Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Regsvr32 Module failed to load

Started by agamer7809 , Aug 12 2016 09:37 AM

  • Please log in to reply

#1
agamer7809
Posted 12 August 2016 - 09:37 AM

agamer7809

    Member

  • Member
  • PipPip
  • 37 posts

Hello! For the past few weeks I have been getting an error message as soon as I start up my computer and it's getting annoying as of lately.  The message says "Reg32      The module
"C:Users\Alex\AppData\Local\YddrPack\scbiCprt54..." failed to load.   Make sure this binary is stored at the specific path or debug it to check for problems with the binary or dependent . DLL file.  

 

The specific module could not be found."
 

I was hoping someone here could help me fix this and possible one other issue at hand.  I apologize if my formatting is horrible, first time on this site and will try to improve the more I post :)
 

 

 

Here is a screenshot of what the error message looks like :  http://prntscr.com/c4vx93


  • 0

Advertisements

#2
zep516
Posted 12 August 2016 - 05:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
agamer7809
Posted 12 August 2016 - 09:36 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

This is everything that is in the FRST.txt file :
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by Alex (administrator) on ALEXSPC (12-08-2016 23:31:42)
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(VertoAnalytics Oy) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Verto Analytics Inc) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) D:\Program Files\Steam.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Corsair Components, Inc.) D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Valve Corporation) D:\Program Files\bin\steamwebhelper.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Alex\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.24\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.211\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) D:\Program Files\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-09] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-04] (Raptr, Inc)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Steam] => D:\Program Files\steam.exe [2852128 2016-08-02] (Valve Corporation)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [970264 2016-07-04] (BlueStack Systems, Inc.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\app-0.0.295\Discord.exe [62385336 2016-08-01] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\sbciCprt54.dll
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19e1bb1a-4161-4c8e-b937-d7b1a33558e4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 173.244.211.97,8.8.8.8
ManualProxies: 
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-482574108-2876646391-2450146034-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-482574108-2876646391-2450146034-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Extension: All Aboard - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\@all-aboard-v1 [2016-07-26]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-28]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-23]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-23]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28]
CHR Extension: (KingsRoad) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2016-06-23]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-06-23]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-23]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-23]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-30] () [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-03-21] (Advanced Micro Devices) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-07-11] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [441880 2016-07-04] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-07-04] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-07-04] (BlueStack Systems, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-09] (Plays.tv, LLC)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-19] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2016-04-05] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-04] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-04] (Bluestack System Inc. )
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 C450CB54; \??\C:\ProgramData\00097215_tvn [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-12 23:31 - 2016-08-12 23:31 - 02393600 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2016-08-12 23:31 - 2016-08-12 23:31 - 00016230 _____ C:\Users\Alex\Downloads\FRST.txt
2016-08-12 23:31 - 2016-08-12 23:31 - 00000000 ____D C:\FRST
2016-08-12 13:12 - 2016-08-12 13:12 - 00000000 ____D C:\Users\Alex\AppData\Roaming\HelloGames
2016-08-11 21:52 - 2016-08-11 21:52 - 00342617 _____ C:\Users\Alex\Downloads\SceneSwitcher.zip
2016-08-11 01:06 - 2016-08-11 01:06 - 00000000 ____D C:\Users\Alex\AppData\Local\ShooterGame
2016-08-10 15:45 - 2016-08-10 15:45 - 00798884 _____ C:\Users\Alex\Downloads\download (2).htm
2016-08-10 15:41 - 2016-08-10 15:41 - 00005018 _____ C:\Users\Alex\Downloads\OnlineBankingServlet.htm
2016-08-10 12:55 - 2016-08-10 12:55 - 00213611 _____ C:\Users\Alex\Downloads\order-details.htm
2016-08-10 12:45 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 12:45 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 12:45 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 12:45 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 12:45 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 12:45 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 12:45 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 12:45 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 12:45 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 12:45 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 12:45 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 12:45 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 12:45 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 12:45 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 12:45 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 12:45 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 12:45 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 12:45 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 12:45 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 12:45 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 12:45 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 12:45 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 12:45 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 12:45 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 12:45 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 12:45 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 12:45 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 12:45 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 12:45 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 12:45 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 12:45 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 12:45 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 12:45 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 12:45 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 12:45 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 12:45 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 12:45 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 12:45 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 12:45 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 12:45 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 12:45 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 12:45 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 12:45 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 12:45 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 12:45 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 12:45 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 12:45 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 12:45 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 12:45 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 12:45 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 12:45 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 12:45 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 12:45 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 12:45 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 12:45 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 12:45 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 12:45 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 12:45 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 12:45 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 12:45 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 12:45 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 12:45 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 12:45 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 12:45 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 12:45 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 12:45 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 12:45 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 12:45 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 12:45 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 12:45 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 12:45 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 12:45 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 12:45 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 12:45 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 12:45 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 12:45 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 12:45 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 12:44 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 12:44 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 12:44 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 12:44 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 12:44 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 12:44 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 12:44 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 12:44 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 12:44 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 12:44 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 12:44 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 12:44 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 12:44 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 12:44 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 12:44 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 12:44 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 12:44 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 12:44 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 12:44 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 12:44 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 12:44 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 12:44 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 12:44 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 12:44 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 12:44 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 12:44 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 12:44 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 12:44 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 12:44 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 12:44 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 12:44 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 12:44 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 12:44 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 12:44 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 12:44 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 12:44 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 12:44 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 12:44 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 12:44 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 12:44 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 12:44 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 12:44 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 12:44 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 12:44 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 12:44 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 12:44 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 12:44 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 12:44 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 12:44 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 12:44 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 12:44 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 12:44 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 22:54 - 2016-08-09 22:54 - 00029951 _____ C:\Users\Alex\Downloads\theseemslegit.htm
2016-08-07 20:51 - 2016-08-07 20:51 - 04117216 _____ (Husdawg, LLC) C:\Users\Alex\Downloads\Detection (1).exe
2016-08-07 20:21 - 2016-08-07 20:21 - 00000000 ____D C:\Users\Alex\Desktop\Stream Lables
2016-08-07 20:20 - 2016-08-07 20:20 - 00002683 _____ C:\Users\Alex\Desktop\TwitchAlerts Stream Labels.lnk
2016-08-07 17:01 - 2016-08-07 17:01 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Corsair
2016-08-07 17:01 - 2016-08-07 17:01 - 00000000 ____D C:\Users\Alex\AppData\Local\Corsair
2016-08-07 17:01 - 2016-08-07 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2016-08-07 16:59 - 2016-08-07 16:59 - 61563797 _____ C:\Users\Alex\Downloads\Corsair-Utility-Engine-v1.16.42.zip
2016-08-06 23:45 - 2016-08-06 23:45 - 00000000 ____D C:\Users\Alex\AppData\Local\GMap.NET
2016-08-06 23:44 - 2016-08-06 23:45 - 04549415 _____ C:\Users\Alex\Downloads\MyGOBot (6).zip
2016-08-06 22:17 - 2016-08-06 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-08-03 23:05 - 2016-08-03 23:05 - 00003328 _____ C:\WINDOWS\System32\Tasks\{48E24B94-D2FA-4A14-BC2B-C979A719A2B5}
2016-08-03 23:05 - 2016-08-03 23:05 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2016-08-03 23:04 - 2016-08-03 23:04 - 00000859 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2016-08-03 23:04 - 2016-08-03 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2016-08-03 23:01 - 2016-08-03 23:01 - 04549415 _____ C:\Users\Alex\Downloads\MyGOBot (5).zip
2016-08-03 13:51 - 2016-08-03 13:51 - 00829601 _____ C:\Users\Alex\Downloads\download (1).htm
2016-08-03 12:04 - 2016-08-03 12:04 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Dire Wolf Digital
2016-08-03 11:59 - 2016-08-03 11:59 - 12895592 _____ (Bethesda Softworks ) C:\Users\Alex\Downloads\BethesdaNetLauncher_Setup (1).exe
2016-08-01 21:18 - 2016-08-12 23:18 - 00003386 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2016-08-01 21:18 - 2016-08-12 11:29 - 00004162 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2016-08-01 21:12 - 2016-08-01 21:12 - 00000016 _____ C:\ProgramData\mntemp
2016-08-01 20:50 - 2016-08-01 20:51 - 12292096 _____ C:\Users\Alex\Downloads\SmartApp (2).msi
2016-07-31 19:46 - 2016-07-31 19:46 - 02223881 _____ C:\Users\Alex\Downloads\MyGOBot (4).zip
2016-07-30 23:03 - 2016-07-30 23:03 - 02223152 _____ C:\Users\Alex\Downloads\MyGOBot (3).zip
2016-07-29 13:11 - 2016-07-29 13:11 - 00001207 _____ C:\Users\Public\Desktop\Diablo III.lnk
2016-07-29 13:11 - 2016-07-29 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-07-29 12:35 - 2016-07-29 12:35 - 12292096 _____ C:\Users\Alex\Downloads\SmartApp (1).msi
2016-07-29 12:30 - 2016-08-03 00:59 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-07-29 12:09 - 2016-07-29 12:09 - 02222638 _____ C:\Users\Alex\Downloads\MyGOBot (2).zip
2016-07-29 00:46 - 2016-07-29 01:02 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-07-29 00:46 - 2016-07-29 01:02 - 00000000 ____D C:\Users\Alex\AppData\Local\pokemon
2016-07-29 00:46 - 2016-07-29 00:46 - 80835584 _____ (Mike Christopher) C:\Users\Alex\Downloads\PokemonGoMap-Win.exe
2016-07-29 00:46 - 2016-07-29 00:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\pokemon-go-map
2016-07-29 00:43 - 2016-08-06 23:45 - 00000000 ____D C:\Users\Alex\Desktop\POKEMON GO BOT
2016-07-29 00:43 - 2016-07-29 00:43 - 02221516 _____ C:\Users\Alex\Downloads\MyGOBot (1).zip
2016-07-27 23:30 - 2016-07-27 23:30 - 04174238 _____ C:\Users\Alex\Downloads\MyGOBot.zip
2016-07-27 23:30 - 2016-07-27 23:30 - 00000000 ____D C:\Users\Alex\GO Bot
2016-07-27 22:59 - 2016-07-27 22:59 - 00000000 ____D C:\Users\Alex\AppData\Local\ActiveSync
2016-07-27 14:22 - 2016-07-27 14:22 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Unity
2016-07-27 14:22 - 2016-07-27 14:22 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity
2016-07-27 14:22 - 2016-07-27 14:22 - 00000000 ____D C:\Users\Alex\AppData\Local\Deployment
2016-07-27 14:22 - 2016-07-27 14:22 - 00000000 ____D C:\Users\Alex\AppData\Local\Apps\2.0
2016-07-27 14:02 - 2016-08-11 23:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net
2016-07-27 14:00 - 2016-07-27 14:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Battle.net
2016-07-27 13:59 - 2016-07-27 14:00 - 03012080 _____ (Blizzard Entertainment) C:\Users\Alex\Downloads\Battle.net-Setup (2).exe
2016-07-27 02:24 - 2016-07-27 02:24 - 00000000 ____D C:\Users\Alex\Documents\LoLReplay2
2016-07-27 02:22 - 2016-07-27 02:22 - 00000000 ____D C:\dev
2016-07-27 02:19 - 2016-07-27 02:19 - 28037582 _____ (Aequus Gaming Ltd. ) C:\Users\Alex\Downloads\LSI - LoL Summoner Information (v4.15.0) Setup.exe
2016-07-27 02:18 - 2016-07-27 02:18 - 00000000 ____D C:\Users\Alex\AppData\Local\GlimpseGame
2016-07-26 15:49 - 2016-07-26 15:49 - 00001979 _____ C:\Users\Alex\AppData\Roaming\SpeedRunnersLog.txt
2016-07-26 15:49 - 2016-07-26 15:49 - 00000000 ____D C:\Users\Alex\Documents\SavedGames
2016-07-26 15:49 - 2016-07-26 15:49 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-07-26 15:25 - 2016-07-26 15:25 - 00000000 ____D C:\Users\Alex\AppData\Local\Mozilla
2016-07-26 15:17 - 2016-07-26 15:18 - 48521840 _____ C:\Users\Alex\Downloads\Firefox Setup 47.0.1.exe
2016-07-26 13:27 - 2016-07-26 13:29 - 00000000 ____D C:\Users\Alex\AppData\Local\PAYDAY 2
2016-07-26 13:27 - 2016-07-26 13:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-26 13:27 - 2016-07-26 13:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-07-26 12:43 - 2016-07-26 12:43 - 03970746 _____ C:\Users\Alex\Downloads\Battle.net-Agent-PC-Standalone.zip
2016-07-26 02:20 - 2016-07-26 02:20 - 00281380 _____ C:\WINDOWS\Minidump\072616-5390-01.dmp
2016-07-25 12:07 - 2016-07-25 12:07 - 00000000 ____D C:\Users\Alex\AppData\Local\My Games
2016-07-24 00:34 - 2016-07-24 00:34 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\BlackLight Interactive
2016-07-23 23:50 - 2016-07-23 23:50 - 00022080 _____ C:\Users\Alex\Downloads\search.htm
2016-07-22 23:21 - 2016-07-22 23:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\11bitstudios
2016-07-22 13:53 - 2016-07-22 13:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MMFApplications
2016-07-22 13:51 - 2016-07-22 14:55 - 00000000 ____D C:\Users\Alex\Documents\The Escapists
2016-07-22 12:00 - 2016-07-22 12:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.mono
2016-07-22 12:00 - 2016-07-22 12:00 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Blizzard Entertainment
2016-07-22 12:00 - 2016-07-22 12:00 - 00000000 ____D C:\Users\Alex\AppData\Local\Blizzard
2016-07-22 12:00 - 2016-07-22 12:00 - 00000000 ____D C:\ProgramData\.mono
2016-07-22 00:40 - 2016-07-22 00:40 - 00000000 ____D C:\Users\Alex\Documents\FreeReign
2016-07-22 00:40 - 2016-07-22 00:40 - 00000000 ____D C:\Users\Alex\AppData\Local\FreeReign
2016-07-21 22:43 - 2016-07-21 22:44 - 00116154 _____ C:\Users\Alex\Downloads\adventure-rpg-games.htm
2016-07-20 16:30 - 2016-07-20 16:30 - 00500970 _____ C:\Users\Alex\Downloads\UCTILqOrnngHKgCono1R5bPw.htm
2016-07-20 15:17 - 2016-07-20 15:17 - 00003374 _____ C:\WINDOWS\System32\Tasks\{17D16A22-F131-4CD9-BBED-207B24FE040B}
2016-07-20 14:13 - 2016-08-03 23:03 - 00000000 ____D C:\Program Files\Rockstar Games
2016-07-20 14:13 - 2016-08-03 23:03 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-07-20 14:13 - 2016-07-20 14:13 - 00000000 ____D C:\Users\Alex\Documents\Rockstar Games
2016-07-20 14:13 - 2016-07-20 14:13 - 00000000 ____D C:\Users\Alex\AppData\Local\Rockstar Games
2016-07-20 11:57 - 2016-07-20 11:57 - 00003316 _____ C:\WINDOWS\System32\Tasks\{0AADCEBB-B6A9-43C6-A896-CE3BB8DF55B7}
2016-07-19 15:29 - 2016-07-19 15:30 - 00000000 ____D C:\Users\Alex\AppData\Local\Bethesda.net Launcher
2016-07-19 15:28 - 2016-07-19 15:28 - 07493336 _____ (Bethesda Softworks ) C:\Users\Alex\Downloads\BethesdaNetLauncher_Setup.exe
2016-07-18 20:16 - 2016-07-21 19:47 - 00000000 ____D C:\Users\Alex\AppData\Local\YddrPack
2016-07-18 20:16 - 2016-07-21 19:47 - 00000000 ____D C:\Users\Alex\AppData\Local\Oqdlics
2016-07-18 19:45 - 2016-07-18 19:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\FiraxisLive
2016-07-18 19:45 - 2016-07-18 19:45 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Steam
2016-07-18 01:23 - 2016-07-18 01:23 - 00001260 _____ C:\Users\Alex\Desktop\pokemon go list.txt
2016-07-18 00:47 - 2016-07-18 00:47 - 00101723 _____ C:\Users\Alex\Downloads\205CDE55414BE81FE27F9E3EC3D7E28802B5BF4F.torrent
2016-07-18 00:44 - 2016-07-18 23:23 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\BitTorrent
2016-07-17 23:34 - 2016-07-17 23:35 - 00000000 ____D C:\Users\Alex\Documents\Twitch Alerts
2016-07-17 19:40 - 2016-07-19 11:51 - 00002697 _____ C:\Users\Alex\Desktop\BitTorrent.lnk
2016-07-17 19:39 - 2016-07-18 23:23 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BitTorrent
2016-07-17 19:39 - 2016-07-17 19:39 - 01972232 _____ (BitTorrent Inc.) C:\Users\Alex\Downloads\BitTorrent.exe
2016-07-16 11:17 - 2016-08-10 23:20 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-15 15:32 - 2016-07-15 15:32 - 00000000 ____D C:\Users\Alex\AppData\Roaming\NCSOFT
2016-07-15 15:32 - 2016-07-15 15:32 - 00000000 ____D C:\Users\Alex\AppData\Local\NCSOFT
2016-07-14 16:23 - 2016-07-14 16:23 - 00029696 _____ C:\Users\Alex\AppData\Roaming\SetCursor.dll
2016-07-13 01:19 - 2016-08-02 23:50 - 00002228 _____ C:\Users\Alex\Desktop\Discord.lnk
2016-07-13 01:19 - 2016-08-02 23:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-07-13 01:19 - 2016-08-02 23:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\discord
2016-07-13 01:19 - 2016-08-02 23:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Discord
2016-07-13 01:19 - 2016-07-29 00:46 - 00000000 ____D C:\Users\Alex\AppData\Local\SquirrelTemp
2016-07-13 01:18 - 2016-07-13 01:19 - 48565944 _____ (Hammer & Chisel, Inc.) C:\Users\Alex\Downloads\DiscordSetup.exe
2016-07-13 00:12 - 2016-07-13 00:12 - 60876068 _____ C:\Users\Alex\Downloads\Pok--mon GO_v0.29.0_apkpure.com (1).apk
2016-07-13 00:03 - 2016-07-13 00:03 - 01065671 _____ C:\Users\Alex\Downloads\com.incorporateapps.fakegps.v4.6-GlobalAPK.Co.apk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-12 23:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-12 23:29 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 23:23 - 2016-06-23 00:01 - 00929278 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-12 23:23 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-12 23:21 - 2016-06-28 20:51 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F3E06FFA-49C9-4D08-97C5-82290B18C47C}
2016-08-12 23:18 - 2016-06-23 00:03 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-12 23:18 - 2016-02-13 09:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-12 16:38 - 2016-06-22 23:55 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-12 16:38 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-12 16:18 - 2016-06-23 00:03 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-12 15:17 - 2016-06-23 01:12 - 00000402 _____ C:\WINDOWS\Tasks\update-sys.job
2016-08-12 14:25 - 2016-06-23 01:12 - 00000402 _____ C:\WINDOWS\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001.job
2016-08-12 13:46 - 2016-06-23 01:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OBS
2016-08-12 11:29 - 2016-06-22 22:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PlaysTV
2016-08-12 11:29 - 2016-06-22 22:33 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Raptr
2016-08-12 00:57 - 2016-06-22 23:56 - 00000000 ____D C:\Users\Alex
2016-08-12 00:04 - 2016-06-27 11:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2016-08-11 23:24 - 2016-06-22 22:27 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-11 20:52 - 2016-06-27 11:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-11 20:52 - 2016-06-27 11:46 - 00000000 ____D C:\ProgramData\Skype
2016-08-11 18:13 - 2016-06-29 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-08-11 18:13 - 2016-06-29 22:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-08-10 23:21 - 2016-06-22 23:55 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-10 23:01 - 2016-02-13 09:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 16:57 - 2016-02-13 09:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 16:57 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 16:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 16:43 - 2016-06-23 00:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-10 15:58 - 2016-06-24 09:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 15:58 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 15:56 - 2016-06-24 09:46 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 12:44 - 2016-06-23 00:05 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-08-09 15:08 - 2016-07-11 21:48 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-08-09 01:20 - 2016-06-22 22:30 - 00000000 ____D C:\Users\Alex\AppData\Local\Blizzard Entertainment
2016-08-09 01:20 - 2016-06-22 22:29 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-08-08 20:18 - 2016-06-23 00:04 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 20:18 - 2016-06-23 00:04 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-06 22:17 - 2016-06-23 01:12 - 00003388 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001
2016-08-06 22:17 - 2016-06-23 01:12 - 00000424 _____ C:\Users\Alex\AppData\Local\UserProducts.xml
2016-08-03 23:00 - 2016-06-22 23:59 - 00000000 ____D C:\Users\Alex\AppData\Local\Packages
2016-08-01 21:20 - 2016-06-27 11:34 - 00000000 ____D C:\Program Files (x86)\SmartApp
2016-08-01 21:16 - 2016-02-13 09:11 - 00194200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-30 01:17 - 2016-06-22 23:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-29 12:28 - 2016-06-23 01:19 - 00000000 ____D C:\Program Files (x86)\OBS
2016-07-29 12:10 - 2016-06-24 09:19 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-28 20:13 - 2016-06-23 00:03 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 20:13 - 2016-06-23 00:03 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 15:25 - 2016-06-24 00:00 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 02:18 - 2016-06-25 12:41 - 00000000 ____D C:\Users\Alex\AppData\Local\UnrealEngine
2016-07-26 15:25 - 2016-06-24 09:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Mozilla
2016-07-26 02:31 - 2016-06-22 23:53 - 00000000 ____D C:\Windows.old
2016-07-26 02:20 - 2016-06-22 23:57 - 951927914 _____ C:\WINDOWS\MEMORY.DMP
2016-07-26 02:20 - 2016-06-22 23:57 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-25 12:07 - 2015-12-15 05:32 - 00000000 ____D C:\Users\Alex\Documents\My Games
2016-07-21 19:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Help
2016-07-21 19:40 - 2016-06-23 00:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-20 15:57 - 2016-07-09 19:26 - 00000000 ____D C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2016-07-20 14:15 - 2016-06-23 00:00 - 00000000 ____D C:\Users\Alex\AppData\Local\AMD
2016-07-20 12:02 - 2016-07-09 23:05 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.minecraft
2016-07-19 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Web
2016-07-19 11:53 - 2016-06-27 11:34 - 00000000 ____D C:\Users\Alex\AppData\Local\VertoAnalytics
2016-07-19 11:51 - 2016-07-12 23:50 - 00000840 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-07-19 11:51 - 2016-07-12 23:50 - 00000840 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-07-19 11:51 - 2016-07-09 23:05 - 00001024 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-07-19 11:51 - 2016-06-29 22:08 - 00000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-07-19 11:51 - 2016-06-29 22:07 - 00000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-07-19 11:51 - 2016-06-27 11:46 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2016-07-19 11:51 - 2016-06-23 01:19 - 00001004 _____ C:\Users\Alex\Desktop\Open Broadcaster Software.lnk
2016-07-19 11:51 - 2016-06-23 01:19 - 00000612 _____ C:\Users\Public\Desktop\Steam.lnk
2016-07-19 11:51 - 2016-06-23 00:08 - 00000827 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-19 11:51 - 2016-06-23 00:05 - 00001219 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-07-19 11:51 - 2016-06-23 00:00 - 00002358 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-19 11:51 - 2016-06-22 22:38 - 00002086 _____ C:\Users\Public\Desktop\Raptr.lnk
2016-07-19 11:51 - 2015-12-15 06:44 - 00002761 _____ C:\Users\Public\Desktop\GIGABYTE OC_GURU.lnk
2016-07-19 11:51 - 2015-12-12 16:25 - 00001252 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2016-07-19 11:51 - 2015-12-12 16:22 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-07-17 20:46 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-07-16 18:21 - 2016-06-22 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-07-16 00:21 - 2016-01-19 20:52 - 00000000 ____D C:\Users\Alex\Documents\NCSOFT
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-15 01:37 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
 
==================== Files in the root of some directories =======
 
2016-06-17 02:54 - 2016-06-17 02:54 - 0000217 _____ () C:\Users\Alex\AppData\Roaming\10-unhinted.conf
2016-06-17 02:54 - 2016-06-17 02:54 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\159 dk orange bl 1.ADO
2016-06-17 02:54 - 2016-06-17 02:54 - 0000303 _____ () C:\Users\Alex\AppData\Roaming\3.png
2016-06-17 02:54 - 2016-06-17 02:54 - 0001283 _____ () C:\Users\Alex\AppData\Roaming\404-1.htm
2016-06-17 02:54 - 2016-06-17 02:54 - 0004365 _____ () C:\Users\Alex\AppData\Roaming\Adobe-CNS1-4
2016-06-26 13:35 - 2016-06-26 13:35 - 6870016 _____ () C:\Users\Alex\AppData\Roaming\agent.dat
2016-06-17 02:54 - 2016-06-17 02:54 - 0002190 _____ () C:\Users\Alex\AppData\Roaming\annotation.css.xml
2016-06-17 02:54 - 2016-06-17 02:54 - 0000379 _____ () C:\Users\Alex\AppData\Roaming\AsapiLoggerConfig.xml
2016-06-17 02:53 - 2016-06-17 02:53 - 0000027 _____ () C:\Users\Alex\AppData\Roaming\AST4
2016-06-17 02:53 - 2016-06-17 02:53 - 0004205 _____ () C:\Users\Alex\AppData\Roaming\back.png
2016-06-17 02:53 - 2016-06-17 02:53 - 0000430 _____ () C:\Users\Alex\AppData\Roaming\doc_to_epub.xsl
2016-06-17 02:53 - 2016-06-17 02:53 - 0002385 _____ () C:\Users\Alex\AppData\Roaming\dsfksvcsw2k.inf
2016-06-17 02:53 - 2016-06-17 02:53 - 0003749 _____ () C:\Users\Alex\AppData\Roaming\ExampleAWTViewer.java
2016-06-17 02:53 - 2016-06-17 02:53 - 0001194 _____ () C:\Users\Alex\AppData\Roaming\f39.png
2016-06-17 02:53 - 2016-06-17 02:53 - 0001150 _____ () C:\Users\Alex\AppData\Roaming\fast_forward.png
2016-06-17 02:53 - 2016-06-17 02:53 - 0003405 _____ () C:\Users\Alex\AppData\Roaming\finphon.env
2016-06-17 02:53 - 2016-06-17 02:53 - 0000935 _____ () C:\Users\Alex\AppData\Roaming\glossterm.width.xml
2016-06-17 02:52 - 2016-06-17 02:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_fr.csv
2016-06-17 02:52 - 2016-06-17 02:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_jp.csv
2016-06-17 02:52 - 2016-06-17 02:52 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\gray 423 bl soft.ADO
2016-06-26 13:35 - 2016-06-26 13:35 - 0128512 _____ () C:\Users\Alex\AppData\Roaming\Installer.dat
2016-06-26 13:35 - 2016-06-26 13:35 - 0018432 _____ () C:\Users\Alex\AppData\Roaming\Main.dat
2013-11-13 04:00 - 2013-11-13 04:00 - 0049948 _____ () C:\Users\Alex\AppData\Roaming\Plangency.P
2016-07-14 16:23 - 2016-07-14 16:23 - 0029696 _____ () C:\Users\Alex\AppData\Roaming\SetCursor.dll
2016-07-26 15:49 - 2016-07-26 15:49 - 0001979 _____ () C:\Users\Alex\AppData\Roaming\SpeedRunnersLog.txt
1989-01-27 04:00 - 1989-01-27 04:00 - 0003406 _____ () C:\Users\Alex\AppData\Roaming\Stereophony.t
2016-06-23 01:12 - 2016-06-23 01:12 - 0000003 _____ () C:\Users\Alex\AppData\Local\updater.log
2016-06-23 01:12 - 2016-08-06 22:17 - 0000424 _____ () C:\Users\Alex\AppData\Local\UserProducts.xml
2016-07-09 19:11 - 2016-07-09 19:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-01 21:12 - 2016-08-01 21:12 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\BluestacksUninstaller.exe
C:\Users\Alex\AppData\Local\Temp\CIMManifest.exe
C:\Users\Alex\AppData\Local\Temp\HD-LibraryHandler.dll
C:\Users\Alex\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Alex\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Alex\AppData\Local\Temp\InstallHelper.exe
C:\Users\Alex\AppData\Local\Temp\mpam-2fbe7ee.exe
C:\Users\Alex\AppData\Local\Temp\playstv_patch.exe
C:\Users\Alex\AppData\Local\Temp\radeon-crimson-16.3.2-minimalsetup.exe
C:\Users\Alex\AppData\Local\Temp\raptrpatch.exe
C:\Users\Alex\AppData\Local\Temp\raptr_stub.exe
C:\Users\Alex\AppData\Local\Temp\uninstall.exe
C:\Users\Alex\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-09 13:04
 
==================== End of FRST.txt ============================

This is everything in the Addition.txt file : 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Alex (2016-08-12 23:32:12)
Running from C:\Users\Alex\Downloads
Windows 10 Home Version 1511 (X64) (2016-06-23 03:58:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-482574108-2876646391-2450146034-500 - Administrator - Disabled)
Alex (S-1-5-21-482574108-2876646391-2450146034-1001 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-482574108-2876646391-2450146034-503 - Limited - Disabled)
Guest (S-1-5-21-482574108-2876646391-2450146034-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
BitTorrent (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.37.6239 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Ghost in the Shell Stand Alone Complex First Assault Online (HKLM\...\Steam App 369200) (Version:  - Neople)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
LSI - LoL Summoner Information (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: v4.15.0 - Aequus Gaming Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Necropolis (HKLM\...\Steam App 384490) (Version:  - Harebrained Schemes)
No Man's Sky (HKLM\...\Steam App 275850) (Version:  - Hello Games)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.1-r115223-release - Plays.tv, LLC)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
ProxyGate version 3.0.0.1180 (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.5-r115042-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Riders of Icarus (HKLM\...\Steam App 442080) (Version:  - WeMade)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SmartApp (HKLM-x32\...\{F3BA5FBF-7DDE-416E-85FB-3D19AFEC8E63}) (Version: 3.1.2.53 - SmartApp)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-482574108-2876646391-2450146034-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {209783C5-01E2-4A4E-8496-5138EF147B34} - System32\Tasks\{72380271-88CC-44AF-8B13-3E63831FE6CA} => pcalua.exe -a "C:\Program Files (x86)\Bluestacks\BluestacksUninstaller.exe" -c :tmp
Task: {39376A87-E01B-46F0-9D71-D768DC86AAA7} - \SessionAgent -> No File <==== ATTENTION
Task: {4BCC9587-D8A4-4FBE-A66E-63F55EDFD1A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {4F7E9507-DF71-47EA-8C33-6E04A8819370} - System32\Tasks\{48E24B94-D2FA-4A14-BC2B-C979A719A2B5} => pcalua.exe -a "d:\program files\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5
Task: {5DCC4201-0C7C-4870-9BCB-C8AA73B4687E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {634F0C50-C7FD-498F-A4A7-4913EA7E2A27} - System32\Tasks\{0AADCEBB-B6A9-43C6-A896-CE3BB8DF55B7} => pcalua.exe -a "d:\mygames\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/8
Task: {7F1252E4-D377-4294-86FD-FEF4D310E766} - System32\Tasks\{17D16A22-F131-4CD9-BBED-207B24FE040B} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=prometheus --displayname="Overwatch"
Task: {84B855BF-E24A-427B-8E8E-FEA069601A07} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {8724B2B5-4EA9-460C-A800-30CC467FFD5D} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2016-07-19] ()
Task: {B8D13665-E4C4-46CA-ABDD-DC88013D02BB} - System32\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {C08287CD-9F2C-41CE-A46C-FC3E8FEFF4F5} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {EB3AC53A-2154-4FF7-93B6-4E9281F4ED9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {FCB31082-A7B6-424E-9531-6204CC7EBCFB} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2016-07-19] (VertoAnalytics Oy)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Alex\Desktop\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-07-12 23:50 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 23:50 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-23 00:00 - 2016-06-23 00:00 - 00959168 _____ () C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 23:51 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 23:50 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 23:50 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 23:50 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 23:50 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-25 19:34 - 2015-06-25 19:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 19:37 - 2015-06-25 19:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 19:35 - 2015-06-25 19:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 19:38 - 2015-06-25 19:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 18:53 - 2015-06-25 18:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 18:51 - 2015-06-25 18:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-06-14 22:39 - 2016-06-14 22:39 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-08-08 20:18 - 2016-08-02 19:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 20:18 - 2016-08-02 19:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-11-30 02:07 - 2015-11-30 02:07 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-04-01 15:31 - 2016-04-01 15:31 - 01308224 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-07-26 12:28 - 2016-07-26 12:28 - 02417144 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.24\deploy\LoLLauncher.exe
2016-07-26 12:28 - 2016-07-26 12:28 - 04702712 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\LoLPatcher.exe
2015-12-12 16:34 - 2015-12-12 16:34 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.211\deploy\LolClient.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2016-06-28 20:55 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{F3821F34-CC6E-4E36-80EB-7DBE3B27408B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{109544A9-56C8-4CF4-8899-0660C345CD8F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{E666E68B-CBAF-474F-956E-B678ACCA2BEE}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{0EB782BD-70F3-4847-B4A2-58C58FFE54C2}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{46A8F05A-D583-4C15-A9EC-1AFCA3B20344}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
FirewallRules: [{795974DE-55F4-423D-B661-4A89FCA927B3}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5C79A667-496E-4E53-8871-5596B8775263}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{F1036AB9-80D3-4247-9972-662524568B80}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{8053B95C-D354-48BB-BE1F-13D51294EC36}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{7D6BDA0A-7615-43A8-AB79-6003B3A15303}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{09CD4A7A-2336-4F6A-8E65-FD787D9F0338}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3307C4F2-7DC6-4CAE-871D-E3C4E876640B}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3BE52819-47BA-48A3-88CF-5794CA833FA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1EEF1C58-36AA-4E37-973F-DE5E084036F6}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{E6170835-893A-4C71-8D54-C62CE5818BC7}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1E1EAAA6-9F72-44CA-A622-9ABFDE8BDE0C}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{9C2D7E88-990C-4F95-AF62-F2B27E9B3CCF}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{95FA5F07-84C8-41E0-A96E-4363A4D6A9D5}] => (Allow) D:\Program Files\Common7\IDE\devenv.exe
FirewallRules: [{0F17E784-9FBF-473A-BB61-7CA7DA5FEC8D}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{51EE83C2-799F-4956-A0FE-665EBA3732D3}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [TCP Query User{04BDC280-8B25-4DDF-8C9D-F1DA25995260}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{123E48FC-FF7C-4630-B553-8BC55F875E3C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6FA80EAA-D7AD-4DD7-BDBF-857F10F40CFA}] => (Allow) D:\Program Files\steamapps\common\Necropolis\Necropolis.exe
FirewallRules: [{03262332-FD4F-44AF-90D5-1A13FF3747C0}] => (Allow) D:\Program Files\steamapps\common\Necropolis\Necropolis.exe
FirewallRules: [TCP Query User{11F09761-93E2-4CD6-AC69-1B345548F5DD}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{6EFFB89E-9052-40AA-97B6-C9EDCF6922FF}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [{A840BD21-C554-4096-A815-761DA30984ED}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DEA6E8E0-0E9D-45B0-B60F-948EEA5B9423}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1423BF4C-23D8-47D4-86EE-A59486EDE905}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1E0FE48B-2D75-41CB-822D-9EB9F07D02AA}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4B4649A6-8BAC-40D0-9DB9-0DE4CB9D42C3}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5FCBA658-F134-43D3-8749-A1D7CD2E43B1}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{F90643C9-214B-4B64-B83E-5955D08EFABE}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{3F6206DA-F60B-488D-B77F-42CCC05C0FF3}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{DFBE9F09-A34E-4F2A-A32D-2BAAF3036928}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{15178F20-B741-4595-8706-71B3109CAAA8}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{89C63A50-D4D9-4749-802E-CC37975BA183}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{F8FA1393-795D-4AA8-93D7-9DEDD2A96CC9}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{43F6FB40-43BB-45D4-B311-073229C3E646}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe
FirewallRules: [UDP Query User{A5A7998A-531C-433A-9517-84A3A6D9DBA3}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe
FirewallRules: [TCP Query User{9A5921FE-A72C-483F-AB34-9DF49B5D205D}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [UDP Query User{81642C3F-1818-436C-B794-C362C9336226}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [TCP Query User{5A73C8AC-796E-450B-B49A-8EF51391CB53}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{363E62CA-8251-4F17-B611-4FEE8154C13C}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [{B854A948-8B81-4E01-BC62-CACE71DBDB47}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{3B7CBB59-A35E-4FDD-B8EE-52A0B21ECFEB}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{2C34A8CE-5C63-427C-82B4-FE0A6C2AC285}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{9949C6E6-6E28-4266-8911-1D95BF514AB3}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{BB21843B-3825-4419-AEBF-2D1881411CFB}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1EF9BE16-0819-42B6-9D00-A98001DFC34F}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{6432A5AF-7C9D-43FA-986D-1F0655C81307}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{997199BA-C68E-4917-913C-0AB4C860EB18}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{710AD082-CCE0-4BA5-975D-2A6079A9EE06}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{1A8AE1FD-480E-46FD-8D18-A7F9383A9D9C}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [TCP Query User{3440BF39-FF11-4DD4-9430-646CD02849E8}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe
FirewallRules: [UDP Query User{D7C8AB7B-7D41-4A12-9DBD-F75642190927}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe
FirewallRules: [TCP Query User{B1AB9472-439F-4043-9572-451E25157900}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D26B4CBB-3919-44D3-91CB-9A10D2DEAA9A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{C874D096-EE94-4A65-BB26-18D8C8F1E752}] => (Allow) D:\Program Files\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4372CBE1-C229-472C-980F-67740876D5F8}] => (Allow) D:\Program Files\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{05058520-6CA9-4835-BAE9-E2F05083B1E1}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{DBC74ABE-470A-4F9E-845A-EBB02995EA9C}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{FC1E674D-801F-4E6E-8E3F-BA60F26169AA}] => (Allow) D:\Program Files\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{71C8696B-590C-4BD4-9E04-6F0E911F968D}] => (Allow) D:\Program Files\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{D695799F-6F8A-4942-B508-6135FACB1A2B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{55E2BD0C-2C2D-4793-92D9-8EA9F13B0E3E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{E246C51E-D6E1-4C68-9372-5D8E977C8F80}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D86EEABF-61C7-469E-ABC1-C898801A92EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{42A710E3-B797-4567-B4DD-55C9C40D8959}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{53AEB4F6-BED8-4F8B-88BA-8DCB202E9A29}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{9F4325B5-D02A-4483-91D0-5EC10DFC8B4E}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [{65E48A8E-AA8A-40BF-B5A1-55D6A098A58B}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{1CCCC589-15E6-4049-BECD-78249F465FC4}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F821F898-C9B2-4195-BAA9-1EF43B49DD36}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{CBD5C60D-77EA-4527-8D86-A8B2B4FF4515}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6FD091B4-4ED2-4CAE-A7BD-C581A6FBAD91}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{160BE9A6-43B6-43A1-8526-66E4698B3874}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{1F0E3D8E-564A-483B-BC9C-5B0C54885A2F}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{7C0704A1-D58A-4021-8E3A-51379704204E}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe
 
==================== Restore Points =========================
 
10-08-2016 15:54:41 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2016 11:30:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXSPC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/12/2016 01:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NMS.exe, version: 0.1.0.0, time stamp: 0x57ade3e9
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x10f0
Faulting application start time: 0xNMS.exe0
Faulting application path: NMS.exe1
Faulting module path: NMS.exe2
Report Id: NMS.exe3
Faulting package full name: NMS.exe4
Faulting package-relative application ID: NMS.exe5
 
Error: (08/12/2016 12:57:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXSPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/10/2016 03:54:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/09/2016 01:50:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXSPC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (08/06/2016 11:50:53 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
 
System errors:
=============
Error: (08/12/2016 04:38:11 PM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (08/12/2016 04:38:11 PM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 03:28:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/12/2016 12:57:53 AM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca
 
Error: (08/12/2016 12:57:52 AM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (08/12/2016 12:57:52 AM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
CodeIntegrity:
===================================
  Date: 2016-08-10 23:01:07.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-27 00:48:50.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-23 19:05:25.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 21:43:58.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 12:54:02.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-14 22:40:27.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-13 00:13:37.032
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-112884.dll that did not meet the Store signing level requirements.
 
  Date: 2016-07-09 18:48:59.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-112884.dll that did not meet the Store signing level requirements.
 
  Date: 2016-07-01 00:17:31.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-29 22:07:14.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16295.52 MB
Available physical RAM: 11376.21 MB
Total Virtual: 18727.52 MB
Available Virtual: 12854.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.44 GB) (Free:115.22 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:931.51 GB) (Free:611.86 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59C3683A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 59C36822)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Alex (2016-08-12 23:32:12)
Running from C:\Users\Alex\Downloads
Windows 10 Home Version 1511 (X64) (2016-06-23 03:58:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-482574108-2876646391-2450146034-500 - Administrator - Disabled)
Alex (S-1-5-21-482574108-2876646391-2450146034-1001 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-482574108-2876646391-2450146034-503 - Limited - Disabled)
Guest (S-1-5-21-482574108-2876646391-2450146034-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
BitTorrent (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.37.6239 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Ghost in the Shell Stand Alone Complex First Assault Online (HKLM\...\Steam App 369200) (Version:  - Neople)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
LSI - LoL Summoner Information (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: v4.15.0 - Aequus Gaming Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Necropolis (HKLM\...\Steam App 384490) (Version:  - Harebrained Schemes)
No Man's Sky (HKLM\...\Steam App 275850) (Version:  - Hello Games)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.1-r115223-release - Plays.tv, LLC)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
ProxyGate version 3.0.0.1180 (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.5-r115042-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Riders of Icarus (HKLM\...\Steam App 442080) (Version:  - WeMade)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SmartApp (HKLM-x32\...\{F3BA5FBF-7DDE-416E-85FB-3D19AFEC8E63}) (Version: 3.1.2.53 - SmartApp)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-482574108-2876646391-2450146034-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {209783C5-01E2-4A4E-8496-5138EF147B34} - System32\Tasks\{72380271-88CC-44AF-8B13-3E63831FE6CA} => pcalua.exe -a "C:\Program Files (x86)\Bluestacks\BluestacksUninstaller.exe" -c :tmp
Task: {39376A87-E01B-46F0-9D71-D768DC86AAA7} - \SessionAgent -> No File <==== ATTENTION
Task: {4BCC9587-D8A4-4FBE-A66E-63F55EDFD1A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {4F7E9507-DF71-47EA-8C33-6E04A8819370} - System32\Tasks\{48E24B94-D2FA-4A14-BC2B-C979A719A2B5} => pcalua.exe -a "d:\program files\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5
Task: {5DCC4201-0C7C-4870-9BCB-C8AA73B4687E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {634F0C50-C7FD-498F-A4A7-4913EA7E2A27} - System32\Tasks\{0AADCEBB-B6A9-43C6-A896-CE3BB8DF55B7} => pcalua.exe -a "d:\mygames\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/8
Task: {7F1252E4-D377-4294-86FD-FEF4D310E766} - System32\Tasks\{17D16A22-F131-4CD9-BBED-207B24FE040B} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=prometheus --displayname="Overwatch"
Task: {84B855BF-E24A-427B-8E8E-FEA069601A07} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {8724B2B5-4EA9-460C-A800-30CC467FFD5D} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2016-07-19] ()
Task: {B8D13665-E4C4-46CA-ABDD-DC88013D02BB} - System32\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {C08287CD-9F2C-41CE-A46C-FC3E8FEFF4F5} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {EB3AC53A-2154-4FF7-93B6-4E9281F4ED9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {FCB31082-A7B6-424E-9531-6204CC7EBCFB} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2016-07-19] (VertoAnalytics Oy)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Alex\Desktop\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-07-12 23:50 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 23:50 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-23 00:00 - 2016-06-23 00:00 - 00959168 _____ () C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 23:51 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 23:50 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 23:50 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 23:50 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 23:50 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-25 19:34 - 2015-06-25 19:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 19:37 - 2015-06-25 19:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 19:35 - 2015-06-25 19:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 19:38 - 2015-06-25 19:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 18:53 - 2015-06-25 18:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 18:51 - 2015-06-25 18:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-06-14 22:39 - 2016-06-14 22:39 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-08-08 20:18 - 2016-08-02 19:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 20:18 - 2016-08-02 19:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2015-11-30 02:07 - 2015-11-30 02:07 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-04-01 15:31 - 2016-04-01 15:31 - 01308224 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-07-26 12:28 - 2016-07-26 12:28 - 02417144 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.24\deploy\LoLLauncher.exe
2016-07-26 12:28 - 2016-07-26 12:28 - 04702712 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.64\deploy\LoLPatcher.exe
2015-12-12 16:34 - 2015-12-12 16:34 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.211\deploy\LolClient.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2016-06-28 20:55 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{F3821F34-CC6E-4E36-80EB-7DBE3B27408B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{109544A9-56C8-4CF4-8899-0660C345CD8F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{E666E68B-CBAF-474F-956E-B678ACCA2BEE}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{0EB782BD-70F3-4847-B4A2-58C58FFE54C2}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{46A8F05A-D583-4C15-A9EC-1AFCA3B20344}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
FirewallRules: [{795974DE-55F4-423D-B661-4A89FCA927B3}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5C79A667-496E-4E53-8871-5596B8775263}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{F1036AB9-80D3-4247-9972-662524568B80}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{8053B95C-D354-48BB-BE1F-13D51294EC36}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{7D6BDA0A-7615-43A8-AB79-6003B3A15303}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{09CD4A7A-2336-4F6A-8E65-FD787D9F0338}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3307C4F2-7DC6-4CAE-871D-E3C4E876640B}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{3BE52819-47BA-48A3-88CF-5794CA833FA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1EEF1C58-36AA-4E37-973F-DE5E084036F6}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{E6170835-893A-4C71-8D54-C62CE5818BC7}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1E1EAAA6-9F72-44CA-A622-9ABFDE8BDE0C}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{9C2D7E88-990C-4F95-AF62-F2B27E9B3CCF}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{95FA5F07-84C8-41E0-A96E-4363A4D6A9D5}] => (Allow) D:\Program Files\Common7\IDE\devenv.exe
FirewallRules: [{0F17E784-9FBF-473A-BB61-7CA7DA5FEC8D}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{51EE83C2-799F-4956-A0FE-665EBA3732D3}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [TCP Query User{04BDC280-8B25-4DDF-8C9D-F1DA25995260}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{123E48FC-FF7C-4630-B553-8BC55F875E3C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6FA80EAA-D7AD-4DD7-BDBF-857F10F40CFA}] => (Allow) D:\Program Files\steamapps\common\Necropolis\Necropolis.exe
FirewallRules: [{03262332-FD4F-44AF-90D5-1A13FF3747C0}] => (Allow) D:\Program Files\steamapps\common\Necropolis\Necropolis.exe
FirewallRules: [TCP Query User{11F09761-93E2-4CD6-AC69-1B345548F5DD}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{6EFFB89E-9052-40AA-97B6-C9EDCF6922FF}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [{A840BD21-C554-4096-A815-761DA30984ED}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DEA6E8E0-0E9D-45B0-B60F-948EEA5B9423}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1423BF4C-23D8-47D4-86EE-A59486EDE905}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1E0FE48B-2D75-41CB-822D-9EB9F07D02AA}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4B4649A6-8BAC-40D0-9DB9-0DE4CB9D42C3}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5FCBA658-F134-43D3-8749-A1D7CD2E43B1}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{F90643C9-214B-4B64-B83E-5955D08EFABE}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{3F6206DA-F60B-488D-B77F-42CCC05C0FF3}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{DFBE9F09-A34E-4F2A-A32D-2BAAF3036928}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{15178F20-B741-4595-8706-71B3109CAAA8}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{89C63A50-D4D9-4749-802E-CC37975BA183}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{F8FA1393-795D-4AA8-93D7-9DEDD2A96CC9}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{43F6FB40-43BB-45D4-B311-073229C3E646}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe
FirewallRules: [UDP Query User{A5A7998A-531C-433A-9517-84A3A6D9DBA3}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe
FirewallRules: [TCP Query User{9A5921FE-A72C-483F-AB34-9DF49B5D205D}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [UDP Query User{81642C3F-1818-436C-B794-C362C9336226}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [TCP Query User{5A73C8AC-796E-450B-B49A-8EF51391CB53}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{363E62CA-8251-4F17-B611-4FEE8154C13C}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [{B854A948-8B81-4E01-BC62-CACE71DBDB47}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{3B7CBB59-A35E-4FDD-B8EE-52A0B21ECFEB}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{2C34A8CE-5C63-427C-82B4-FE0A6C2AC285}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{9949C6E6-6E28-4266-8911-1D95BF514AB3}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{BB21843B-3825-4419-AEBF-2D1881411CFB}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1EF9BE16-0819-42B6-9D00-A98001DFC34F}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{6432A5AF-7C9D-43FA-986D-1F0655C81307}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{997199BA-C68E-4917-913C-0AB4C860EB18}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{710AD082-CCE0-4BA5-975D-2A6079A9EE06}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{1A8AE1FD-480E-46FD-8D18-A7F9383A9D9C}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [TCP Query User{3440BF39-FF11-4DD4-9430-646CD02849E8}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe
FirewallRules: [UDP Query User{D7C8AB7B-7D41-4A12-9DBD-F75642190927}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe
FirewallRules: [TCP Query User{B1AB9472-439F-4043-9572-451E25157900}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D26B4CBB-3919-44D3-91CB-9A10D2DEAA9A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{C874D096-EE94-4A65-BB26-18D8C8F1E752}] => (Allow) D:\Program Files\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4372CBE1-C229-472C-980F-67740876D5F8}] => (Allow) D:\Program Files\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{05058520-6CA9-4835-BAE9-E2F05083B1E1}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{DBC74ABE-470A-4F9E-845A-EBB02995EA9C}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{FC1E674D-801F-4E6E-8E3F-BA60F26169AA}] => (Allow) D:\Program Files\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{71C8696B-590C-4BD4-9E04-6F0E911F968D}] => (Allow) D:\Program Files\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{D695799F-6F8A-4942-B508-6135FACB1A2B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{55E2BD0C-2C2D-4793-92D9-8EA9F13B0E3E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{E246C51E-D6E1-4C68-9372-5D8E977C8F80}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D86EEABF-61C7-469E-ABC1-C898801A92EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{42A710E3-B797-4567-B4DD-55C9C40D8959}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{53AEB4F6-BED8-4F8B-88BA-8DCB202E9A29}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{9F4325B5-D02A-4483-91D0-5EC10DFC8B4E}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [{65E48A8E-AA8A-40BF-B5A1-55D6A098A58B}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{1CCCC589-15E6-4049-BECD-78249F465FC4}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F821F898-C9B2-4195-BAA9-1EF43B49DD36}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{CBD5C60D-77EA-4527-8D86-A8B2B4FF4515}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6FD091B4-4ED2-4CAE-A7BD-C581A6FBAD91}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{160BE9A6-43B6-43A1-8526-66E4698B3874}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{1F0E3D8E-564A-483B-BC9C-5B0C54885A2F}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{7C0704A1-D58A-4021-8E3A-51379704204E}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe
 
==================== Restore Points =========================
 
10-08-2016 15:54:41 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2016 11:30:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXSPC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/12/2016 01:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NMS.exe, version: 0.1.0.0, time stamp: 0x57ade3e9
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x10f0
Faulting application start time: 0xNMS.exe0
Faulting application path: NMS.exe1
Faulting module path: NMS.exe2
Report Id: NMS.exe3
Faulting package full name: NMS.exe4
Faulting package-relative application ID: NMS.exe5
 
Error: (08/12/2016 12:57:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXSPC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/10/2016 03:54:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/09/2016 01:50:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXSPC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (08/06/2016 11:50:53 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
 
Error: (08/06/2016 11:50:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
 
System errors:
=============
Error: (08/12/2016 04:38:11 PM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (08/12/2016 04:38:11 PM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 04:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3a7c5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/12/2016 03:28:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/12/2016 12:57:53 AM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca
 
Error: (08/12/2016 12:57:52 AM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (08/12/2016 12:57:52 AM) (Source: DCOM) (EventID: 10010) (User: ALEXSPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
CodeIntegrity:
===================================
  Date: 2016-08-10 23:01:07.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-27 00:48:50.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-23 19:05:25.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-17 21:43:58.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-15 12:54:02.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-14 22:40:27.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-13 00:13:37.032
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-112884.dll that did not meet the Store signing level requirements.
 
  Date: 2016-07-09 18:48:59.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-112884.dll that did not meet the Store signing level requirements.
 
  Date: 2016-07-01 00:17:31.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-29 22:07:14.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16295.52 MB
Available physical RAM: 11376.21 MB
Total Virtual: 18727.52 MB
Available Virtual: 12854.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.44 GB) (Free:115.22 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:931.51 GB) (Free:611.86 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59C3683A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 59C36822)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

  • 0

#4
zep516
Posted 12 August 2016 - 09:49 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
I see the problem and we will fix it.

Do you use a proxy ?

ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550


Please answer.

I'll make a fix list for you that you download give me a bit more time
  • 0

#5
agamer7809
Posted 12 August 2016 - 11:00 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

I see the problem and we will fix it.

Do you use a proxy ?

ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550


Please answer.

I'll make a fix list for you that you download give me a bit more time

 

Apparently I do?  Although I don't know why I have one. 


  • 0

#6
zep516
Posted 12 August 2016 - 11:27 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

It looks like Malware to me. You would know if you used a proxy because you would have set it yourself. I'm including it in the fix.

Download the enclosed => file.Attached File  fixlist.txt   2.76KB   210 downloads Save it in the location FRST64 is.C:\Users\Alex\Downloads Run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is,C:\Users\Alex\Downloads (Fixlog.txt). Please post it to your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log

  • 0

#7
agamer7809
Posted 13 August 2016 - 04:04 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here is the fixlog.tx :
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Alex (2016-08-13 17:47:30) Run:1
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\sbciCprt54.dll
Task: {39376A87-E01B-46F0-9D71-D768DC86AAA7} - \SessionAgent -> No File <==== ATTENTION
ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
SearchScopes: HKU\S-1-5-21-482574108-2876646391-2450146034-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
S3 C450CB54; \??\C:\ProgramData\00097215_tvn [X]
2016-07-18 20:16 - 2016-07-21 19:47 - 00000000 ____D C:\Users\Alex\AppData\Local\YddrPack
2016-07-18 20:16 - 2016-07-21 19:47 - 00000000 ____D C:\Users\Alex\AppData\Local\Oqdlics
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Uxbgmedia => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39376A87-E01B-46F0-9D71-D768DC86AAA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39376A87-E01B-46F0-9D71-D768DC86AAA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SessionAgent" => key removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C450CB54 => service removed successfully
C:\Users\Alex\AppData\Local\YddrPack => moved successfully
C:\Users\Alex\AppData\Local\Oqdlics => moved successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18202449 B
Java, Flash, Steam htmlcache => 338038081 B
Windows/system/drivers => 25077983 B
Edge => 13870 B
Chrome => 596848395 B
Firefox => 2643639 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 206412 B
Alex => 3075752667 B
 
RecycleBin => 4103 B
EmptyTemp: => 3.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:47:37 ====

 

So I have 2 files from the AdwCleaner so I will post them both hoping they are the same thing : 

 

# AdwCleaner v6.000 - Logfile created 13/08/2016 at 17:56:19
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-13.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Alex - ALEXSPC
# Running from : C:\Users\Alex\Downloads\adwcleaner_6.000.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\Logic Handler
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Logic Handler
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Program Files (x86)\ScreenSnapshotTool
[-] Folder deleted: C:\Program Files (x86)\msrtn32
[-] Folder deleted: C:\Program Files (x86)\cpx
[-] Folder deleted: C:\Program Files (x86)\Get-a-Clip
[-] Folder deleted: C:\uninst
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\.DEFAULT\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\darwendlm
[-] Key deleted: HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: HKU\S-1-5-18\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\darwendlm
[-] Key deleted: HKLM\SOFTWARE\dllpop100
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
 
 
***** [ Web browsers ] *****
 
[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1990 Bytes] - [13/08/2016 17:56:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [2249 Bytes] - [13/08/2016 17:55:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2136 Bytes] ##########


This is the second AdwCleaner log I have : 

# AdwCleaner v6.000 - Logfile created 13/08/2016 at 17:55:39
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-13.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Alex - ALEXSPC
# Running from : C:\Users\Alex\Downloads\adwcleaner_6.000.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\Logic Handler
Folder Found:  C:\ProgramData\Application Data\Logic Handler
Folder Found:  C:\Users\Public\Documents\Guid
Folder Found:  C:\Program Files (x86)\ScreenSnapshotTool
Folder Found:  C:\Program Files (x86)\msrtn32
Folder Found:  C:\Program Files (x86)\cpx
Folder Found:  C:\Program Files (x86)\Get-a-Clip
Folder Found:  C:\uninst
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKU\.DEFAULT\Software\INSTALLPATH\STATUS
Key Found:  HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\darwendlm
Key Found:  HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Key Found:  HKU\S-1-5-18\Software\INSTALLPATH\STATUS
Key Found:  HKCU\Software\darwendlm
Key Found:  HKLM\SOFTWARE\dllpop100
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2097 Bytes] - [13/08/2016 17:55:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2170 Bytes] ##########


Finally here is the JRT.txt log : 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Alex (Administrator) on Sat 08/13/2016 at 18:00:53.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Alex\AppData\Local\{D844EEFF-FD16-8389-9620-A45B4AF25965} (Empty Folder)
Successfully deleted: C:\Users\Alex\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\speedrunnerslog.txt (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-482574108-2876646391-2450146034-1001.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/13/2016 at 18:01:38.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#8
zep516
Posted 13 August 2016 - 04:40 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

You have Malwarebytes installed so you may skip the download part of these instructions.

Open Malwarebytes and do the following:

On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#9
agamer7809
Posted 15 August 2016 - 06:13 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/15/2016
Scan Time: 8:02 PM
Logfile: Maleware Scan Log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.15.10
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343243
Time Elapsed: 6 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.InstallCore, C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\985BC6DE-95A6-B3DE-CBE9-C2FBDD7912CD_1d1f67d2e487ca3, Quarantined, [bcaa5af1a5f51a1c8c9fc0e32cd5e41c], 
Trojan.MalPack.NSIS, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SetCursor.dll, Quarantined, [491dd17a84165adc67aab5037490c33d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
zep516
Posted 15 August 2016 - 06:18 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello agamer7809,

Looking good here.

How is the computer ?
  • 0

#11
agamer7809
Posted 17 August 2016 - 11:42 AM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

It's running as if it was brand spanking new :D Thank you so much for your time and support.  I am definitely coming back to these forums when the time comes!


  • 0

#12
zep516
Posted 17 August 2016 - 06:35 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
We need to remove the tools we used and then close the topic.


The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.



Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#13
agamer7809
Posted 22 August 2016 - 06:29 PM

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
# DelFix v1.013 - Logfile created 22/08/2016 at 20:29:00
# Updated 17/04/2016 by Xplode
# Username : Alex - ALEXSPC
# Operating System : Windows 10 Home  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Alex\Desktop\Addition.txt
Deleted : C:\Users\Alex\Desktop\AdwCleaner[C0] - Shortcut.lnk
Deleted : C:\Users\Alex\Desktop\AdwCleaner[S0] - Shortcut.lnk
Deleted : C:\Users\Alex\Desktop\Fixlog.txt
Deleted : C:\Users\Alex\Desktop\FRST.txt
Deleted : C:\Users\Alex\Desktop\FRST64.exe
Deleted : C:\Users\Alex\Desktop\JRT.txt
Deleted : C:\Users\Alex\Downloads\adwcleaner_6.000.exe
Deleted : C:\Users\Alex\Downloads\JRT.exe
 
~ Cleaning system restore ...
 
Deleted : RP #1 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 | 08/16/2016 18:37:23]
Deleted : RP #2 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 | 08/16/2016 18:37:28]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#14
zep516
Posted 22 August 2016 - 06:34 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Thank- you.

I'll close the topic now.

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP