[agamer7809]

So, about a week ago I started to get this message whenever i boot my pc up and this is what it says:

"The module 'C:\Users\Username\AppData\Local\YddrPack\nlqterdk.dll' failed to load.  

Make sure the binary is sotred at the specified path or debug it to chekc for problems with the binary or dependent .DLL files.   

The specified module could not be found."

 

[Advertisements]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. This includes programs such as KMS for activating illegal copies of Microsoft products. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we?


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[pystryker]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. This includes programs such as KMS for activating illegal copies of Microsoft products. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we?


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[agamer7809]

This is the FRST.txt file

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017

Ran by Alex (administrator) on ALEXSPC (17-02-2017 23:56:51)

Running from D:\Downloads

Loaded Profiles: Alex (Available Profiles: Alex)

Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe

(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe

(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

() C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe

(Electronic Arts) D:\Program Files\Origin\OriginWebHelperService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) D:\Program Files\Steam.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Flux Software LLC) C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Corsair Components, Inc.) D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe

(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-26] (Realtek Semiconductor)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17305208 2016-12-08] (Logitech Inc.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()

HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51928 2017-02-03] (Copyright © 2017 Plays.tv, LLC)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)

HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Steam] => D:\Program Files\steam.exe [2881824 2017-01-18] (Valve Corporation)

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [3970112 2016-11-28] (GOG.com)

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [f.lux] => C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Chromium] => "c:\users\alex\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\nlqterdk.dll <===== ATTENTION

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\MountPoints2: E - "E:\setup.exe" 

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2017-01-17]

ShortcutTarget: Curse.lnk -> C:\Users\Alex\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-30] ()

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-19]

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk [2017-01-16]

ShortcutTarget: NETGEAR A6210 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE (NETGEAR)

GroupPolicy: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.

ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{3a8bb13b-6323-4eb1-851c-10e69e2caf5b}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 173.244.211.97,8.8.8.8

Tcpip\..\Interfaces\{80fe19d2-3f40-431f-ba78-c6175d1cfaad}: [DhcpNameServer] 192.168.1.1

ManualProxies: 1http=127.0.0.1:64550;https=127.0.0.1:64550

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF DefaultProfile: xzezvwlb.default

FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default [2017-02-08]

FF Extension: (All Aboard) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\@all-aboard-v1 [2016-07-26]

FF Extension: (Notification Manager) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\{1ACA5BE8-BFF0-B122-637B-00976A61FF79} [2017-02-08] [not signed]

FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-482574108-2876646391-2450146034-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw

CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="

CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_24_0_0_186.dll => No File

CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]

CHR Extension: (BetterTTV) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-28]

CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-22]

CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-22]

CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-09]

CHR Extension: (uBlock Origin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-10]

CHR Extension: (8 Ball Pool Chat) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmamjkbajpfchgmmmjcffiaoilhnckei [2017-02-09]

CHR Extension: (OP.GG Summoner Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfnoddgekoeiljeaekobnchnedoipgpc [2016-11-25]

CHR Extension: (Google Play Music) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-15]

CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-16]

CHR Extension: (KingsRoad) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2016-06-22]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-15]

CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-31]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]

CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-22]

CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]

CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-01]

CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-09]

CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]

CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]

CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]

CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]

CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]

CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-04]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]

CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]

CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]

CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-11] (Advanced Micro Devices) [File not signed]

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-02-07] ()

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)

S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)

S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [399120 2017-02-15] (EasyAntiCheat Ltd)

S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284224 2016-11-28] (GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-17] (GOG.com)

R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)

R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()

S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [2121736 2017-01-24] (Electronic Arts)

R2 Origin Web Helper Service; D:\Program Files\Origin\OriginWebHelperService.exe [2183696 2017-01-24] (Electronic Arts)

R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-02-03] (Copyright © 2017 Plays.tv, LLC)

R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-19] (Razer Inc.)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()

S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2016-04-05] (Advanced Micro Devices)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmdag.sys [28762648 2017-01-27] (Advanced Micro Devices, Inc.)

R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmpag.sys [530968 2017-01-27] (Advanced Micro Devices, Inc.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)

S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)

R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)

R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)

R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc.)

S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )

R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)

R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)

R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-02-17 23:56 - 2017-02-17 23:56 - 00000000 ____D C:\FRST

2017-02-17 23:54 - 2017-02-17 23:54 - 00543684 _____ C:\WINDOWS\Minidump\021717-6140-01.dmp

2017-02-15 17:07 - 2017-02-15 17:07 - 00543652 _____ C:\WINDOWS\Minidump\021517-8078-01.dmp

2017-02-15 01:38 - 2017-02-15 01:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\EasyAntiCheat

2017-02-15 01:38 - 2017-02-15 01:38 - 00000000 ____D C:\ProgramData\For Honor Data

2017-02-15 01:08 - 2017-02-15 03:32 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\BitTorrent

2017-02-14 12:39 - 2017-02-14 12:40 - 00412612 _____ C:\WINDOWS\Minidump\021417-5984-01.dmp

2017-02-08 21:23 - 2017-02-08 21:23 - 00000000 ____D C:\Users\Alex\.Plays.tv

2017-02-08 21:23 - 2017-02-08 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV

2017-02-08 00:26 - 2017-02-08 17:03 - 00000000 ____D C:\Users\Alex\AppData\Local\Oqdlics

2017-02-08 00:25 - 2017-02-09 13:35 - 00000000 ____D C:\Users\Alex\AppData\Local\YddrPack

2017-02-07 16:34 - 2017-02-07 16:34 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN

2017-02-07 16:34 - 2017-02-07 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings

2017-02-07 16:32 - 2017-02-07 16:32 - 00000000 ____D C:\WINDOWS\LastGood.Tmp

2017-02-07 16:32 - 2017-02-07 16:32 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\AMD

2017-02-07 16:25 - 2017-02-07 16:28 - 34390000 _____ (AMD Inc.) C:\Users\Alex\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170130_64bit.exe

2017-02-07 16:19 - 2017-02-07 16:19 - 00412660 _____ C:\WINDOWS\Minidump\020717-5671-01.dmp

2017-02-07 00:25 - 2017-02-08 00:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Metal.Gear.Solid.V.The.Phantom.Pain-ALI213

2017-02-05 20:12 - 2017-02-05 20:12 - 00543780 _____ C:\WINDOWS\Minidump\020517-6125-01.dmp

2017-02-02 12:12 - 2017-02-02 12:13 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PixelPiracy

2017-02-02 11:45 - 2017-02-02 11:45 - 00323492 _____ C:\WINDOWS\Minidump\020217-6250-01.dmp

2017-02-01 19:02 - 2017-02-01 19:02 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Flying Oak Games

2017-01-31 23:04 - 2017-01-31 23:04 - 00000000 _____ C:\WINDOWS\cd_127

2017-01-31 13:01 - 2017-01-31 13:01 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Pixel Federation

2017-01-31 12:33 - 2017-01-31 12:33 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2017-01-31 02:57 - 2017-01-31 03:07 - 00000000 ____D C:\Program Files (x86)\Watch_Dogs 2

2017-01-31 01:06 - 2017-01-31 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II

2017-01-29 00:14 - 2017-01-29 00:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PowerISO

2017-01-29 00:13 - 2017-01-29 00:13 - 00002329 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk

2017-01-29 00:12 - 2017-01-29 00:12 - 00000596 _____ C:\Users\Public\Desktop\PowerISO.lnk

2017-01-29 00:12 - 2017-01-29 00:12 - 00000258 __RSH C:\ProgramData\ntuser.pol

2017-01-29 00:12 - 2017-01-29 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO

2017-01-29 00:12 - 2016-10-01 19:50 - 00137280 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys

2017-01-29 00:11 - 2017-01-29 00:11 - 03862600 _____ (Power Software Ltd) C:\Users\Alex\Downloads\PowerISO6-x64.exe

2017-01-27 10:21 - 2017-01-27 10:21 - 01016344 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll

2017-01-27 10:21 - 2017-01-27 10:21 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2017-01-27 10:21 - 2017-01-27 10:21 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2017-01-27 10:21 - 2017-01-27 10:21 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll

2017-01-27 00:28 - 2017-01-27 00:28 - 00000000 ____D C:\ProgramData\For Honor

2017-01-26 23:49 - 2017-01-26 23:49 - 00000234 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\For Honor.url

2017-01-26 23:47 - 2017-01-26 23:47 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2017-01-25 21:22 - 2017-01-25 21:22 - 00000000 ____D C:\Users\Alex\AppData\Roaming\RotMG.Production

2017-01-25 20:51 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2017-01-25 20:51 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2017-01-24 18:55 - 2017-01-24 18:55 - 00424748 _____ C:\WINDOWS\Minidump\012417-6328-01.dmp

2017-01-24 13:55 - 2017-01-24 13:55 - 00000000 ____D C:\Users\Alex\.Origin

2017-01-22 22:31 - 2017-01-22 22:31 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Mana Potion Studios

2017-01-21 23:26 - 2017-01-21 23:26 - 00412468 _____ C:\WINDOWS\Minidump\012117-5390-01.dmp

2017-01-20 13:31 - 2017-01-20 13:31 - 00000000 ____D C:\Users\Alex\Documents\Dungeon of the Endless

2017-01-20 13:31 - 2017-01-20 13:31 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\AMPLITUDE Studios

2017-01-19 15:08 - 2017-01-19 15:08 - 01203799 _____ C:\Users\Alex\Downloads\win10_widgets_by_tjmarkham-da8zqdm.rmskin

2017-01-19 14:59 - 2017-01-19 14:59 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk

2017-01-19 14:59 - 2017-01-19 14:59 - 00000000 ____D C:\Users\Alex\Documents\Rainmeter

2017-01-19 14:59 - 2017-01-19 14:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Rainmeter

2017-01-19 14:59 - 2017-01-19 14:59 - 00000000 ____D C:\Program Files\Rainmeter

2017-01-18 02:41 - 2017-01-18 02:41 - 00000000 ____D C:\Users\Alex\Documents\Strife

2017-01-18 02:27 - 2017-01-18 02:39 - 00000000 ____D C:\Users\Alex\Documents\BeamNG.drive

2017-01-18 02:03 - 2017-01-18 02:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BrawlhallaAir

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-02-17 23:56 - 2016-12-18 11:23 - 00004414 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater

2017-02-17 23:55 - 2016-12-18 11:23 - 00003360 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor

2017-02-17 23:55 - 2016-12-16 23:00 - 00000000 ____D C:\Users\Alex\AppData\Local\Personify

2017-02-17 23:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-02-17 23:54 - 2016-10-21 22:30 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job

2017-02-17 23:54 - 2016-10-21 22:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2017-02-17 23:54 - 2016-08-24 22:38 - 00000000 ____D C:\WINDOWS\Minidump

2017-02-17 23:54 - 2016-08-16 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-02-17 23:54 - 2016-08-16 10:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-02-17 23:54 - 2016-06-22 22:57 - 1545466122 _____ C:\WINDOWS\MEMORY.DMP

2017-02-17 23:52 - 2016-06-23 00:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Ubisoft Game Launcher

2017-02-17 20:15 - 2016-06-22 23:03 - 00000000 ____D C:\Program Files (x86)\Overwatch

2017-02-17 20:06 - 2016-07-27 13:02 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net

2017-02-17 19:06 - 2016-06-22 21:27 - 00000000 ____D C:\Program Files (x86)\Battle.net

2017-02-17 18:18 - 2016-08-21 22:37 - 00575528 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys

2017-02-17 16:01 - 2016-07-11 20:48 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2017-02-17 00:47 - 2016-09-11 19:01 - 00000000 ____D C:\Users\Alex\AppData\Roaming\obs-studio

2017-02-16 23:13 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-02-15 21:53 - 2016-06-27 10:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype

2017-02-15 19:34 - 2016-10-21 22:30 - 00003964 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

2017-02-15 17:13 - 2016-08-16 10:21 - 02419250 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-02-15 07:46 - 2016-07-17 18:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BitTorrent

2017-02-15 01:32 - 2016-08-21 22:37 - 00399120 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe

2017-02-14 12:40 - 2016-08-16 10:21 - 00000000 ____D C:\Users\Alex

2017-02-14 12:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr

2017-02-14 01:18 - 2016-06-22 23:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-02-09 23:15 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-02-08 21:23 - 2016-06-22 21:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PlaysTV

2017-02-08 02:04 - 2016-08-19 00:10 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Launcher

2017-02-08 02:03 - 2016-08-19 00:14 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3

2017-02-07 16:32 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF

2017-02-07 16:32 - 2016-06-22 21:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2017-02-07 16:29 - 2017-01-10 12:03 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml

2017-02-07 16:28 - 2015-12-15 05:53 - 00000000 ____D C:\AMD

2017-02-07 00:35 - 2016-08-22 22:50 - 00000000 ____D C:\Users\Alex\Documents\CPY_SAVES

2017-02-06 20:23 - 2016-09-23 12:13 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-02-06 20:23 - 2016-09-23 12:13 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-02-06 20:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2017-02-05 01:03 - 2017-01-07 21:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2017-02-04 12:26 - 2016-09-11 19:01 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk

2017-02-02 12:05 - 2016-06-23 00:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OBS

2017-01-31 23:03 - 2016-08-16 10:20 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin

2017-01-31 23:03 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI

2017-01-29 01:10 - 2016-12-12 21:01 - 00000000 ____D C:\ProgramData\Orbit

2017-01-29 01:10 - 2015-12-15 04:32 - 00000000 ____D C:\Users\Alex\Documents\My Games

2017-01-29 00:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2017-01-29 00:12 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2017-01-28 01:18 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-01-27 10:21 - 2016-12-07 17:32 - 00923160 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll

2017-01-27 10:21 - 2016-11-09 14:37 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll

2017-01-27 10:21 - 2016-11-09 14:37 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll

2017-01-27 10:21 - 2016-10-20 12:22 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll

2017-01-27 10:21 - 2016-08-12 00:07 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 09881112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 07927832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 02501656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 02183704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 01016344 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00854552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00688664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe

2017-01-27 10:21 - 2016-08-12 00:06 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe

2017-01-27 10:21 - 2016-08-12 00:06 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe

2017-01-27 10:21 - 2016-08-12 00:06 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe

2017-01-27 10:21 - 2016-08-12 00:06 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe

2017-01-27 10:21 - 2016-08-12 00:06 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00169496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll

2017-01-27 10:21 - 2016-08-12 00:06 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll

2017-01-27 10:21 - 2016-06-24 15:37 - 00780640 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb

2017-01-27 10:21 - 2016-06-24 15:37 - 00780640 _____ C:\WINDOWS\system32\atiapfxx.blb

2017-01-27 10:21 - 2016-06-24 15:33 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap

2017-01-27 10:21 - 2016-06-24 15:28 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap

2017-01-27 10:21 - 2016-04-05 02:43 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll

2017-01-27 10:21 - 2016-04-05 02:41 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll

2017-01-27 10:21 - 2016-04-05 02:38 - 00540184 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe

2017-01-27 10:21 - 2016-04-05 02:38 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe

2017-01-27 10:21 - 2016-04-05 02:37 - 01356312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll

2017-01-27 10:21 - 2016-04-05 02:27 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll

2017-01-27 10:21 - 2016-04-05 02:27 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll

2017-01-27 10:21 - 2016-04-05 02:26 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll

2017-01-27 10:21 - 2016-04-05 01:46 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json

2017-01-27 10:21 - 2016-04-05 01:46 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json

2017-01-26 23:47 - 2016-06-22 23:00 - 00002360 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-01-26 23:47 - 2015-12-15 05:42 - 00000000 ___RD C:\Users\Alex\OneDrive

2017-01-26 23:44 - 2017-01-12 13:33 - 00000000 ____D C:\Users\Alex\AppData\Local\Verto Analytics

2017-01-26 23:44 - 2016-06-27 10:34 - 00000000 ____D C:\Program Files (x86)\SmartApp

2017-01-26 02:33 - 2016-11-26 16:32 - 00000000 ____D C:\Users\Alex\Documents\The Witcher 3

2017-01-24 15:26 - 2016-08-26 22:35 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Origin

2017-01-24 13:56 - 2016-08-26 22:33 - 00000000 ____D C:\ProgramData\Origin

2017-01-21 12:20 - 2016-11-04 03:47 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2017-01-21 12:20 - 2016-11-04 03:47 - 00000000 ____D C:\ProgramData\Oracle

2017-01-21 12:20 - 2016-11-04 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2017-01-21 12:20 - 2016-11-04 03:47 - 00000000 ____D C:\Program Files (x86)\Java

2017-01-21 12:20 - 2016-09-16 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit

2017-01-19 03:05 - 2017-01-17 02:03 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Curse Client

 

==================== Files in the root of some directories =======

 

2016-06-17 01:54 - 2016-06-17 01:54 - 0000217 _____ () C:\Users\Alex\AppData\Roaming\10-unhinted.conf

2016-06-17 01:54 - 2016-06-17 01:54 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\159 dk orange bl 1.ADO

2016-06-17 01:54 - 2016-06-17 01:54 - 0000303 _____ () C:\Users\Alex\AppData\Roaming\3.png

2016-06-17 01:54 - 2016-06-17 01:54 - 0001283 _____ () C:\Users\Alex\AppData\Roaming\404-1.htm

2016-06-17 01:54 - 2016-06-17 01:54 - 0004365 _____ () C:\Users\Alex\AppData\Roaming\Adobe-CNS1-4

2016-06-17 01:54 - 2016-06-17 01:54 - 0002190 _____ () C:\Users\Alex\AppData\Roaming\annotation.css.xml

2016-06-17 01:54 - 2016-06-17 01:54 - 0000379 _____ () C:\Users\Alex\AppData\Roaming\AsapiLoggerConfig.xml

2016-06-17 01:53 - 2016-06-17 01:53 - 0000027 _____ () C:\Users\Alex\AppData\Roaming\AST4

2016-06-17 01:53 - 2016-06-17 01:53 - 0004205 _____ () C:\Users\Alex\AppData\Roaming\back.png

2016-06-17 01:53 - 2016-06-17 01:53 - 0000430 _____ () C:\Users\Alex\AppData\Roaming\doc_to_epub.xsl

2016-06-17 01:53 - 2016-06-17 01:53 - 0002385 _____ () C:\Users\Alex\AppData\Roaming\dsfksvcsw2k.inf

2016-06-17 01:53 - 2016-06-17 01:53 - 0003749 _____ () C:\Users\Alex\AppData\Roaming\ExampleAWTViewer.java

2016-06-17 01:53 - 2016-06-17 01:53 - 0001194 _____ () C:\Users\Alex\AppData\Roaming\f39.png

2016-06-17 01:53 - 2016-06-17 01:53 - 0001150 _____ () C:\Users\Alex\AppData\Roaming\fast_forward.png

2016-06-17 01:53 - 2016-06-17 01:53 - 0003405 _____ () C:\Users\Alex\AppData\Roaming\finphon.env

2016-06-17 01:53 - 2016-06-17 01:53 - 0000935 _____ () C:\Users\Alex\AppData\Roaming\glossterm.width.xml

2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_fr.csv

2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_jp.csv

2016-06-17 01:52 - 2016-06-17 01:52 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\gray 423 bl soft.ADO

2016-06-26 12:35 - 2016-06-26 12:35 - 0128512 _____ () C:\Users\Alex\AppData\Roaming\Installer.dat

2016-06-26 12:35 - 2016-06-26 12:35 - 0018432 _____ () C:\Users\Alex\AppData\Roaming\Main.dat

2013-11-13 03:00 - 2013-11-13 03:00 - 0049948 _____ () C:\Users\Alex\AppData\Roaming\Plangency.P

2016-12-25 22:46 - 2016-12-25 23:17 - 0003142 _____ () C:\Users\Alex\AppData\Roaming\SpeedRunnersLog.txt

1989-01-27 03:00 - 1989-01-27 03:00 - 0003406 _____ () C:\Users\Alex\AppData\Roaming\Stereophony.t

2016-12-03 21:56 - 2016-12-03 21:56 - 0007605 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg

2016-12-20 23:03 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\Alex\AppData\Local\TroubleshooterConfig.json

2016-06-23 00:12 - 2016-06-23 00:12 - 0000003 _____ () C:\Users\Alex\AppData\Local\updater.log

2016-06-23 00:12 - 2016-08-06 21:17 - 0000424 _____ () C:\Users\Alex\AppData\Local\UserProducts.xml

2016-08-16 10:20 - 2016-08-16 10:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2016-11-04 03:51 - 2016-09-05 03:51 - 0000032 ____R () C:\ProgramData\hash.dat

2016-12-22 01:56 - 2016-12-22 01:56 - 0000016 _____ () C:\ProgramData\mntemp

2017-01-10 12:03 - 2017-02-07 16:29 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml

 

Files to move or delete:

====================

C:\ProgramData\hash.dat

 

 

Some files in TEMP:

====================

2016-10-25 15:08 - 2016-10-25 15:08 - 0013312 _____ () C:\Users\Alex\AppData\Local\Temp\DllFinder.exe

2016-10-25 18:24 - 2016-10-25 18:24 - 0015872 _____ () C:\Users\Alex\AppData\Local\Temp\DllFinder_x64.exe

2017-01-21 12:19 - 2017-01-21 12:19 - 0739904 _____ (Oracle Corporation) C:\Users\Alex\AppData\Local\Temp\jre-8u121-windows-au.exe

2016-11-01 15:45 - 2016-11-01 15:45 - 7194312 _____ (Microsoft Corporation) C:\Users\Alex\AppData\Local\Temp\vcredist_x64.exe

2017-02-08 00:26 - 2017-02-08 00:26 - 2020352 _____ (TODO: <公司名>) C:\Users\Alex\AppData\Local\Temp\yjhkuvi.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-02-12 22:01

 

==================== End of FRST.txt ============================

[agamer7809]

This is the Addition.txt file
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017

Ran by Alex (17-02-2017 23:57:14)

Running from D:\Downloads

Windows 10 Home Version 1607 (X64) (2016-08-16 15:27:57)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-482574108-2876646391-2450146034-500 - Administrator - Disabled)

Alex (S-1-5-21-482574108-2876646391-2450146034-1001 - Administrator - Enabled) => C:\Users\Alex

DefaultAccount (S-1-5-21-482574108-2876646391-2450146034-503 - Limited - Disabled)

Guest (S-1-5-21-482574108-2876646391-2450146034-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden

ACP Application (Version: 2016.0811.0433.30 - Advanced Micro Devices, Inc.) Hidden

Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden

Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden

Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)

Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)

Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)

Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden

AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden

Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)

Besiege (HKLM\...\Steam App 346010) (Version:  - Spiderling Studios)

Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)

BitTorrent (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)

Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)

Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)

Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)

Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization BR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden

Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)

Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)

Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)

Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)

Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)

Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Discord (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)

Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden

Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)

Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)

f.lux (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Flux) (Version:  - )

Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)

Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)

For Honor (HKLM\...\Steam App 304390) (Version:  - Ubisoft Montreal)

ForHonorBETA (HKLM-x32\...\Uplay Install 2184) (Version:  - Ubisoft)

FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)

GD Hardware Scan (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD)

Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)

GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)

Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com)

H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)

IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )

Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)

Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)

Intel® RealSense™ SDK Runtime Gold (x86): Core (x32 Version: 10.0.26.396 - Intel Corporation) Hidden

Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (x32 Version: 10.0.26.396 - Intel Corporation) Hidden

Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (x32 Version: 10.0.26.396 - Intel Corporation) Hidden

Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)

League client alpha (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)

League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)

League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden

Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)

Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)

Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)

Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.1.87.0 - Logitech Europe S.A.)

Logitech Gaming Software 8.89 (HKLM\...\Logitech Gaming Software) (Version: 8.89.68 - Logitech Inc.)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)

Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)

Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)

Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)

Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Middle-earth: Shadow of Mordor (HKLM\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden

Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden

Netbeans with TMC 0.8.18 (HKLM\...\nbi-tmcbeans-1.0.0.0.0) (Version:  - )

NETGEAR A6210 Genie (HKLM-x32\...\InstallShield_{75F86B5E-3DE3-4274-ACCA-28C48FA11612}) (Version: 1.0.0.35 - NETGEAR)

NETGEAR A6210 Genie (x32 Version: 1.0.0.35 - NETGEAR) Hidden

NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)

Oh...Sir! The Insult Simulator (HKLM\...\Steam App 512250) (Version:  - Vile Monarch)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)

Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)

Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)

Personify ChromaCam (remove only) (HKLM-x32\...\Personify ChromaCam) (Version: 1.1.8.8 - Personify, Inc.)

Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version:  - Ndemic Creations)

PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.18.1-r120223-release - Plays.tv, LLC)

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)

PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden

Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)

Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)

Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )

Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)

Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)

Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden

Roslyn Language Services - x86 (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden

ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)

Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)

SmartApp (HKLM-x32\...\{511F70D8-3B63-4B45-AEFE-13728EE4520E}) (Version: 3.2.5 - SmartApp)

Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)

StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden

Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden

The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)

The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version:  - CD PROJEKT RED)

Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.3 - Electronic Arts, Inc.)

Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)

Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)

Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)

TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden

UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)

Unity Web Player (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)

Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)

Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)

VS Update core components (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden

vs_update3notification (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden

Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-6) (Version: 1.0.26.0 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)

WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

XCOM 2 (HKLM\...\Steam App 268500) (Version:  - Firaxis)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-482574108-2876646391-2450146034-1001_Classes\CLSID\{722a84b3-a054-4606-be78-891dd9e35858}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {209783C5-01E2-4A4E-8496-5138EF147B34} - System32\Tasks\{72380271-88CC-44AF-8B13-3E63831FE6CA} => pcalua.exe -a "C:\Program Files (x86)\Bluestacks\BluestacksUninstaller.exe" -c :tmp

Task: {4F7E9507-DF71-47EA-8C33-6E04A8819370} - System32\Tasks\{48E24B94-D2FA-4A14-BC2B-C979A719A2B5} => pcalua.exe -a "d:\program files\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5

Task: {571AB50C-1EC8-4346-A5B6-BFCC11D30F30} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2017-01-26] (Verto Analytics Inc.)

Task: {5DCC4201-0C7C-4870-9BCB-C8AA73B4687E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)

Task: {634F0C50-C7FD-498F-A4A7-4913EA7E2A27} - System32\Tasks\{0AADCEBB-B6A9-43C6-A896-CE3BB8DF55B7} => pcalua.exe -a "d:\mygames\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/8

Task: {6FE1C419-5EA6-4508-86F2-7B3A8EB115E4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-15] (Adobe Systems Incorporated)

Task: {72B52D9E-2EE2-4A54-ACBF-8D7A827C18DE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)

Task: {76267BAC-3588-446B-A943-EF4D66902606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)

Task: {7F1252E4-D377-4294-86FD-FEF4D310E766} - System32\Tasks\{17D16A22-F131-4CD9-BBED-207B24FE040B} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=prometheus --displayname="Overwatch"

Task: {A5CC2E01-13C4-4627-A72D-D5009A414849} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)

Task: {E27A6E0A-28CA-4322-852E-4E9210EDA832} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {FB6029F8-C98D-444A-A798-6DD81335E58B} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2017-01-26] (Verto Analytics Inc.)

Task: {FBCD54B1-CC8F-4F83-83DC-0A3416CAC7E7} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-25] (Advanced Micro Devices, Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-11-04 18:11 - 2015-11-04 18:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2015-09-17 17:42 - 2015-09-17 17:42 - 00192232 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe

2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll

2016-09-14 14:22 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll

2017-01-10 14:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

2017-01-10 14:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2017-01-10 14:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-01-10 14:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll

2017-01-10 14:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll

2017-01-10 14:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2017-01-10 14:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2017-01-10 14:20 - 2016-12-21 01:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll

2017-02-06 20:26 - 2017-02-06 20:26 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2017-02-06 20:26 - 2017-02-06 20:26 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2017-02-06 20:26 - 2017-02-06 20:26 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2017-02-06 20:26 - 2017-02-06 20:26 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 10618760 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyCameoUE.ax

2016-11-04 14:23 - 2016-11-04 14:23 - 19655560 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyApi.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 06355848 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\psyplatform.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 12881800 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\opencv_core310.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 00106888 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_thread-vc120-mt-1_56.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 00025480 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_system-vc120-mt-1_56.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 00122248 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_filesystem-vc120-mt-1_56.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 00056712 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_date_time-vc120-mt-1_56.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 00034696 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_chrono-vc120-mt-1_56.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 00656776 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_log-vc120-mt-1_56.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 38267784 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyML.dll

2016-11-04 14:23 - 2016-11-04 14:23 - 00447368 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_program_options-vc120-mt-1_56.dll

2017-02-06 20:23 - 2017-02-01 04:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

2017-02-06 20:23 - 2017-02-01 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

2016-12-08 15:47 - 2016-12-08 15:47 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

2016-12-08 15:47 - 2016-12-08 15:47 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

2017-02-15 19:34 - 2017-02-15 19:34 - 31178840 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_24_0_0_221.dll

2017-01-01 08:59 - 2017-01-01 08:59 - 00336384 _____ () C:\Program Files\Rainmeter\Plugins\RunCommand.DLL

2017-01-01 08:59 - 2017-01-01 08:59 - 00125952 _____ () C:\Program Files\Rainmeter\Plugins\WiFiStatus.DLL

2017-01-01 08:59 - 2017-01-01 08:59 - 00130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL

2017-01-01 08:59 - 2017-01-01 08:59 - 00136704 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL

2017-01-01 08:59 - 2017-01-01 08:59 - 00096256 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.DLL

2017-01-01 09:00 - 2017-01-01 09:00 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL

2017-02-03 19:07 - 2017-02-03 19:07 - 00033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 00103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 00111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll

2017-02-03 19:07 - 2017-02-03 19:07 - 00041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 00405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll

2017-02-03 19:07 - 2017-02-03 19:07 - 00173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 01934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 01780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 00505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd

2017-02-03 19:07 - 2017-02-03 19:07 - 03812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd

2017-01-24 13:55 - 2017-01-24 13:55 - 02493440 _____ () D:\Program Files\Origin\libGLESv2.dll

2017-01-19 23:59 - 2016-12-23 13:28 - 00657184 _____ () D:\Program Files\SDL2.dll

2016-10-16 16:11 - 2016-08-31 20:02 - 04969248 _____ () D:\Program Files\v8.dll

2017-01-19 23:59 - 2017-01-18 20:30 - 02327840 _____ () D:\Program Files\video.dll

2016-10-16 16:10 - 2016-01-27 02:49 - 02549760 _____ () D:\Program Files\libavcodec-56.dll

2016-10-16 16:10 - 2016-01-27 02:49 - 00491008 _____ () D:\Program Files\libavformat-56.dll

2016-10-16 16:10 - 2016-01-27 02:49 - 00332800 _____ () D:\Program Files\libavresample-2.dll

2016-10-16 16:10 - 2016-01-27 02:49 - 00442880 _____ () D:\Program Files\libavutil-54.dll

2016-10-16 16:10 - 2016-01-27 02:49 - 00485888 _____ () D:\Program Files\libswscale-3.dll

2016-10-16 16:10 - 2016-08-31 20:02 - 01563936 _____ () D:\Program Files\icui18n.dll

2016-10-16 16:10 - 2016-08-31 20:02 - 01195296 _____ () D:\Program Files\icuuc.dll

2017-01-19 23:59 - 2017-01-18 20:30 - 00838432 _____ () D:\Program Files\bin\chromehtml.DLL

2016-05-27 13:59 - 2016-05-27 13:59 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\A6210\Ralink.dll

2016-03-23 10:04 - 2016-03-23 10:04 - 00091136 _____ () D:\Program Files\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll

2016-03-23 10:02 - 2016-03-23 10:02 - 00224256 _____ () D:\Program Files\Corsair\Corsair Utility Engine\quazip.dll

2016-03-23 10:02 - 2016-03-23 10:02 - 00200704 _____ () D:\Program Files\Corsair\Corsair Utility Engine\lua52.dll

2017-01-19 23:59 - 2017-01-04 22:12 - 68813088 _____ () D:\Program Files\bin\cef\cef.win7\libcef.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Alex:Heroes & Generals [38]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-10-30 02:24 - 2016-08-13 16:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\Services: UI0Detect => 3

HKLM\...\StartupApproved\Run32: => "PlaysTV"

HKLM\...\StartupApproved\Run32: => "Raptr"

HKLM\...\StartupApproved\Run32: => "Razer Synapse"

HKLM\...\StartupApproved\Run32: => "Lightshot"

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "BlueStacks Agent"

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Discord"

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "GalaxyClient"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{7C0704A1-D58A-4021-8E3A-51379704204E}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe

FirewallRules: [{1F0E3D8E-564A-483B-BC9C-5B0C54885A2F}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe

FirewallRules: [{1CCCC589-15E6-4049-BECD-78249F465FC4}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{65E48A8E-AA8A-40BF-B5A1-55D6A098A58B}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [UDP Query User{9F4325B5-D02A-4483-91D0-5EC10DFC8B4E}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [TCP Query User{53AEB4F6-BED8-4F8B-88BA-8DCB202E9A29}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [{DBC74ABE-470A-4F9E-845A-EBB02995EA9C}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe

FirewallRules: [{05058520-6CA9-4835-BAE9-E2F05083B1E1}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe

FirewallRules: [UDP Query User{D26B4CBB-3919-44D3-91CB-9A10D2DEAA9A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

FirewallRules: [TCP Query User{B1AB9472-439F-4043-9572-451E25157900}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

FirewallRules: [UDP Query User{D7C8AB7B-7D41-4A12-9DBD-F75642190927}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe

FirewallRules: [TCP Query User{3440BF39-FF11-4DD4-9430-646CD02849E8}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe

FirewallRules: [{1A8AE1FD-480E-46FD-8D18-A7F9383A9D9C}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe

FirewallRules: [{710AD082-CCE0-4BA5-975D-2A6079A9EE06}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe

FirewallRules: [UDP Query User{997199BA-C68E-4917-913C-0AB4C860EB18}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{6432A5AF-7C9D-43FA-986D-1F0655C81307}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

FirewallRules: [{9949C6E6-6E28-4266-8911-1D95BF514AB3}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe

FirewallRules: [{2C34A8CE-5C63-427C-82B4-FE0A6C2AC285}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe

FirewallRules: [{3B7CBB59-A35E-4FDD-B8EE-52A0B21ECFEB}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe

FirewallRules: [{B854A948-8B81-4E01-BC62-CACE71DBDB47}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe

FirewallRules: [UDP Query User{363E62CA-8251-4F17-B611-4FEE8154C13C}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe

FirewallRules: [TCP Query User{5A73C8AC-796E-450B-B49A-8EF51391CB53}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe

FirewallRules: [UDP Query User{81642C3F-1818-436C-B794-C362C9336226}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe

FirewallRules: [TCP Query User{9A5921FE-A72C-483F-AB34-9DF49B5D205D}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe

FirewallRules: [UDP Query User{A5A7998A-531C-433A-9517-84A3A6D9DBA3}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe

FirewallRules: [TCP Query User{43F6FB40-43BB-45D4-B311-073229C3E646}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe

FirewallRules: [{F8FA1393-795D-4AA8-93D7-9DEDD2A96CC9}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe

FirewallRules: [{89C63A50-D4D9-4749-802E-CC37975BA183}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe

FirewallRules: [UDP Query User{15178F20-B741-4595-8706-71B3109CAAA8}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [TCP Query User{DFBE9F09-A34E-4F2A-A32D-2BAAF3036928}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [UDP Query User{3F6206DA-F60B-488D-B77F-42CCC05C0FF3}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe

FirewallRules: [TCP Query User{F90643C9-214B-4B64-B83E-5955D08EFABE}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe

FirewallRules: [{5FCBA658-F134-43D3-8749-A1D7CD2E43B1}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{4B4649A6-8BAC-40D0-9DB9-0DE4CB9D42C3}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{1E0FE48B-2D75-41CB-822D-9EB9F07D02AA}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{1423BF4C-23D8-47D4-86EE-A59486EDE905}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{DEA6E8E0-0E9D-45B0-B60F-948EEA5B9423}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{A840BD21-C554-4096-A815-761DA30984ED}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [UDP Query User{6EFFB89E-9052-40AA-97B6-C9EDCF6922FF}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe

FirewallRules: [TCP Query User{11F09761-93E2-4CD6-AC69-1B345548F5DD}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe

FirewallRules: [UDP Query User{123E48FC-FF7C-4630-B553-8BC55F875E3C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [TCP Query User{04BDC280-8B25-4DDF-8C9D-F1DA25995260}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{51EE83C2-799F-4956-A0FE-665EBA3732D3}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe

FirewallRules: [{0F17E784-9FBF-473A-BB61-7CA7DA5FEC8D}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe

FirewallRules: [{95FA5F07-84C8-41E0-A96E-4363A4D6A9D5}] => (Allow) D:\Program Files\Common7\IDE\devenv.exe

FirewallRules: [{9C2D7E88-990C-4F95-AF62-F2B27E9B3CCF}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{1E1EAAA6-9F72-44CA-A622-9ABFDE8BDE0C}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{E6170835-893A-4C71-8D54-C62CE5818BC7}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{1EEF1C58-36AA-4E37-973F-DE5E084036F6}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{3BE52819-47BA-48A3-88CF-5794CA833FA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{7D6BDA0A-7615-43A8-AB79-6003B3A15303}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe

FirewallRules: [{8053B95C-D354-48BB-BE1F-13D51294EC36}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe

FirewallRules: [UDP Query User{F1036AB9-80D3-4247-9972-662524568B80}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [TCP Query User{5C79A667-496E-4E53-8871-5596B8775263}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [{795974DE-55F4-423D-B661-4A89FCA927B3}] => (Allow) D:\Program Files\bin\steamwebhelper.exe

FirewallRules: [{46A8F05A-D583-4C15-A9EC-1AFCA3B20344}] => (Allow) D:\Program Files\bin\steamwebhelper.exe

FirewallRules: [{0EB782BD-70F3-4847-B4A2-58C58FFE54C2}] => (Allow) D:\Program Files\Steam.exe

FirewallRules: [{E666E68B-CBAF-474F-956E-B678ACCA2BEE}] => (Allow) D:\Program Files\Steam.exe

FirewallRules: [UDP Query User{109544A9-56C8-4CF4-8899-0660C345CD8F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [TCP Query User{F3821F34-CC6E-4E36-80EB-7DBE3B27408B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [TCP Query User{5245E333-5589-4EED-8425-9E6EA60D8D09}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe

FirewallRules: [UDP Query User{AA50E546-1D2A-482C-940D-41D3E56E665F}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe

FirewallRules: [{20F81835-530C-4AFE-B76B-2B4DD3B9FE9D}] => (Allow) D:\Program Files\steamapps\common\Dead by Daylight\DeadByDaylight.exe

FirewallRules: [{5503E2C5-AC91-45C4-8CB3-3F71CA997258}] => (Allow) D:\Program Files\steamapps\common\Dead by Daylight\DeadByDaylight.exe

FirewallRules: [TCP Query User{0F5B3ADF-9183-444B-B85A-25A5B56EDDDB}D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe

FirewallRules: [UDP Query User{8DCD5CE5-99D9-4D1E-A799-15C367974E73}D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe

FirewallRules: [TCP Query User{DE625E71-85B3-40C5-919C-2671D7B7479A}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{1E02A506-E1F4-4A1B-B255-B8466ADD76BD}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

FirewallRules: [{CF2D9881-F072-469D-BADE-06BE3FC0D8FB}] => (Allow) D:\Program Files\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{A52CC80E-91C3-456E-BB10-A59394F3A131}] => (Allow) D:\Program Files\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{0C7E4714-D67E-4BB2-8DD1-D69F4CF2C4DC}] => (Allow) D:\Program Files\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe

FirewallRules: [{EA46D325-5F27-4D0F-AD53-977B9267C7D6}] => (Allow) D:\Program Files\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe

FirewallRules: [TCP Query User{5FFFAF0F-BFD6-48EB-8701-DF60A37591CD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [UDP Query User{E2C04F09-FB43-4473-A012-0C4F579FE3F6}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [TCP Query User{9F3A6F25-E17D-4493-A3E2-8A2D88E98913}D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe

FirewallRules: [UDP Query User{820D28AD-0666-48E6-AD78-AACCF36952EE}D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe

FirewallRules: [{87E16974-42F1-48D8-A3F8-90591E05BF32}] => (Allow) D:\Program Files\steamapps\common\Besiege\Besiege.exe

FirewallRules: [{713BF6B3-5861-420F-ADB0-09E68B377E0B}] => (Allow) D:\Program Files\steamapps\common\Besiege\Besiege.exe

FirewallRules: [TCP Query User{0BE46364-F121-4EE6-A047-E80387C185D1}D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{FB1345CC-49F4-48F3-88E6-889080FFEDFC}D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{6423A8F1-0F05-438E-8CB4-F99EB01B9C50}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{304E691B-2C99-4C63-BCFB-D786050FC1D6}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe

FirewallRules: [{C1AE42E1-1BEA-4497-857B-89D85DFD1F3F}] => (Allow) D:\Program Files\firefox.exe

FirewallRules: [{6E99E329-7CC6-4B39-BA9F-06B8417EE55D}] => (Allow) D:\Program Files\firefox.exe

FirewallRules: [{408E9F7B-8E22-4B5D-BAA5-7470A060AE8A}] => (Allow) D:\Program Files\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe

FirewallRules: [{17C318AB-AB5C-4B33-8988-C5AD40325A21}] => (Allow) D:\Program Files\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe

FirewallRules: [{568608E3-C2BA-483A-89B6-382FB1526D9B}] => (Allow) D:\Program Files\steamapps\common\Torchlight II\ModLauncher.exe

FirewallRules: [{76E786BC-4BBF-487F-A62B-C762E591F2D7}] => (Allow) D:\Program Files\steamapps\common\Torchlight II\ModLauncher.exe

FirewallRules: [TCP Query User{CF5CDE4D-3E82-48E9-A319-9573155F8661}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe

FirewallRules: [UDP Query User{1D04FA51-92CD-40ED-8520-E168235CF435}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe

FirewallRules: [{D43CC1D2-4C17-4FF3-9C93-6A4E045AD9EB}] => (Allow) D:\Program Files\steamapps\common\HeroSiege\bin\Hero_Siege.exe

FirewallRules: [{BEA85D24-F17F-4D4F-B0CA-50D722A0C5D4}] => (Allow) D:\Program Files\steamapps\common\HeroSiege\bin\Hero_Siege.exe

FirewallRules: [TCP Query User{3B6D7D56-9885-454B-BCF2-90C6307CFC57}D:\games\mafia iii\launcher.exe] => (Allow) D:\games\mafia iii\launcher.exe

FirewallRules: [UDP Query User{8BD1A5C7-1715-40AE-BBB5-190EA4EB6330}D:\games\mafia iii\launcher.exe] => (Allow) D:\games\mafia iii\launcher.exe

FirewallRules: [TCP Query User{3A5681DE-270D-4C11-98C9-1DA0185F34D1}D:\games\mafia iii\mafia3.exe] => (Allow) D:\games\mafia iii\mafia3.exe

FirewallRules: [UDP Query User{CE0D9238-0F60-49A5-9477-0F18C8489F2C}D:\games\mafia iii\mafia3.exe] => (Allow) D:\games\mafia iii\mafia3.exe

FirewallRules: [TCP Query User{E3A30844-6A11-4F35-826D-F37C2261E8B4}D:\mygames\dreadnought\dreadnoughtlauncher.exe] => (Allow) D:\mygames\dreadnought\dreadnoughtlauncher.exe

FirewallRules: [UDP Query User{BF996F91-76E7-4CC8-A33F-8A05AF56A5D7}D:\mygames\dreadnought\dreadnoughtlauncher.exe] => (Allow) D:\mygames\dreadnought\dreadnoughtlauncher.exe

FirewallRules: [TCP Query User{BC886EEB-6AA5-475F-9F27-ADCEB2361F84}D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe

FirewallRules: [UDP Query User{97B941A3-FB45-4E4E-9F8A-1832DBD9D8CC}D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe

FirewallRules: [{546EAED9-8710-4E93-ACEF-FD6998A4D704}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [{F8FD505F-B305-4A32-91BB-77F9F13726C8}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [{3B163A2E-995C-4267-BF31-90241C69315B}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe

FirewallRules: [{EB79317C-1E48-40E8-8536-73FE693168F4}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe

FirewallRules: [TCP Query User{B794F121-3D72-44B1-A9B1-7FC0F4ACB4AD}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe

FirewallRules: [UDP Query User{19190C39-6AD7-482F-8C41-26A2CBAD0022}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe

FirewallRules: [{4BB69660-D87A-4349-B2BB-4ADA764666C4}] => (Allow) D:\Program Files\steamapps\common\ShellShock Live\ShellShockLive.exe

FirewallRules: [{3FD6506F-7F29-43FA-85DF-48578B9FFF8D}] => (Allow) D:\Program Files\steamapps\common\ShellShock Live\ShellShockLive.exe

FirewallRules: [TCP Query User{AC6A2911-2869-41A8-B72E-ADCAC86CD563}D:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\games\cloud imperium games\patcher\cigpatcher.exe

FirewallRules: [UDP Query User{238F7DFC-0A5D-4C81-81C9-81E9E7175BFB}D:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\games\cloud imperium games\patcher\cigpatcher.exe

FirewallRules: [{F4617028-9AD7-4CB3-9B89-06B0515D1296}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe

FirewallRules: [{4FF8A6D7-27E4-4E66-9912-A9305898D03C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe

FirewallRules: [{10F420C4-121D-44FB-9503-042DEDFD31EA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe

FirewallRules: [{14956C60-4E70-4A07-9CF9-8ADC4E97D8AD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe

FirewallRules: [{FC65AB8F-BD1D-49BE-B8DB-29380CE246F1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

FirewallRules: [{0CDF9934-E2C0-4F8C-8083-6B45380A9024}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

FirewallRules: [{2321E578-FD0C-4940-9D32-BB9CBBA34AF7}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe

FirewallRules: [{4E0C9E57-B77C-4C12-8D39-44837FAC6123}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe

FirewallRules: [{0C5B13CD-189A-4E49-881F-7F68CEDB8A90}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe

FirewallRules: [{D73BBE80-7276-45D4-98F2-1E3673391138}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe

FirewallRules: [TCP Query User{C4F393B7-4E97-4662-AF94-7EC504822E06}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe

FirewallRules: [UDP Query User{5192318F-FA11-4305-952B-89FAE8A381D8}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe

FirewallRules: [{0CE808DA-66A5-4E73-8C4B-03FF0380EFC1}] => (Allow) D:\Program Files\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe

FirewallRules: [{BC884C10-5B82-4C6E-89DC-3CE70BC4181C}] => (Allow) D:\Program Files\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe

FirewallRules: [TCP Query User{530B3057-BC01-4EBD-8FB5-29D659D76A3B}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{FE3F37FA-0C79-4E71-932A-45EB5F1226B7}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe

FirewallRules: [{70E13AAD-7D6C-4E5E-AFD3-726E3FCC38B0}] => (Allow) D:\Program Files\steamapps\common\Oh...Sir! The Insult Simulator\ohsir.exe

FirewallRules: [{E69D5173-F73B-4371-95C0-71EA3F88201A}] => (Allow) D:\Program Files\steamapps\common\Oh...Sir! The Insult Simulator\ohsir.exe

FirewallRules: [{44073D58-C698-443A-AB94-C9C3D745F8A1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry Primal\bin\FCPrimal.exe

FirewallRules: [TCP Query User{4C7E99D3-A41C-464B-8C3C-A82CF3F8B83D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [UDP Query User{14E00438-05D4-46D6-88D9-13FD06202B22}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [TCP Query User{4C33C44A-E4D0-4216-8A58-B6A2CB07B7FA}D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe

FirewallRules: [UDP Query User{033F163D-4A90-430D-81C0-B746DCE60F73}D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe

FirewallRules: [TCP Query User{932386BB-04AE-4C2F-BDCF-C183621E063C}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{78191ABF-2BBB-4D5B-AB11-2497767BBA2E}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{1DBEB7AF-433E-4122-A780-F913BBA3C3D7}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe

FirewallRules: [UDP Query User{58DD19A8-A0BF-4FDF-BF77-819100BBD4B1}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe

FirewallRules: [{4E9E0DE6-DF58-4402-91AD-6497A5630C15}] => (Allow) D:\Program Files\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [{B0F87A21-75C0-4FB1-9E25-F0F4477EE152}] => (Allow) D:\Program Files\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe

FirewallRules: [TCP Query User{B4F9536B-925C-4BDC-9758-1B64E2EBB042}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{46BDC1E0-F746-477F-9956-2E59884985FA}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe

FirewallRules: [{D5FC2307-7DAB-4222-8257-14AFAC83A926}] => (Allow) D:\Program Files\steamapps\common\The Witcher 3\bin\x64\witcher3.exe

FirewallRules: [{98313921-E751-4C53-A2EC-5541A3E7BCCB}] => (Allow) D:\Program Files\steamapps\common\The Witcher 3\bin\x64\witcher3.exe

FirewallRules: [{DF3408F1-CAE1-41FA-B103-890C4D73C9F2}] => (Allow) D:\Program Files\steamapps\common\PlagueInc\PlagueIncEvolved.exe

FirewallRules: [{27A1D7EB-0C04-4293-B877-4D36B16CFCDA}] => (Allow) D:\Program Files\steamapps\common\PlagueInc\PlagueIncEvolved.exe

FirewallRules: [{0319FA43-E27E-4E5C-B4BF-43EA26E12E62}] => (Allow) D:\Program Files\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [{3A085136-CFE1-496A-919E-81FCCAC0D9F1}] => (Allow) D:\Program Files\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe

FirewallRules: [{30A19C67-1229-4BCD-A593-62CC46EADEEC}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe

FirewallRules: [{83158AF5-C609-4F21-B69C-353DFEB7A266}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe

FirewallRules: [{E3DA5D27-36A8-46B0-A715-C165CAAAE950}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe

FirewallRules: [{621DA289-E055-4CB0-8170-2D0D4B13A6AE}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe

FirewallRules: [{5EA3797F-ED14-456B-ABD8-66F325B3E27F}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe

FirewallRules: [{9F7CEC21-DDC2-4851-A145-54F0785787E5}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe

FirewallRules: [{51DDDF8E-6BAF-4492-BFAD-968B40B646E0}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe

FirewallRules: [{1D14DC8D-1AED-4E0F-8A39-9293678180B1}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe

FirewallRules: [TCP Query User{D0FBC86C-E07F-4F8C-9044-E89D6076E61A}D:\mygames\hearthstone\hearthstone.exe] => (Allow) D:\mygames\hearthstone\hearthstone.exe

FirewallRules: [UDP Query User{BDC716C1-45EE-497C-BDE2-455CA553386F}D:\mygames\hearthstone\hearthstone.exe] => (Allow) D:\mygames\hearthstone\hearthstone.exe

FirewallRules: [{0B26197B-239A-4C2C-95B7-27FBB25D2B7F}] => (Allow) D:\Program Files\steamapps\common\Path of Exile\PathOfExileSteam.exe

FirewallRules: [{0544A184-951F-464E-935C-3DD6D41B2749}] => (Allow) D:\Program Files\steamapps\common\Path of Exile\PathOfExileSteam.exe

FirewallRules: [{AB5C49BC-7D55-4025-8387-EBDA95F32401}] => (Allow) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{E9BFA106-8469-4EA6-A8B3-9FC0CB91CEC4}] => (Allow) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{B07BAFFD-1CA7-4921-AF4A-D23BC6A98A7D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe

FirewallRules: [{CDDB549E-F691-4FB2-A9F7-59AE6C46F4AC}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe

FirewallRules: [{0ED88236-0F3E-4067-905A-7B3332CDE67D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe

FirewallRules: [{8784C72F-2CAE-4665-B460-67D592707E7D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe

FirewallRules: [{1F72A3F3-1C10-4A5F-AF24-7CDD6BCCE559}] => (Allow) D:\Program Files\steamapps\common\SNOW\Bin64\playSNOW.exe

FirewallRules: [{3097DBB8-F9BB-4C56-9539-695703EF8F27}] => (Allow) D:\Program Files\steamapps\common\SNOW\Bin64\playSNOW.exe

FirewallRules: [TCP Query User{E1F8E471-16D9-4BD4-907A-F2E2FFBBD734}D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe] => (Allow) D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe

FirewallRules: [UDP Query User{AFA06608-B254-4010-B36C-E222E180AC87}D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe] => (Allow) D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe

FirewallRules: [TCP Query User{787D83F7-1DB3-40B3-971C-1399392EE1C4}C:\program files (x86)\obs\obs.exe] => (Allow) C:\program files (x86)\obs\obs.exe

FirewallRules: [UDP Query User{38B1A61F-62C7-474F-B3FB-998091535E7A}C:\program files (x86)\obs\obs.exe] => (Allow) C:\program files (x86)\obs\obs.exe

FirewallRules: [{46677828-6604-47D8-8410-848E84B23E74}] => (Allow) D:\Program Files\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [{A1EDC62A-0B07-4008-BA09-EBF254422F61}] => (Allow) D:\Program Files\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [TCP Query User{6F7CE1A4-0BA3-4743-8DF0-8BB7EDB44A8F}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe

FirewallRules: [UDP Query User{C5462689-206C-49CD-B06A-3033BACF5FF0}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe

FirewallRules: [{5F1C904B-259D-4BF6-8943-18DF302ADADF}] => (Allow) D:\Program Files\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe

FirewallRules: [{45F6EABF-B7DB-4235-ABDE-75A1EAD05D54}] => (Allow) D:\Program Files\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe

FirewallRules: [TCP Query User{56C2260A-3C24-4661-8F5D-6CF3CEA2205D}D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [UDP Query User{0E681B7C-9573-4393-A180-3AD76192DBCC}D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe

FirewallRules: [TCP Query User{8E46FF36-342C-492A-A901-72BB2E48D262}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe

FirewallRules: [UDP Query User{4F3BD096-B971-4BBC-A2F4-E0B74E99B209}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe

FirewallRules: [TCP Query User{83D1641D-D5D4-43CB-895F-073BDD083196}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe

FirewallRules: [UDP Query User{88F9E578-A8C0-4090-B642-5A6A5E5E98C5}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe

FirewallRules: [{BB0FECEE-9B40-4C25-A914-B311185FD1C4}] => (Allow) D:\Program Files\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe

FirewallRules: [{B31C72A1-A369-4950-8C0F-42C67DB7639F}] => (Allow) D:\Program Files\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe

FirewallRules: [{1FA6AA1F-40F6-4B01-8FEC-2CA41AC040E0}] => (Allow) D:\Program Files\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{F882544F-639E-4DDA-81F2-D913CF725C24}] => (Allow) D:\Program Files\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{2CCA8D6A-8093-46B2-B2A5-EA3FFFBA7B55}] => (Allow) D:\Program Files\steamapps\common\Clicker Heroes\Clicker Heroes.exe

FirewallRules: [{2167CE76-84B6-49F7-BFBD-0F928FA6D286}] => (Allow) D:\Program Files\steamapps\common\Clicker Heroes\Clicker Heroes.exe

FirewallRules: [TCP Query User{E2C1A28E-916D-4A5E-94E4-773508CE3EAF}D:\program files\steamapps\common\artofwar\game\u1game.exe] => (Allow) D:\program files\steamapps\common\artofwar\game\u1game.exe

FirewallRules: [UDP Query User{AD562972-D1C1-433F-8839-BEE22BDFFB38}D:\program files\steamapps\common\artofwar\game\u1game.exe] => (Allow) D:\program files\steamapps\common\artofwar\game\u1game.exe

FirewallRules: [{97B89324-C406-4F9D-83B9-A51C6B1C96E3}] => (Allow) D:\Program Files\steamapps\common\strife\bin\strife.exe

FirewallRules: [{9975367C-5C07-47DA-A8D0-C0ABB390D147}] => (Allow) D:\Program Files\steamapps\common\strife\bin\strife.exe

FirewallRules: [{735DE04A-790D-4FBE-A1C1-D66E380DF372}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{44B5FD61-DC8E-49D1-A8AD-3B14E3387CB2}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{BF04F192-9E7C-40EF-A52F-AA03984DE57A}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{FEDF7FD7-07A3-4578-AFF7-D14E992FD874}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{0C64BA5D-A38D-45CC-9A91-E98D9445D179}] => (Allow) D:\Program Files\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{828AD62B-4685-43FF-A0EB-B864C1AB18E9}] => (Allow) D:\Program Files\steamapps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{30791891-8890-43C5-8F33-9E12FC8016BA}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{D4A98DAE-086C-4105-AB0A-B7CFFF9D0D14}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{4966FFE6-9ABF-4644-A1D4-4CC6E374372E}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned_BE.exe

FirewallRules: [{AA6E322C-0598-409D-B209-51760DF1E3D2}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned_BE.exe

FirewallRules: [{E02EA610-8830-49B0-801F-985F76D62B6A}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{76D07510-6E75-44B5-9D32-AFAF2E5CF728}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned.exe

FirewallRules: [TCP Query User{5CD4B408-E280-495B-A66E-52A0C32B81E6}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe

FirewallRules: [UDP Query User{26710EEE-3ADD-4850-8CDA-CD45CC90BB44}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe

FirewallRules: [{CB1BD3C8-9261-4689-832A-1E4A646BE075}] => (Allow) C:\Users\Alex\AppData\Local\Chromium\Application\chrome.exe

FirewallRules: [TCP Query User{54AB7627-7EA3-4CC6-9288-C8B194742D93}D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe] => (Allow) D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe

FirewallRules: [UDP Query User{378D9DE6-1208-41AF-BDF0-780A411F81E6}D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe] => (Allow) D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe

FirewallRules: [{1D1C4217-CABD-4D24-87B8-474C9F56FF50}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{59ED376E-8919-4ED6-AF9F-3744324438DB}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe

FirewallRules: [UDP Query User{6892DD58-706E-469D-ACE7-46FB5CACB6B9}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe

FirewallRules: [{186FB69E-91B6-452C-AFA5-8D7AD4B14836}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency_BE.exe

FirewallRules: [{0CDD6A89-0253-4D2E-8D2C-329FE2712724}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency_BE.exe

FirewallRules: [{A841513D-E2BE-482E-854D-03987A0F6943}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

FirewallRules: [{E1163190-ACE6-486B-8F3C-ED4246DD402E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

FirewallRules: [TCP Query User{C9074CE8-3909-410B-8A1C-42235BD5D26A}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{8D8D75AA-FAFE-4435-833B-9B2B696F0957}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe

FirewallRules: [{B888F033-59E8-475E-B376-35123CC978FB}] => (Allow) D:\Program Files\steamapps\common\For Honor\forhonor.exe

FirewallRules: [{EFD8C446-57A7-4A6F-81B8-1DEFA2A2E8B8}] => (Allow) D:\Program Files\steamapps\common\For Honor\forhonor.exe

FirewallRules: [{9BE10B0C-0026-40D2-832B-58990EDB5A6F}] => (Allow) D:\Program Files\steamapps\common\DarkestDungeon\_windows\Darkest.exe

FirewallRules: [{D24DE78E-B577-4C35-B2B5-A8260BCE6B83}] => (Allow) D:\Program Files\steamapps\common\DarkestDungeon\_windows\Darkest.exe

FirewallRules: [TCP Query User{E73400D9-ECC4-406A-90F8-AA65F2B5E7B8}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{4E4C620D-CB9B-4EF0-AD81-D976B4DCE6DB}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe

 

==================== Restore Points =========================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/17/2017 11:54:10 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (02/17/2017 03:50:02 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (02/17/2017 10:14:14 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (02/17/2017 10:14:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 56.0.2924.87, time stamp: 0x58916e12

Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f

Exception code: 0xc000000d

Fault offset: 0x00000000000ff44c

Faulting process id: 0x1c80

Faulting application start time: 0x01d289300137ef3b

Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: f0089e3d-0b7c-4768-bfe7-5e2510e0df9c

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (02/17/2017 10:10:28 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (02/17/2017 03:25:03 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )

Description: Event-ID 0

 

Error: (02/17/2017 03:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 56.0.2924.87, time stamp: 0x58916e12

Faulting module name: boost_thread-vc120-mt-1_56.dll, version: 0.0.0.0, time stamp: 0x54a184de

Exception code: 0xc0000005

Fault offset: 0x000000000000b2e3

Faulting process id: 0x20c0

Faulting application start time: 0x01d288d3c826c69a

Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Faulting module path: C:\Program Files (x86)\Personify\ChromaCam\64\boost_thread-vc120-mt-1_56.dll

Report Id: 76eabbd6-5653-4fb2-9299-b707e634c84b

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (02/17/2017 03:24:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 56.0.2924.87, time stamp: 0x58916e12

Faulting module name: boost_log-vc120-mt-1_56.dll, version: 0.0.0.0, time stamp: 0x54a1850a

Exception code: 0xc0000005

Fault offset: 0x0000000000006ec1

Faulting process id: 0x20c0

Faulting application start time: 0x01d288d3c826c69a

Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Faulting module path: C:\Program Files (x86)\Personify\ChromaCam\64\boost_log-vc120-mt-1_56.dll

Report Id: cde3c47b-b63a-423a-b298-62f3e3f774ca

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (02/17/2017 12:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x587fbba8

Faulting module name: boost_log-vc120-mt-1_56.dll, version: 0.0.0.0, time stamp: 0x54a1850a

Exception code: 0xc0000005

Fault offset: 0x0000000000006ec1

Faulting process id: 0xa1c

Faulting application start time: 0x01d288d4d7bf5db3

Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe

Faulting module path: C:\Program Files (x86)\Personify\ChromaCam\64\boost_log-vc120-mt-1_56.dll

Report Id: c6cbb979-decb-4415-857e-e6489e25f34c

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (02/16/2017 11:10:14 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )

Description: Event-ID 0

 

 

System errors:

=============

Error: (02/17/2017 11:55:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

 and APPID 

{F72671A9-012C-4725-9D2F-2A4D32D65169}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (02/17/2017 11:54:10 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000012b (0xffffffffc00002c4, 0x000000000000068a, 0x0000000023a13cf0, 0xffffd700ad101000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: fdfd7713-ccf1-46be-846e-a11eb52689c9.

 

Error: (02/17/2017 11:54:09 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:00:17 PM on ‎2/‎17/‎2017 was unexpected.

 

Error: (02/17/2017 10:14:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (02/17/2017 03:25:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (02/16/2017 03:29:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (02/16/2017 03:13:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (02/15/2017 05:10:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

 and APPID 

{F72671A9-012C-4725-9D2F-2A4D32D65169}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (02/15/2017 05:07:10 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000012b (0xffffffffc00002c4, 0x0000000000000b95, 0x0000000012100980, 0xffffdd806b271000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 53ff7eca-cf42-466a-82cc-b25083a29466.

 

Error: (02/15/2017 05:07:09 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:01:12 AM on ‎2/‎15/‎2017 was unexpected.

 

 

CodeIntegrity:

===================================

  Date: 2016-10-14 05:58:33.702

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-10-14 05:58:33.687

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-10-13 22:57:46.451

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-10-13 22:57:46.434

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz

Percentage of memory in use: 21%

Total physical RAM: 16295.52 MB

Available physical RAM: 12771.09 MB

Total Virtual: 18727.52 MB

Available Virtual: 14775.92 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:232.44 GB) (Free:62.23 GB) NTFS

Drive d: (System Reserved) (Fixed) (Total:931.51 GB) (Free:253.79 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59C3683A)

Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 59C36822)

Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

 

==================== End of Addition.txt ============================

[pystryker]

Hello

 

One question before we begin:  Are you knowingly running a proxy on your machine?

[agamer7809]

I do not believe I am.  

[pystryker]

I do not believe I am.

Hello Thank you for your response. This should eliminate the error you are getting upon startup.

Step 1: P2P Warning

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST

Notice: Before running this step, please move FRST64.exe from D:\Downloads to the Desktop or the fix will not work. All tools must be run from the Desktop.

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\nlqterdk.dll <===== ATTENTION
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\MountPoints2: E - "E:\setup.exe"
GroupPolicy: Restriction <======= ATTENTION
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
C:\Users\Alex\AppData\Local\YddrPack
C:\ProgramData\hash.dat
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
RemoveProxy:
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
• Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
• Please Check the following options:
  • Reset Proxy Settings
  • Reset Winsock Settings
  • Reset TCP/IP Settings
  • Reset Firewall Settings
  • Reset IPSec Settings
  • Reset BITS Queue
  • Reset Internet Explorer Policies
  • Reset Chrome Policies
• Close any open windows or browsers.
• Pause your Anti-Virus program if it is running.
• Once it starts, click on the Scan button.
• Let the scan complete itself. This may take a few minutes.
• Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
  This report is also saved at C:\Adwcleaner

Step 5: Fresh FRST Scans

• Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
• FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

[pystryker]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[pystryker]

User returned.

[agamer7809]

This is the fixlist log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01

Ran by Alex (24-02-2017 10:37:30) Run:1

Running from C:\Users\Alex\Desktop

Loaded Profiles: Alex (Available Profiles: Alex)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\nlqterdk.dll <===== ATTENTION

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\MountPoints2: E - "E:\setup.exe"

GroupPolicy: Restriction <======= ATTENTION

CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw

CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="

C:\Users\Alex\AppData\Local\YddrPack

C:\ProgramData\hash.dat

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state on

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

RemoveProxy:

Emptytemp:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Uxbgmedia => value removed successfully

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key removed successfully

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

Chrome HomePage => removed successfully

Chrome StartupUrls => removed successfully

C:\Users\Alex\AppData\Local\YddrPack => moved successfully

C:\ProgramData\hash.dat => moved successfully

 

========= netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

========= netsh advfirewall set allprofiles state on =========

 

Ok.

 

 

========= End of CMD: =========

 

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

========= bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

0 out of 0 jobs canceled.

 

========= End of CMD: =========

 

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 1933348 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 106322654 B

Java, Flash, Steam htmlcache => 159977033 B

Windows/system/drivers => 203676960 B

Edge => 147616 B

Chrome => 817684364 B

Firefox => 0 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Default => 6656 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 128 B

systemprofile32 => 128 B

LocalService => 1044480 B

NetworkService => 770616 B

Alex => 830363695 B

 

RecycleBin => 417036032 B

EmptyTemp: => 2.4 GB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 10:37:58 ====

[pystryker]

Hello

Please follow the remaining steps, post the logs, and we will continue.

[pystryker]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[pystryker]

User returned.

Please run steps 3, 4, and 5 and post the logs and we'll continue.

[agamer7809]

this is the JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.0 (12.05.2016)

Operating System: Windows 10 Home x64 

Ran by Alex (Administrator) on Fri 02/24/2017 at 10:41:28.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 2 

 

Successfully deleted: C:\ProgramData\mntemp (File) 

Successfully deleted: C:\Users\Alex\AppData\Roaming\speedrunnerslog.txt (File) 

 

 

 

Registry: 0 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/24/2017 at 10:42:26.63

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[agamer7809]

Here is the AdwCleaner log

# AdwCleaner v6.044 - Logfile created 08/03/2017 at 16:15:30

# Updated on 28/02/2017 by Malwarebytes

# Database : 2017-03-07.1 [Server]

# Operating System : Windows 10 Home  (X64)

# Username : Alex - ALEXSPC

# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

 

 

 

***** [ Services ] *****

 

 

 

***** [ Folders ] *****

 

 

 

***** [ Files ] *****

 

[-] File deleted: C:\Users\Alex\AppData\Roaming\Installer.dat

[-] File deleted: C:\Users\Alex\AppData\Roaming\Main.dat

 

 

***** [ DLL ] *****

 

 

 

***** [ WMI ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Registry ] *****

 

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

 

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV=

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com

 

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

:: Proxy settings cleared

:: TCP/IP settings cleared

:: Firewall rules cleared

:: IPSec settings cleared

:: BITS queue cleared

:: IE policies deleted

:: Chrome policies deleted

 

*************************

 

C:\AdwCleaner\AdwCleaner[C0].txt - [4384 Bytes] - [08/03/2017 16:15:30]

C:\AdwCleaner\AdwCleaner[S0].txt - [3711 Bytes] - [08/03/2017 16:14:27]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4530 Bytes] ##########