11 14:55 - 2016-04-23 01:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-05-11 14:55 - 2016-04-23 01:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-05-11 14:55 - 2016-04-23 01:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-05-11 14:55 - 2016-04-23 00:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-05-11 14:55 - 2016-04-23 00:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-05-11 14:55 - 2016-04-23 00:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-05-11 14:55 - 2016-04-23 00:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-05-11 14:55 - 2016-04-23 00:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2016-05-11 14:55 - 2016-04-23 00:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-05-11 14:55 - 2016-04-23 00:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2016-05-11 14:55 - 2016-04-23 00:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-05-11 14:55 - 2016-04-23 00:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-05-11 14:55 - 2016-04-23 00:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-05-11 14:55 - 2016-04-23 00:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2016-05-11 14:55 - 2016-04-23 00:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-05-11 14:55 - 2016-04-23 00:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-05-11 14:55 - 2016-04-23 00:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-05-11 14:55 - 2016-04-23 00:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-05-11 14:55 - 2016-04-23 00:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-05-11 14:55 - 2016-04-23 00:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-05-11 14:55 - 2016-04-23 00:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-05-11 14:55 - 2016-04-23 00:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-05-11 14:55 - 2016-04-23 00:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
    2016-05-11 14:55 - 2016-04-23 00:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-05-11 14:55 - 2016-04-23 00:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-05-11 14:55 - 2016-04-23 00:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-05-11 14:55 - 2016-04-23 00:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2016-05-11 14:55 - 2016-04-23 00:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2016-05-11 14:55 - 2016-04-23 00:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2016-05-11 14:55 - 2016-04-23 00:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-05-11 14:55 - 2016-04-23 00:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-05-11 14:55 - 2016-04-23 00:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2016-05-11 14:55 - 2016-04-23 00:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-05-11 14:55 - 2016-04-23 00:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-05-11 14:55 - 2016-04-23 00:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2016-05-11 14:55 - 2016-04-23 00:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2016-05-11 14:55 - 2016-04-23 00:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2016-05-11 14:55 - 2016-04-23 00:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-05-11 14:55 - 2016-04-23 00:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-05-11 14:55 - 2016-04-23 00:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
    2016-05-11 14:55 - 2016-04-23 00:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-05-11 14:55 - 2016-04-23 00:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-05-11 14:55 - 2016-04-23 00:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
    2016-05-11 14:55 - 2016-04-23 00:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-05-11 14:55 - 2016-04-23 00:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2016-05-11 14:55 - 2016-04-23 00:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
    2016-05-11 14:55 - 2016-04-22 23:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-05-11 14:55 - 2016-04-22 23:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-05-11 14:55 - 2016-04-22 23:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-05-11 14:55 - 2016-04-22 23:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-05-11 14:55 - 2016-04-22 23:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
    2016-05-11 14:55 - 2016-04-22 23:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-05-11 14:55 - 2016-04-22 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-05-11 14:55 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2016-05-11 14:55 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2016-05-11 14:55 - 2016-04-22 23:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
    2016-05-11 14:55 - 2016-04-22 23:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-05-11 14:55 - 2016-04-22 23:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-05-11 14:55 - 2016-04-22 23:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-05-11 14:55 - 2016-04-22 23:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-05-11 14:55 - 2016-04-22 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-05-11 14:55 - 2016-04-22 23:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-05-11 14:55 - 2016-04-22 23:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-05-11 14:55 - 2016-04-22 23:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-05-11 14:55 - 2016-04-22 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
    2016-05-11 14:55 - 2016-04-22 23:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-05-11 14:55 - 2016-04-22 23:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-05-11 14:55 - 2016-04-22 23:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
    2016-05-11 14:55 - 2016-04-22 23:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
    2016-05-11 14:55 - 2016-04-22 23:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-05-11 14:55 - 2016-04-22 23:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2016-05-11 14:55 - 2016-04-22 23:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-05-11 14:55 - 2016-04-22 23:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-05-11 14:55 - 2016-04-22 23:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-05-11 14:55 - 2016-04-22 23:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
    2016-05-11 14:55 - 2016-04-22 23:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2016-05-11 14:55 - 2016-04-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
    2016-05-11 14:55 - 2016-04-22 23:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-05-11 14:55 - 2016-04-22 23:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2016-05-11 14:55 - 2016-04-22 23:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-05-11 14:55 - 2016-04-22 23:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-05-11 14:55 - 2016-04-22 23:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-05-11 14:55 - 2016-04-22 23:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-05-11 14:55 - 2016-04-22 23:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-05-11 14:55 - 2016-04-22 23:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-05-11 14:55 - 2016-04-22 23:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-05-11 14:55 - 2016-04-22 23:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-05-11 14:55 - 2016-04-22 23:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2016-05-11 14:55 - 2016-04-22 23:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2016-05-11 14:55 - 2016-04-22 23:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-05-11 14:55 - 2016-04-22 23:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-05-11 14:55 - 2016-04-22 23:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-05-11 14:55 - 2016-04-22 23:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
    2016-05-11 14:55 - 2016-04-22 23:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2016-05-11 14:55 - 2016-04-22 23:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-05-11 14:55 - 2016-04-22 23:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-05-11 14:55 - 2016-04-22 23:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-05-11 14:55 - 2016-04-22 23:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-05-11 14:55 - 2016-04-22 23:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-05-11 14:55 - 2016-04-22 23:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-05-11 14:55 - 2016-04-22 23:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-05-11 14:55 - 2016-04-22 23:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2016-05-11 14:55 - 2016-04-22 23:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
    2016-05-11 14:55 - 2016-04-22 23:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
    2016-05-11 14:55 - 2016-04-22 23:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-05-11 14:55 - 2016-04-22 23:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-05-11 14:55 - 2016-04-22 23:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-05-11 14:55 - 2016-04-22 23:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-05-11 14:55 - 2016-04-22 23:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2016-05-11 14:55 - 2016-04-22 23:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-05-11 14:55 - 2016-04-22 23:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-05-11 14:55 - 2016-04-22 23:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2016-05-11 14:55 - 2016-04-22 23:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-05-11 14:55 - 2016-04-22 23:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-05-11 14:55 - 2016-04-22 23:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-05-11 14:55 - 2016-04-22 23:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2016-05-11 14:55 - 2016-04-22 23:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-05-11 14:55 - 2016-04-22 23:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-05-11 14:55 - 2016-04-22 23:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-05-11 14:55 - 2016-04-22 23:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2016-05-11 14:55 - 2016-04-22 23:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-05-11 14:55 - 2016-04-22 23:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2016-05-11 14:55 - 2016-04-22 23:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2016-05-11 14:55 - 2016-04-22 23:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-05-11 14:55 - 2016-04-22 23:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-05-11 14:55 - 2016-04-22 23:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-05-11 14:55 - 2016-04-22 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-05-11 14:55 - 2016-04-22 23:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-05-11 14:55 - 2016-04-22 23:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-05-11 14:55 - 2016-04-22 23:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-05-11 14:55 - 2016-04-22 23:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-05-11 14:55 - 2016-04-22 23:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2016-05-11 14:55 - 2016-04-22 23:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-05-11 14:55 - 2016-04-22 23:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-05-11 14:55 - 2016-04-22 23:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-05-11 14:55 - 2016-04-22 23:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-05-11 14:55 - 2016-04-22 23:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-05-11 14:55 - 2016-04-22 23:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-05-11 14:55 - 2016-04-22 23:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-05-11 14:55 - 2016-04-22 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-05-11 14:55 - 2016-04-22 23:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-05-11 14:55 - 2016-04-22 23:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2016-05-11 14:55 - 2016-04-22 23:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2016-05-11 14:55 - 2016-04-22 23:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-05-11 14:55 - 2016-04-22 23:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-05-11 14:55 - 2016-04-22 23:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-05-11 14:55 - 2016-04-22 23:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-05-11 14:55 - 2016-04-22 23:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-05-11 14:55 - 2016-04-22 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-05-11 14:55 - 2016-04-22 23:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-05-11 14:55 - 2016-04-22 22:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-05-11 14:55 - 2016-04-22 21:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-05-11 14:55 - 2016-04-22 21:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
    2016-05-11 14:55 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
    2016-05-11 02:12 - 2016-05-11 02:13 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\DarkSoulsIII
    2016-05-06 13:57 - 2016-05-06 13:57 - 00000000 ____D C:\Program Files\Java
    2016-05-04 23:52 - 2016-05-04 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
    2016-05-04 23:09 - 2016-05-10 09:24 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Battle.net
    2016-05-04 23:09 - 2016-05-05 13:11 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Battle.net
    2016-05-04 23:09 - 2016-05-04 23:09 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Blizzard Entertainment
    2016-05-04 23:09 - 2016-05-04 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2016-05-04 23:09 - 2016-05-04 23:09 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
    2016-05-04 23:07 - 2016-05-05 13:11 - 00000000 ____D C:\ProgramData\Battle.net
    2016-04-29 23:48 - 2016-05-20 20:00 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\obs-studio
    2016-04-29 23:48 - 2016-04-29 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
    2016-04-28 17:36 - 2016-04-28 17:36 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Black_Tree_Gaming
    2016-04-28 17:36 - 2016-04-28 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
    2016-04-25 16:29 - 2016-04-25 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
    2016-04-25 16:29 - 2016-04-25 16:29 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
    2016-04-25 05:27 - 2016-04-25 05:27 - 01400792 _____ (Razer Inc) C:\WINDOWS\SysWOW64\rzdevicedll.dll
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-05-21 14:31 - 2016-02-06 02:25 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Skype
    2016-05-21 14:30 - 2016-02-06 02:22 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\uTorrent
    2016-05-21 14:30 - 2016-02-06 02:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-05-21 14:30 - 2016-02-06 01:59 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-21 14:30 - 2016-02-06 01:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-05-21 14:30 - 2016-02-06 01:45 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-05-21 14:30 - 2016-02-06 01:37 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-05-21 14:23 - 2016-02-06 01:58 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7C9090F-3C4C-4A08-8466-ED3786203956}
    2016-05-21 14:21 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-05-21 11:16 - 2016-02-06 01:59 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-21 02:24 - 2016-02-06 01:41 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-05-21 02:00 - 2016-02-06 02:17 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Adobe
    2016-05-21 01:11 - 2016-02-13 21:08 - 00000000 ____D C:\ProgramData\Origin
    2016-05-20 21:49 - 2016-02-06 02:19 - 00000000 ____D C:\ProgramData\Package Cache
    2016-05-20 14:47 - 2016-02-13 21:35 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
    2016-05-20 14:47 - 2016-02-13 21:35 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
    2016-05-20 13:03 - 2016-02-06 01:53 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-05-20 13:03 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\INF
    2016-05-19 23:11 - 2016-02-07 17:47 - 00000080 _____ C:\Users\oPiruz\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    2016-05-19 17:01 - 2016-02-08 07:34 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\TS3Client
    2016-05-19 08:04 - 2016-02-24 02:03 - 00000000 ____D C:\ProgramData\boost_interprocess
    2016-05-18 14:13 - 2016-02-06 01:49 - 00000000 ____D C:\Users\oPiruz
    2016-05-15 23:26 - 2016-02-07 06:43 - 00000000 ____D C:\Users\oPiruz\AppData\Local\CrashDumps
    2016-05-15 15:02 - 2016-02-06 02:09 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-05-15 13:08 - 2016-02-06 19:59 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\OBS
    2016-05-14 03:02 - 2016-02-06 01:38 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-05-13 23:43 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\discord
    2016-05-13 17:04 - 2016-02-16 21:40 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2016-05-13 03:05 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\rescache
    2016-05-12 21:19 - 2016-02-06 01:59 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-05-12 15:01 - 2016-02-06 01:49 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-05-12 15:01 - 2016-02-06 01:45 - 04923704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-05-12 15:00 - 2016-02-06 01:41 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-05-12 15:00 - 2016-02-06 01:41 - 00000000 ____D C:\Program Files\Windows Journal
    2016-05-11 15:30 - 2016-02-06 04:10 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-05-11 15:26 - 2016-02-06 04:10 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-05-11 14:57 - 2016-02-06 01:42 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-05-11 14:57 - 2016-02-06 01:42 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-10 16:11 - 2016-02-06 01:59 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-05-10 16:11 - 2016-02-06 01:59 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-05-10 15:34 - 2016-03-07 12:54 - 00000000 ____D C:\WINDOWS\Minidump
    2016-05-10 14:41 - 2016-03-18 13:08 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Arma 3
    2016-05-06 13:59 - 2016-03-27 00:32 - 00000000 ____D C:\ProgramData\Oracle
    2016-05-06 13:57 - 2016-03-27 00:32 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2016-05-06 13:57 - 2016-03-27 00:32 - 00000000 ____D C:\Users\oPiruz\.oracle_jre_usage
    2016-05-06 13:57 - 2016-03-27 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-05-06 11:30 - 2016-02-06 02:25 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-05-06 11:30 - 2016-02-06 02:25 - 00000000 ____D C:\ProgramData\Skype
    2016-05-06 11:30 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-05-06 11:30 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Local\SquirrelTemp
    2016-05-06 11:30 - 2016-02-06 01:52 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Discord
    2016-05-04 21:53 - 2016-02-21 22:39 - 00000000 ____D C:\Users\oPiruz\AppData\Local\DayZ
    2016-05-04 15:56 - 2016-02-06 01:45 - 00000000 ____D C:\ProgramData\Razer
    2016-05-04 15:52 - 2016-02-06 01:52 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK
    2016-05-02 16:10 - 2016-02-06 01:49 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Packages
    2016-05-02 00:39 - 2016-02-06 02:51 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2016-05-02 00:39 - 2016-02-06 02:51 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
    2016-05-02 00:38 - 2016-02-06 02:51 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2016-05-02 00:38 - 2016-02-06 02:51 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2016-05-02 00:38 - 2016-02-06 02:51 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2016-04-28 17:36 - 2016-03-03 02:40 - 00000000 ____D C:\Users\oPiruz\AppData\Local\Fallout4
    2016-04-25 20:25 - 2016-02-06 01:51 - 00002366 _____ C:\Users\oPiruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-04-25 20:25 - 2016-02-06 01:51 - 00000000 ___RD C:\Users\oPiruz\OneDrive
    2016-04-25 16:29 - 2016-02-07 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-04-22 02:57 - 2016-02-06 04:11 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
     
    ==================== Files in the root of some directories =======
     
    2016-02-06 01:45 - 2016-02-06 01:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
     
    Some files in TEMP:
    ====================
    C:\Users\oPiruz\AppData\Local\Temp\5188800AB768.dll
    C:\Users\oPiruz\AppData\Local\Temp\AdobeApplicationManager.exe
    C:\Users\oPiruz\AppData\Local\Temp\Bass.dll
    C:\Users\oPiruz\AppData\Local\Temp\Bass.Net.dll
    C:\Users\oPiruz\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
    C:\Users\oPiruz\AppData\Local\Temp\HiRezLauncherControls.dll
    C:\Users\oPiruz\AppData\Local\Temp\InstallIMVU_525.0.exe
    C:\Users\oPiruz\AppData\Local\Temp\jre-8u91-windows-au.exe
    C:\Users\oPiruz\AppData\Local\Temp\libeay32.dll
    C:\Users\oPiruz\AppData\Local\Temp\msvcr120.dll
    C:\Users\oPiruz\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\oPiruz\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\oPiruz\AppData\Local\Temp\nvStInst.exe
    C:\Users\oPiruz\AppData\Local\Temp\PerfectService.exe
    C:\Users\oPiruz\AppData\Local\Temp\setup.dll
    C:\Users\oPiruz\AppData\Local\Temp\sonarinst.exe
    C:\Users\oPiruz\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-05-12 09:15
     
    ==================== End of FRST.txt ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
    Ran by oPiruz (2016-05-21 14:35:58)
    Running from D:\Desktop
    Windows 10 Home Version 1511 (X64) (2016-02-06 06:48:37)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-761187832-1820794338-2722413759-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-761187832-1820794338-2722413759-503 - Limited - Disabled)
    Guest (S-1-5-21-761187832-1820794338-2722413759-501 - Limited - Disabled)
    oPiruz (S-1-5-21-761187832-1820794338-2722413759-1001 - Administrator - Enabled) => C:\Users\oPiruz
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
    American Truck Simulator (HKLM-x32\...\Steam App 270880) (Version:  - SCS Software)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
    BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
    Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version:  - Infinity Ward)
    Car Mechanic Simulator 2015 Gold Edition (HKLM-x32\...\Car Mechanic Simulator 2015 Gold Edition_is1) (Version:  - )
    Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
    Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
    Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version:  - )
    DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
    Discord (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\Discord) (Version: 0.0.290 - Hammer & Chisel, Inc.)
    Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
    ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
    Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
    Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
    H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
    H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    IMVU Avatar Chat Software (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
    Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{1B408C7B-4541-479A-BA4D-29BE885E6D27}) (Version: 14.0.103 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
    Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.20 - Black Tree Gaming)
    NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.1 - OBS Project)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
    Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
    Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
    paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
    Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.6.2 - Razer Inc.)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29092 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Rise of the Tomb Raider (HKLM-x32\...\Steam App 391220) (Version:  - Crystal Dynamics)
    ROBLOX Player for oPiruz (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    ROBLOX Studio for oPiruz (HKU\S-1-5-21-761187832-1820794338-2722413759-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
    Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
    SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
    The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
    The Enigma Protector v4.40 Build 20150619 (HKLM-x32\...\The Enigma Protector_is1) (Version:  - The Enigma Protector Developers Team)
    The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
    Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
    TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
    TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
    TruckersMP 0.2.0.8 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.8 Alpha - ETS2MP Team)
    Uplay (HKLM-x32\...\Uplay) (Version: 13.0 - Ubisoft)
    Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0-2) (Version: 1.0.3.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.3.0 (Version: 1.0.3.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
    WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-761187832-1820794338-2722413759-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\oPiruz\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-761187832-1820794338-2722413759-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\oPiruz\AppData\Local\Roblox\Versions\version-ea1275ebfe8b4651\RobloxProxy64.dll (ROBLOX Corporation)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {383880FB-F443-4052-A844-75B11B33034E} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
    Task: {386A4466-93B2-4FB9-B266-12A05AB59DDD} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-O1J00JT-oPiruz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
    Task: {466C7FAD-47BE-4137-80D9-9A72D25719C2} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
    Task: {7A561BB9-A373-4C87-A4CA-BE1B716E7056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
    Task: {C7A40AF3-A6CD-4477-ABBD-881DC0117413} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {C80A89B7-4A5D-475E-BA91-1413DA451D92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-06] (Google Inc.)
    Task: {FCA2DB2C-8816-4114-8CA5-233F1222C0E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-17 21:38 - 2015-12-17 21:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-12-17 21:38 - 2015-12-17 21:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-02-13 22:31 - 2016-02-13 22:31 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
    2016-03-01 12:43 - 2016-05-02 00:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-02-06 02:51 - 2016-05-02 00:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-03-01 12:43 - 2016-05-02 00:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2016-03-29 19:32 - 2016-05-02 00:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2016-04-12 14:09 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-12 14:09 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-04-25 20:25 - 2016-04-25 20:25 - 00959176 _____ () C:\Users\oPiruz\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
    2016-03-29 19:32 - 2016-05-02 00:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-03-29 19:32 - 2016-05-02 00:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-03-29 19:32 - 2016-05-02 00:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-02-06 02:51 - 2016-05-02 00:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2016-04-19 09:47 - 2016-04-19 09:47 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-29 18:16 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-05-11 14:55 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-05-11 14:56 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-05-11 14:56 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-05-11 14:56 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-05-11 14:56 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-03-29 19:32 - 2016-05-02 00:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-03-29 19:32 - 2016-05-02 00:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2015-10-30 02:17 - 2015-10-30 02:17 - 01021792 _____ () C:\Windows\System32\speech\engines\tts\MSTTSEngine.dll
    2015-10-30 02:17 - 2015-10-30 02:17 - 00528384 _____ () C:\Windows\System32\speech\engines\tts\MSTTSLoc.DLL
    2016-05-12 21:18 - 2016-05-10 22:49 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
    2016-05-12 21:18 - 2016-05-10 22:49 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
    2016-04-19 09:47 - 2016-04-19 09:47 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-19 09:47 - 2016-04-19 09:47 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-02-06 02:51 - 2016-05-02 01:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2016-02-06 01:41 - 2016-02-06 01:40 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-761187832-1820794338-2722413759-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\best wallpaper NA.png
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{329C6BBE-B372-4CD5-9EC8-9BC2C2D6FC4E}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{6259D9D1-8944-476F-B527-D7572AA9BE53}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{37B5D1E1-153C-4C44-BF16-55749BD8BF95}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6B1BA00B-CBA0-4C67-90D9-8D99D9A925EF}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{5BB40CB1-2816-4385-80E6-FB85222654F4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
    FirewallRules: [{EB27140E-C6FA-43C1-8728-155CD07148AB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
    FirewallRules: [{0F42FDEA-C1E4-4D8E-B5CD-7926668DD7AF}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{88CA12B2-8120-460D-BB6C-29D2168BBBCE}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C73BACD7-6DFC-48D0-BDC5-CBAFFD095AFF}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{5EED05D5-BC9B-4416-84B5-AE98BBA9B4D9}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{25FDB943-7715-42A8-B8F9-1C14E3CE9934}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{7C6F92A6-D4F3-4C83-852C-05ABC22CD4FB}] => (Allow) C:\Users\oPiruz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{672C4668-A676-4683-92A6-90C10784B1A2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{D327B293-DA0D-4E38-8470-264A95D5A603}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{3EF196C1-07A8-471E-B9BD-0BD6A939C9B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{37D1E7EA-C77C-4A73-A74D-F9966D678C81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{B53B49C0-F737-4516-9FF9-1E689677B20A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{E5861763-5AAD-4F28-95B6-5E0B1A84E226}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{FE6D9B01-67C7-4ACE-9203-6C823D3DB2BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{5B51CA9B-F8E0-45DF-8275-A35C5E76A5ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{B3A77436-31C3-4133-A771-DA51CE8B8517}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{9C236E18-29A6-47C9-A43D-587E9C593001}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{0019FA33-A62A-4D63-A201-B308FD57BCF1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
    FirewallRules: [{E693B41A-2494-46D4-AB5A-6CA64E706D73}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
    FirewallRules: [{7B84F76D-E92B-413C-9DF4-170F1C99EF4E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
    FirewallRules: [{A0E0D642-272E-4A77-A069-E22F88280BCD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
    FirewallRules: [{67DBE484-3F53-4985-9781-5B5AF6EDD9A4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{8F8810B0-D622-4672-8BC8-C42B94AF2493}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{71E95C7C-C72C-4A6A-B492-E63BCBED9B8A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{1ECF4598-899B-4117-8174-702F8B47F7CF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{16D4A3A1-EBB0-4C48-A04B-8B3E5085948F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
    FirewallRules: [{856A17EF-05A3-40B7-9529-26C8632ED447}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
    FirewallRules: [{B0DFF9EA-5AE7-409A-AF4B-23DBB6A81809}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{9FFCD56E-8DBF-4B88-B4DF-E59334F73CF3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{38BDAE98-29B7-430B-A4FA-B667DCCAD0BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{8EE406BC-A8D5-4708-9A55-E8F61C427C10}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [TCP Query User{F168C85A-4665-4B5D-B578-D3C0CF97749F}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [UDP Query User{CCC55AEA-19F9-4AE8-AB68-5720706C0F81}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
    FirewallRules: [TCP Query User{1DFFEDC1-D30E-475B-9CAC-8CE4726B7B45}D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
    FirewallRules: [UDP Query User{625DAD58-EB61-4457-87DC-3223B17ABC1C}D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
    FirewallRules: [{93E2A689-8849-44B2-ACE0-40ACDCD737B1}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
    FirewallRules: [{FE19EE1C-4B51-48DE-B59E-67AC9886E9D5}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
    FirewallRules: [{83945BE1-1BF5-4300-8230-94738DDEDCE2}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
    FirewallRules: [{B0F76BBA-4F58-4141-BE1F-72F23D8F7F4D}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
    FirewallRules: [{272C1EE2-C63B-4464-964D-53EA41A645D2}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
    FirewallRules: [{DFA6EF84-84D7-4AA9-BED8-A3121F850C3E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
    FirewallRules: [{1AF72E99-0396-45C8-A6C1-6E21AD74724C}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{E55B983C-2C25-4439-9A51-BBA787761B0B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{4B1EDFC0-BD37-48C0-9270-14BEB626B643}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{6FA9531C-CEFD-481C-A992-CD166988D322}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [TCP Query User{0C81849F-1F8D-43CF-B33E-316BFA9F794B}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [UDP Query User{036FA577-B434-4C3E-BCAE-4FF94B017E15}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [TCP Query User{B8DB0440-546A-41D0-950D-DB4D050174DC}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{4079186F-B0B8-40C8-A911-29AD3E21D9A5}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [{A24FBC66-8D67-4484-8DB0-386AA0CF456D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
    FirewallRules: [{E35DC302-9A07-4642-9D10-32D0E57A4611}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
    FirewallRules: [{2C282132-B3AB-46F0-BAA6-7141C85E0993}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
    FirewallRules: [{500D9323-AA6A-4169-ACE6-B873FA88580A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
    FirewallRules: [{565CC3AD-8D3D-4007-8EA7-5646840FFFD7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
    FirewallRules: [{E3BB896D-1B34-4CD4-8149-C68914691A7C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
    FirewallRules: [{04FF806A-B980-4168-9847-30D8390DC873}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
    FirewallRules: [{E3387771-1FE2-4408-8A01-409325C4B57A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
    FirewallRules: [{C21E30D4-3BC8-4482-81F4-5A9009538856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{198551EC-2E3B-46C9-9BF3-B3AA60509606}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{AE4DFA9F-A261-430B-8724-93447E9338A0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
    FirewallRules: [TCP Query User{FCE61D5C-4B27-45B5-A813-7209A755D5F2}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
    FirewallRules: [UDP Query User{CB7B0F71-1F76-4183-9E65-6DF6A47C7F8A}D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
    FirewallRules: [TCP Query User{2991041A-67AE-40D2-A51A-C2E135CF7818}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
    FirewallRules: [UDP Query User{38A83FB9-A78E-48C1-BF6F-01A6223E8356}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
    FirewallRules: [{AD943466-1E9C-4158-9B4D-3350D62877D0}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
    FirewallRules: [{AD500393-AAD2-4EB6-9D45-B72107ACBD0C}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed™ Most Wanted\NFS13.exe
    FirewallRules: [{0346311F-A3A1-460B-BE03-2BFFFBE1BC61}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Crew (Worldwide)\TheCrew.exe
    FirewallRules: [{9215B303-A2CA-4877-B6C9-45A5C7A97124}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Crew (Worldwide)\TheCrew.exe
    FirewallRules: [{8672652A-E93F-4BA2-8298-7D813C0637D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{9F537AAF-55AC-4E95-B5BB-7B483353785C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0FD4C066-DFEA-4B0C-9A5B-037E917BB57B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E1CA759C-2D12-48CF-ABDE-07EE3BB119F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8029BCCC-1E3E-497F-8808-3F0F1454DF92}] => (Allow) D:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{BBEDB89C-F863-46E9-830D-3786D9EA9A39}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{B0F4D177-5168-45BB-9C80-BC68C104D054}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
    FirewallRules: [TCP Query User{95392585-FDA3-47AC-9036-4F9FF3D0A575}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [UDP Query User{710C1F17-BFC2-47FB-8891-49D3F51EF048}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [TCP Query User{4A2F66EA-9B5C-4C87-A4E2-4144E4A176FD}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{8B3387C2-CF21-42B5-9BD8-773D77DDE481}D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{8ED7BA44-06C2-4B31-B3B2-396A7296A5EE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{C36C0A3B-097E-4055-9E40-C18855A956AE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{D037A408-90C2-48B8-956E-45C834502BA2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{C4460F77-AE42-4BA2-9E3D-8685B355947E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{A2DD93ED-ECAA-4221-AA16-1CF59A1015F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
    FirewallRules: [{62203BEE-1527-4B61-9701-E8B30BF0C206}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
    FirewallRules: [TCP Query User{3577FB33-AEEB-4B38-81AE-0304FFEB5C0A}D:\program files\java\bin\javaw.exe] => (Allow) D:\program files\java\bin\javaw.exe
    FirewallRules: [UDP Query User{D4884365-14C7-4DDB-853C-27601F044B52}D:\program files\java\bin\javaw.exe] => (Allow) D:\program files\java\bin\javaw.exe
    FirewallRules: [{3622894A-FD94-4252-B8E8-6C44A227321B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
    FirewallRules: [{4019EECF-C30A-42E1-BD08-D00EAFF5D8AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
    FirewallRules: [{7722E7A5-F1ED-4B96-90A8-A714653D7D50}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [{C692AFF4-943C-44E1-9FD6-AC874CC4CFC6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
    FirewallRules: [TCP Query User{FB0EB6A8-199C-48D3-BAF7-8541C4F60D66}D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
    FirewallRules: [UDP Query User{61D5734B-E78E-4B1F-9C30-D57BB3FE4E42}D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
    FirewallRules: [{78AD15DD-C01C-4C03-8D68-712ECF8C2241}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
    FirewallRules: [{1404C6DF-2ACF-4D7A-B7BF-DDEBB70661AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
    FirewallRules: [{32ADED99-57FC-4AA4-B2B9-755417F5AC58}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{99340F1F-7564-4584-B11E-17E89E36CF3B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [TCP Query User{A6465F6E-5BE4-41EC-A0E9-C66483CC032C}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
    FirewallRules: [UDP Query User{CDBBCD13-B5EE-4485-916A-7DD963C503D9}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
    FirewallRules: [{8B5ABA51-0759-49B3-8107-EC3F6EF82074}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
    FirewallRules: [{201DB205-5F6A-4CF9-BBC3-AA9B243D997A}] => (Allow) D:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
    FirewallRules: [{68D0F5A0-33E3-4D38-BD3D-2C8A0B76AF67}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{4DCBD8B5-7CD3-458D-B19C-9D48150B7B06}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [TCP Query User{EF4D8CA1-4869-4DF6-9F03-EA67D1FB8508}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [UDP Query User{241C9023-40D0-47DC-A635-62A5CF1AEA89}D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
    FirewallRules: [{807CA8D6-2976-4D01-89BE-5A7AF632148D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{37724DC3-4D9D-4EFF-A1C4-738494BC3AA9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{BB638D5C-2CCF-43ED-A963-27C291B30F13}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{603033EC-9F2A-49DD-969B-3C123672BEC0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
    FirewallRules: [{A3660204-121C-4ACD-BFAA-2EDBF3698555}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
    FirewallRules: [TCP Query User{46CF0A0E-4AB6-482A-8403-F53093B65736}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [UDP Query User{99B5C274-9593-488A-903D-295F7DE0C8D5}D:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) D:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [{0ED17C45-A187-4905-8769-2F5DA2596BA7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
    FirewallRules: [{37F8086C-CE64-4BE2-BA14-F22B4CB25CF4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
    FirewallRules: [TCP Query User{05EA16FF-6858-4887-B387-480F2AD938D1}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
    FirewallRules: [UDP Query User{52B1DC08-4602-411C-9343-B20F500BE563}D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
     
    ==================== Restore Points =========================
     
    20-05-2016 10:43:16 Scheduled Checkpoint
    21-05-2016 14:32:01 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/21/2016 02:32:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
     
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
     
    System Error:
    Access is denied.
    .
     
    Error: (05/21/2016 02:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c
    Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
    Exception code: 0xc0000374
    Fault offset: 0x00000000000ee6fc
    Faulting process id: 0xf40
    Faulting application start time: 0xNvStreamNetworkService.exe0
    Faulting application path: NvStreamNetworkService.exe1
    Faulting module path: NvStreamNetworkService.exe2
    Report Id: NvStreamNetworkService.exe3
    Faulting package full name: NvStreamNetworkService.exe4
    Faulting package-relative application ID: NvStreamNetworkService.exe5
     
    Error: (05/21/2016 02:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
    Exception code: 0xc0000602
    Fault offset: 0x000000000022885f
    Faulting process id: 0x978
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3
    Faulting package full name: svchost.exe4
    Faulting package-relative application ID: svchost.exe5
     
    Error: (05/21/2016 02:29:55 PM) (Source: ESENT) (EventID: 908) (User: )
    Description: svchost (2424) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
     
    Error: (05/20/2016 12:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
    Exception code: 0xc0000602
    Fault offset: 0x000000000022885f
    Faulting process id: 0x974
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3
    Faulting package full name: svchost.exe4
    Faulting package-relative application ID: svchost.exe5
     
    Error: (05/20/2016 12:57:28 PM) (Source: ESENT) (EventID: 908) (User: )
    Description: svchost (2420) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
     
    Error: (05/20/2016 10:43:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
     
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
     
    System Error:
    Access is denied.
    .
     
    Error: (05/19/2016 06:07:58 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8
     
    Error: (05/19/2016 07:56:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
     
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
     
    System Error:
    Access is denied.
    .
     
    Error: (05/19/2016 07:52:10 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
    Exception code: 0xc0000602
    Fault offset: 0x000000000022885f
    Faulting process id: 0x940
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3
    Faulting package full name: svchost.exe4
    Faulting package-relative application ID: svchost.exe5
     
     
    System errors:
    =============
    Error: (05/21/2016 02:32:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (05/21/2016 02:30:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (05/21/2016 02:29:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_14313c55 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
    Error: (05/21/2016 02:29:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
     
    Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (05/21/2016 02:29:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
     
     
    CodeIntegrity:
    ===================================
      Date: 2016-05-21 14:36:00.107
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 14:36:00.097
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 14:29:49.508
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 14:29:49.499
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 14:28:11.774
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 14:28:11.764
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 14:27:02.021
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 14:27:02.011
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-21 02:14:02.799
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-05-20 23:20:18.404
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
    Percentage of memory in use: 21%
    Total physical RAM: 16335.24 MB
    Available physical RAM: 12883.37 MB
    Total Virtual: 18767.24 MB
    Available Virtual: 15076.38 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:118.29 GB) (Free:38.85 GB) NTFS
    Drive d: (Hard Drive) (Fixed) (Total:1863.01 GB) (Free:1094.53 GB) NTFS
    Drive e: (18WoSConvoy) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
    Drive g: (ESD-USB) (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 119.2 GB) (Disk ID: 5AD06E33)
     
    Partition: GPT.
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C045CE2E)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15.2 GB) (Disk ID: 00000000)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Are you still seeing the hijack.folderoptions?


    • 0

    #5
    oPiruz

    oPiruz

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    They are still there, here is the log

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 5/22/2016
    Scan Time: 12:16 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.2.1.1043
    Malware Database: v2016.05.22.04
    Rootkit Database: v2016.05.20.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: oPiruz
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 311220
    Time Elapsed: 5 min, 45 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 3
    Hijack.FolderOptions, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [b23ac90f3a5f5adcb55b4ccd9f64e719]
    Hijack.FolderOptions, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [4ca05682b1e81d19ba565dbc679c43bd]
    Hijack.FolderOptions, HKU\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [c9237f5976233ff7fd607d93e91aa55b]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    OK Let's look at the three registry entries:

    Copy the next 4 lines:

    reg query "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER" /s >  \junk.txt
    reg query " HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER" /s >> \junk.txt
    reg query "HKU\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER" /s >> \junk.txt
    notepad \junk.txt

    Open an elevate command prompt using one of the methods in this post:  

    http://www.eightforu...indows-8-a.html

     

    Right click and Paste (or Edit then Paste) and the copied lines should appear.  Hit Enter if notepad does not popup.  Copy the text from notepad and paste it in a reply.


    • 0

    #7
    oPiruz

    oPiruz

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts
     
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x1
     
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\Run
     
     
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x1
     
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\Run
     
     
    HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        NoFolderOptions    REG_DWORD    0x1
     
    HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\Run

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    I think MBAM is objecting to the entries with /Run rather than the NoFolderOptions but let's see what happens when we change then back to the default and remove the /Run entries.

     

    Download and save the attached pol.zip.  

     

    Attached File  pol.zip   479bytes   68 downloads

     

    Right click on it and Extract All.  Right click on pol.reg and MERGE.  OK

     

     

    After you do this repeat the instructions in my Copy the next 4 lines: post.  You should see the 

     

    NoFolderOptions    REG_DWORD    0x0

     

    under each entry and the lines with /Run at the ends should be gone.

     

    Reboot.

     

    Repeat the instructions in my Copy the next 4 lines: post.   Did it revert back to 

     

    NoFolderOptions    REG_DWORD    0x1  ?

     

    Did the /Run entries return?

     

    If they did please post the results before running MBAM.

     

     

     

     


    • 0

    #9
    oPiruz

    oPiruz

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    This is upon first set of copy 4 lines again.

     

     
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x0
     
     
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x0
     
     
    HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        NoFolderOptions    REG_DWORD    0x0
     
     
    am now restarting PC to redo, will post back results.

    • 0

    #10
    oPiruz

    oPiruz

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    Here is the entries upon restart

     

     
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x0
     
     
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x0
     
     
    HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        NoFolderOptions    REG_DWORD    0x0
     
     
    is my problem now fixed?

    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Looks like.  Run MBAM and see if it complains now.


    • 0

    #12
    oPiruz

    oPiruz

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    Still detected the same 3 :\


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Can you run the reg queries again to see if anything has changed?  We may be looking at a false positive.  Normally the NoFolderOptions is not in the registry (the default is 0) so if nothing has changed then try this pol.zip (same procedure as before).

    Attached File  pol.zip   473bytes   68 downloads

     This will just remove the NoFolderOptions entries.  Perhaps that will make MBAM happy.

     

     

     

     

     


    • 0

    #14
    oPiruz

    oPiruz

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts
     
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x1
     
     
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        ForceActiveDesktopOn    REG_DWORD    0x0
        NoActiveDesktop    REG_DWORD    0x1
        NoActiveDesktopChanges    REG_DWORD    0x1
        NoRecentDocsHistory    REG_DWORD    0x0
        NoFolderOptions    REG_DWORD    0x1
     
     
    HKEY_USERS\S-1-5-21-761187832-1820794338-2722413759-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
        NoFolderOptions    REG_DWORD    0x1
     
     
    from a glance it looks exactly the same as before.

    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Yes something is changing the 0 back to 1.

     

    Download aswMBR.exe  to your desktop.
    Double click the aswMBR.exe to run it
    uncheck trace disk IO calls Change QuickScan to C:\
    Click the "Scan" button to start scan
    Allow it to download the Avasrt engine if it asks.
    On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP