Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 The module...failed to load. [Solved]


  • This topic is locked This topic is locked

#1
agamer7809

agamer7809

    Member

  • Member
  • PipPip
  • 36 posts

So, about a week ago I started to get this message whenever i boot my pc up and this is what it says:

"The module 'C:\Users\Username\AppData\Local\YddrPack\nlqterdk.dll' failed to load.  

Make sure the binary is sotred at the specified path or debug it to chekc for problems with the binary or dependent .DLL files.   

The specified module could not be found."

 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. This includes programs such as KMS for activating illegal copies of Microsoft products. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we? :thumbsup:


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
agamer7809

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
This is the FRST.txt file

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017
Ran by Alex (administrator) on ALEXSPC (17-02-2017 23:56:51)
Running from D:\Downloads
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
(Electronic Arts) D:\Program Files\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verto Analytics Inc.) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Flux Software LLC) C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Corsair Components, Inc.) D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-26] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17305208 2016-12-08] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51928 2017-02-03] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Steam] => D:\Program Files\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [3970112 2016-11-28] (GOG.com)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [f.lux] => C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Chromium] => "c:\users\alex\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\nlqterdk.dll <===== ATTENTION
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\MountPoints2: E - "E:\setup.exe" 
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2017-01-17]
ShortcutTarget: Curse.lnk -> C:\Users\Alex\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-30] ()
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk [2017-01-16]
ShortcutTarget: NETGEAR A6210 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE (NETGEAR)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-482574108-2876646391-2450146034-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-482574108-2876646391-2450146034-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0efaab83-d67b-48ad-8f6c-a73e40ad1d2a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a8bb13b-6323-4eb1-851c-10e69e2caf5b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 173.244.211.97,8.8.8.8
Tcpip\..\Interfaces\{80fe19d2-3f40-431f-ba78-c6175d1cfaad}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:64550;https=127.0.0.1:64550
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-19c53ff0
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-19c53ff0&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: xzezvwlb.default
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default [2017-02-08]
FF Extension: (All Aboard) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\@all-aboard-v1 [2016-07-26]
FF Extension: (Notification Manager) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xzezvwlb.default\Extensions\{1ACA5BE8-BFF0-B122-637B-00976A61FF79} [2017-02-08] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-482574108-2876646391-2450146034-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_24_0_0_186.dll => No File
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]
CHR Extension: (BetterTTV) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-07-28]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-22]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-22]
CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-09]
CHR Extension: (uBlock Origin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-10]
CHR Extension: (8 Ball Pool Chat) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmamjkbajpfchgmmmjcffiaoilhnckei [2017-02-09]
CHR Extension: (OP.GG Summoner Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfnoddgekoeiljeaekobnchnedoipgpc [2016-11-25]
CHR Extension: (Google Play Music) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-15]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-16]
CHR Extension: (KingsRoad) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2016-06-22]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-01]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-09]
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-11] (Advanced Micro Devices) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1486344 2017-02-07] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [399120 2017-02-15] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284224 2016-11-28] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-17] (GOG.com)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()
S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [2121736 2017-01-24] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files\Origin\OriginWebHelperService.exe [2183696 2017-01-24] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-02-03] (Copyright © 2017 Plays.tv, LLC)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-19] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-06-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2016-04-05] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmdag.sys [28762648 2017-01-27] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0310791.inf_amd64_1a41492ddaa53f63\atikmpag.sys [530968 2017-01-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-12-08] (Logitech Inc.)
S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 23:56 - 2017-02-17 23:56 - 00000000 ____D C:\FRST
2017-02-17 23:54 - 2017-02-17 23:54 - 00543684 _____ C:\WINDOWS\Minidump\021717-6140-01.dmp
2017-02-15 17:07 - 2017-02-15 17:07 - 00543652 _____ C:\WINDOWS\Minidump\021517-8078-01.dmp
2017-02-15 01:38 - 2017-02-15 01:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\EasyAntiCheat
2017-02-15 01:38 - 2017-02-15 01:38 - 00000000 ____D C:\ProgramData\For Honor Data
2017-02-15 01:08 - 2017-02-15 03:32 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\BitTorrent
2017-02-14 12:39 - 2017-02-14 12:40 - 00412612 _____ C:\WINDOWS\Minidump\021417-5984-01.dmp
2017-02-08 21:23 - 2017-02-08 21:23 - 00000000 ____D C:\Users\Alex\.Plays.tv
2017-02-08 21:23 - 2017-02-08 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2017-02-08 00:26 - 2017-02-08 17:03 - 00000000 ____D C:\Users\Alex\AppData\Local\Oqdlics
2017-02-08 00:25 - 2017-02-09 13:35 - 00000000 ____D C:\Users\Alex\AppData\Local\YddrPack
2017-02-07 16:34 - 2017-02-07 16:34 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-02-07 16:34 - 2017-02-07 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-02-07 16:32 - 2017-02-07 16:32 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-07 16:32 - 2017-02-07 16:32 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\AMD
2017-02-07 16:25 - 2017-02-07 16:28 - 34390000 _____ (AMD Inc.) C:\Users\Alex\Downloads\radeon-crimson-relive-17.1.2-minimalsetup-170130_64bit.exe
2017-02-07 16:19 - 2017-02-07 16:19 - 00412660 _____ C:\WINDOWS\Minidump\020717-5671-01.dmp
2017-02-07 00:25 - 2017-02-08 00:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Metal.Gear.Solid.V.The.Phantom.Pain-ALI213
2017-02-05 20:12 - 2017-02-05 20:12 - 00543780 _____ C:\WINDOWS\Minidump\020517-6125-01.dmp
2017-02-02 12:12 - 2017-02-02 12:13 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PixelPiracy
2017-02-02 11:45 - 2017-02-02 11:45 - 00323492 _____ C:\WINDOWS\Minidump\020217-6250-01.dmp
2017-02-01 19:02 - 2017-02-01 19:02 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Flying Oak Games
2017-01-31 23:04 - 2017-01-31 23:04 - 00000000 _____ C:\WINDOWS\cd_127
2017-01-31 13:01 - 2017-01-31 13:01 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Pixel Federation
2017-01-31 12:33 - 2017-01-31 12:33 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-31 02:57 - 2017-01-31 03:07 - 00000000 ____D C:\Program Files (x86)\Watch_Dogs 2
2017-01-31 01:06 - 2017-01-31 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2017-01-29 00:14 - 2017-01-29 00:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PowerISO
2017-01-29 00:13 - 2017-01-29 00:13 - 00002329 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-01-29 00:12 - 2017-01-29 00:12 - 00000596 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-01-29 00:12 - 2017-01-29 00:12 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-29 00:12 - 2017-01-29 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-01-29 00:12 - 2016-10-01 19:50 - 00137280 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2017-01-29 00:11 - 2017-01-29 00:11 - 03862600 _____ (Power Software Ltd) C:\Users\Alex\Downloads\PowerISO6-x64.exe
2017-01-27 10:21 - 2017-01-27 10:21 - 01016344 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-01-27 10:21 - 2017-01-27 10:21 - 00121880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-01-27 10:21 - 2017-01-27 10:21 - 00112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-01-27 10:21 - 2017-01-27 10:21 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-01-27 00:28 - 2017-01-27 00:28 - 00000000 ____D C:\ProgramData\For Honor
2017-01-26 23:49 - 2017-01-26 23:49 - 00000234 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\For Honor.url
2017-01-26 23:47 - 2017-01-26 23:47 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-25 21:22 - 2017-01-25 21:22 - 00000000 ____D C:\Users\Alex\AppData\Roaming\RotMG.Production
2017-01-25 20:51 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 20:51 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 18:55 - 2017-01-24 18:55 - 00424748 _____ C:\WINDOWS\Minidump\012417-6328-01.dmp
2017-01-24 13:55 - 2017-01-24 13:55 - 00000000 ____D C:\Users\Alex\.Origin
2017-01-22 22:31 - 2017-01-22 22:31 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Mana Potion Studios
2017-01-21 23:26 - 2017-01-21 23:26 - 00412468 _____ C:\WINDOWS\Minidump\012117-5390-01.dmp
2017-01-20 13:31 - 2017-01-20 13:31 - 00000000 ____D C:\Users\Alex\Documents\Dungeon of the Endless
2017-01-20 13:31 - 2017-01-20 13:31 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\AMPLITUDE Studios
2017-01-19 15:08 - 2017-01-19 15:08 - 01203799 _____ C:\Users\Alex\Downloads\win10_widgets_by_tjmarkham-da8zqdm.rmskin
2017-01-19 14:59 - 2017-01-19 14:59 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2017-01-19 14:59 - 2017-01-19 14:59 - 00000000 ____D C:\Users\Alex\Documents\Rainmeter
2017-01-19 14:59 - 2017-01-19 14:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Rainmeter
2017-01-19 14:59 - 2017-01-19 14:59 - 00000000 ____D C:\Program Files\Rainmeter
2017-01-18 02:41 - 2017-01-18 02:41 - 00000000 ____D C:\Users\Alex\Documents\Strife
2017-01-18 02:27 - 2017-01-18 02:39 - 00000000 ____D C:\Users\Alex\Documents\BeamNG.drive
2017-01-18 02:03 - 2017-01-18 02:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BrawlhallaAir
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 23:56 - 2016-12-18 11:23 - 00004414 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2017-02-17 23:55 - 2016-12-18 11:23 - 00003360 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2017-02-17 23:55 - 2016-12-16 23:00 - 00000000 ____D C:\Users\Alex\AppData\Local\Personify
2017-02-17 23:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-17 23:54 - 2016-10-21 22:30 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-17 23:54 - 2016-10-21 22:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-17 23:54 - 2016-08-24 22:38 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-17 23:54 - 2016-08-16 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 23:54 - 2016-08-16 10:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 23:54 - 2016-06-22 22:57 - 1545466122 _____ C:\WINDOWS\MEMORY.DMP
2017-02-17 23:52 - 2016-06-23 00:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Ubisoft Game Launcher
2017-02-17 20:15 - 2016-06-22 23:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-02-17 20:06 - 2016-07-27 13:02 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net
2017-02-17 19:06 - 2016-06-22 21:27 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-17 18:18 - 2016-08-21 22:37 - 00575528 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-17 16:01 - 2016-07-11 20:48 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-02-17 00:47 - 2016-09-11 19:01 - 00000000 ____D C:\Users\Alex\AppData\Roaming\obs-studio
2017-02-16 23:13 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 21:53 - 2016-06-27 10:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2017-02-15 19:34 - 2016-10-21 22:30 - 00003964 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 19:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 17:13 - 2016-08-16 10:21 - 02419250 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 07:46 - 2016-07-17 18:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BitTorrent
2017-02-15 01:32 - 2016-08-21 22:37 - 00399120 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-02-14 12:40 - 2016-08-16 10:21 - 00000000 ____D C:\Users\Alex
2017-02-14 12:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-14 01:18 - 2016-06-22 23:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-09 23:15 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-08 21:23 - 2016-06-22 21:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PlaysTV
2017-02-08 02:04 - 2016-08-19 00:10 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Launcher
2017-02-08 02:03 - 2016-08-19 00:14 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3
2017-02-07 16:32 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-07 16:32 - 2016-06-22 21:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-07 16:29 - 2017-01-10 12:03 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-02-07 16:28 - 2015-12-15 05:53 - 00000000 ____D C:\AMD
2017-02-07 00:35 - 2016-08-22 22:50 - 00000000 ____D C:\Users\Alex\Documents\CPY_SAVES
2017-02-06 20:23 - 2016-09-23 12:13 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:23 - 2016-09-23 12:13 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 20:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-05 01:03 - 2017-01-07 21:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-04 12:26 - 2016-09-11 19:01 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-02-02 12:05 - 2016-06-23 00:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OBS
2017-01-31 23:03 - 2016-08-16 10:20 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-31 23:03 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-29 01:10 - 2016-12-12 21:01 - 00000000 ____D C:\ProgramData\Orbit
2017-01-29 01:10 - 2015-12-15 04:32 - 00000000 ____D C:\Users\Alex\Documents\My Games
2017-01-29 00:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-29 00:12 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-28 01:18 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-27 10:21 - 2016-12-07 17:32 - 00923160 _____ (AMD) C:\WINDOWS\system32\coinst_16.50.dll
2017-01-27 10:21 - 2016-11-09 14:37 - 00109080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-01-27 10:21 - 2016-11-09 14:37 - 00096792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-01-27 10:21 - 2016-10-20 12:22 - 00069144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00475624 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00152088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00135920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00125560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00120376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00113600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00102672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-01-27 10:21 - 2016-08-12 00:07 - 00098840 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 09881112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 07927832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 02501656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 02183704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 01016344 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00854552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00688664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00411672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-01-27 10:21 - 2016-08-12 00:06 - 00291352 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-01-27 10:21 - 2016-08-12 00:06 - 00284696 _____ C:\WINDOWS\system32\GameManager64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00278552 _____ C:\WINDOWS\system32\clinfo.exe
2017-01-27 10:21 - 2016-08-12 00:06 - 00277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00257560 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00239640 _____ C:\WINDOWS\system32\atieah64.exe
2017-01-27 10:21 - 2016-08-12 00:06 - 00230424 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00217624 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-01-27 10:21 - 2016-08-12 00:06 - 00212504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00185880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00169496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00145944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00144408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00138776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00127000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00119832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00118296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-01-27 10:21 - 2016-08-12 00:06 - 00075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-01-27 10:21 - 2016-06-24 15:37 - 00780640 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-01-27 10:21 - 2016-06-24 15:37 - 00780640 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-01-27 10:21 - 2016-06-24 15:33 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-01-27 10:21 - 2016-06-24 15:28 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-01-27 10:21 - 2016-04-05 02:43 - 00146512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-01-27 10:21 - 2016-04-05 02:41 - 00029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-01-27 10:21 - 2016-04-05 02:38 - 00540184 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-01-27 10:21 - 2016-04-05 02:38 - 00299544 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-01-27 10:21 - 2016-04-05 02:37 - 01356312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-01-27 10:21 - 2016-04-05 02:27 - 00150144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-01-27 10:21 - 2016-04-05 02:27 - 00111128 _____ C:\WINDOWS\system32\atidxx64.dll
2017-01-27 10:21 - 2016-04-05 02:26 - 00249368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-01-27 10:21 - 2016-04-05 01:46 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-01-27 10:21 - 2016-04-05 01:46 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-01-26 23:47 - 2016-06-22 23:00 - 00002360 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 23:47 - 2015-12-15 05:42 - 00000000 ___RD C:\Users\Alex\OneDrive
2017-01-26 23:44 - 2017-01-12 13:33 - 00000000 ____D C:\Users\Alex\AppData\Local\Verto Analytics
2017-01-26 23:44 - 2016-06-27 10:34 - 00000000 ____D C:\Program Files (x86)\SmartApp
2017-01-26 02:33 - 2016-11-26 16:32 - 00000000 ____D C:\Users\Alex\Documents\The Witcher 3
2017-01-24 15:26 - 2016-08-26 22:35 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Origin
2017-01-24 13:56 - 2016-08-26 22:33 - 00000000 ____D C:\ProgramData\Origin
2017-01-21 12:20 - 2016-11-04 03:47 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-21 12:20 - 2016-11-04 03:47 - 00000000 ____D C:\ProgramData\Oracle
2017-01-21 12:20 - 2016-11-04 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-21 12:20 - 2016-11-04 03:47 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-21 12:20 - 2016-09-16 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-19 03:05 - 2017-01-17 02:03 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Curse Client
 
==================== Files in the root of some directories =======
 
2016-06-17 01:54 - 2016-06-17 01:54 - 0000217 _____ () C:\Users\Alex\AppData\Roaming\10-unhinted.conf
2016-06-17 01:54 - 2016-06-17 01:54 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\159 dk orange bl 1.ADO
2016-06-17 01:54 - 2016-06-17 01:54 - 0000303 _____ () C:\Users\Alex\AppData\Roaming\3.png
2016-06-17 01:54 - 2016-06-17 01:54 - 0001283 _____ () C:\Users\Alex\AppData\Roaming\404-1.htm
2016-06-17 01:54 - 2016-06-17 01:54 - 0004365 _____ () C:\Users\Alex\AppData\Roaming\Adobe-CNS1-4
2016-06-17 01:54 - 2016-06-17 01:54 - 0002190 _____ () C:\Users\Alex\AppData\Roaming\annotation.css.xml
2016-06-17 01:54 - 2016-06-17 01:54 - 0000379 _____ () C:\Users\Alex\AppData\Roaming\AsapiLoggerConfig.xml
2016-06-17 01:53 - 2016-06-17 01:53 - 0000027 _____ () C:\Users\Alex\AppData\Roaming\AST4
2016-06-17 01:53 - 2016-06-17 01:53 - 0004205 _____ () C:\Users\Alex\AppData\Roaming\back.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0000430 _____ () C:\Users\Alex\AppData\Roaming\doc_to_epub.xsl
2016-06-17 01:53 - 2016-06-17 01:53 - 0002385 _____ () C:\Users\Alex\AppData\Roaming\dsfksvcsw2k.inf
2016-06-17 01:53 - 2016-06-17 01:53 - 0003749 _____ () C:\Users\Alex\AppData\Roaming\ExampleAWTViewer.java
2016-06-17 01:53 - 2016-06-17 01:53 - 0001194 _____ () C:\Users\Alex\AppData\Roaming\f39.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0001150 _____ () C:\Users\Alex\AppData\Roaming\fast_forward.png
2016-06-17 01:53 - 2016-06-17 01:53 - 0003405 _____ () C:\Users\Alex\AppData\Roaming\finphon.env
2016-06-17 01:53 - 2016-06-17 01:53 - 0000935 _____ () C:\Users\Alex\AppData\Roaming\glossterm.width.xml
2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_fr.csv
2016-06-17 01:52 - 2016-06-17 01:52 - 0000518 _____ () C:\Users\Alex\AppData\Roaming\goURL_lr_photoshop_jp.csv
2016-06-17 01:52 - 2016-06-17 01:52 - 0000524 _____ () C:\Users\Alex\AppData\Roaming\gray 423 bl soft.ADO
2016-06-26 12:35 - 2016-06-26 12:35 - 0128512 _____ () C:\Users\Alex\AppData\Roaming\Installer.dat
2016-06-26 12:35 - 2016-06-26 12:35 - 0018432 _____ () C:\Users\Alex\AppData\Roaming\Main.dat
2013-11-13 03:00 - 2013-11-13 03:00 - 0049948 _____ () C:\Users\Alex\AppData\Roaming\Plangency.P
2016-12-25 22:46 - 2016-12-25 23:17 - 0003142 _____ () C:\Users\Alex\AppData\Roaming\SpeedRunnersLog.txt
1989-01-27 03:00 - 1989-01-27 03:00 - 0003406 _____ () C:\Users\Alex\AppData\Roaming\Stereophony.t
2016-12-03 21:56 - 2016-12-03 21:56 - 0007605 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2016-12-20 23:03 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\Alex\AppData\Local\TroubleshooterConfig.json
2016-06-23 00:12 - 2016-06-23 00:12 - 0000003 _____ () C:\Users\Alex\AppData\Local\updater.log
2016-06-23 00:12 - 2016-08-06 21:17 - 0000424 _____ () C:\Users\Alex\AppData\Local\UserProducts.xml
2016-08-16 10:20 - 2016-08-16 10:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-04 03:51 - 2016-09-05 03:51 - 0000032 ____R () C:\ProgramData\hash.dat
2016-12-22 01:56 - 2016-12-22 01:56 - 0000016 _____ () C:\ProgramData\mntemp
2017-01-10 12:03 - 2017-02-07 16:29 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
2016-10-25 15:08 - 2016-10-25 15:08 - 0013312 _____ () C:\Users\Alex\AppData\Local\Temp\DllFinder.exe
2016-10-25 18:24 - 2016-10-25 18:24 - 0015872 _____ () C:\Users\Alex\AppData\Local\Temp\DllFinder_x64.exe
2017-01-21 12:19 - 2017-01-21 12:19 - 0739904 _____ (Oracle Corporation) C:\Users\Alex\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-01 15:45 - 2016-11-01 15:45 - 7194312 _____ (Microsoft Corporation) C:\Users\Alex\AppData\Local\Temp\vcredist_x64.exe
2017-02-08 00:26 - 2017-02-08 00:26 - 2020352 _____ (TODO: <公司名>) C:\Users\Alex\AppData\Local\Temp\yjhkuvi.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-12 22:01
 
==================== End of FRST.txt ============================

  • 0

#4
agamer7809

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

This is the Addition.txt file
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017
Ran by Alex (17-02-2017 23:57:14)
Running from D:\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-16 15:27:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-482574108-2876646391-2450146034-500 - Administrator - Disabled)
Alex (S-1-5-21-482574108-2876646391-2450146034-1001 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-482574108-2876646391-2450146034-503 - Limited - Disabled)
Guest (S-1-5-21-482574108-2876646391-2450146034-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2016.0321.0955.20 - Advanced Micro Devices, Inc.) Hidden
ACP Application (Version: 2016.0811.0433.30 - Advanced Micro Devices, Inc.) Hidden
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Application Profiles (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
ASTRO Command Center (HKLM-x32\...\{78FAE775-D963-4031-97CC-75D96FF648EB}) (Version: 1.0.121 - Astro Gaming)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Besiege (HKLM\...\Steam App 346010) (Version:  - Spiderling Studios)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
BitTorrent (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0125.1845.33722 - Advanced Micro Devices, Inc.) Hidden
Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Flux) (Version:  - )
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)
For Honor (HKLM\...\Steam App 304390) (Version:  - Ubisoft Montreal)
ForHonorBETA (HKLM-x32\...\Uplay Install 2184) (Version:  - Ubisoft)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
GD Hardware Scan (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (x32 Version: 10.0.26.396 - Intel Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
League client alpha (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.1.87.0 - Logitech Europe S.A.)
Logitech Gaming Software 8.89 (HKLM\...\Logitech Gaming Software) (Version: 8.89.68 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Netbeans with TMC 0.8.18 (HKLM\...\nbi-tmcbeans-1.0.0.0.0) (Version:  - )
NETGEAR A6210 Genie (HKLM-x32\...\InstallShield_{75F86B5E-3DE3-4274-ACCA-28C48FA11612}) (Version: 1.0.0.35 - NETGEAR)
NETGEAR A6210 Genie (x32 Version: 1.0.0.35 - NETGEAR) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Oh...Sir! The Insult Simulator (HKLM\...\Steam App 512250) (Version:  - Vile Monarch)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
Personify ChromaCam (remove only) (HKLM-x32\...\Personify ChromaCam) (Version: 1.1.8.8 - Personify, Inc.)
Plague Inc: Evolved (HKLM\...\Steam App 246620) (Version:  - Ndemic Creations)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.18.1-r120223-release - Plays.tv, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.707 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
ShellShock Live (HKLM\...\Steam App 326460) (Version:  - kChamp Games)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SmartApp (HKLM-x32\...\{511F70D8-3B63-4B45-AEFE-13728EE4520E}) (Version: 3.2.5 - SmartApp)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.3 - Electronic Arts, Inc.)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)
Unity Web Player (HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25421 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-6) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM 2 (HKLM\...\Steam App 268500) (Version:  - Firaxis)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-482574108-2876646391-2450146034-1001_Classes\CLSID\{722a84b3-a054-4606-be78-891dd9e35858}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {209783C5-01E2-4A4E-8496-5138EF147B34} - System32\Tasks\{72380271-88CC-44AF-8B13-3E63831FE6CA} => pcalua.exe -a "C:\Program Files (x86)\Bluestacks\BluestacksUninstaller.exe" -c :tmp
Task: {4F7E9507-DF71-47EA-8C33-6E04A8819370} - System32\Tasks\{48E24B94-D2FA-4A14-BC2B-C979A719A2B5} => pcalua.exe -a "d:\program files\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/5
Task: {571AB50C-1EC8-4346-A5B6-BFCC11D30F30} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2017-01-26] (Verto Analytics Inc.)
Task: {5DCC4201-0C7C-4870-9BCB-C8AA73B4687E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {634F0C50-C7FD-498F-A4A7-4913EA7E2A27} - System32\Tasks\{0AADCEBB-B6A9-43C6-A896-CE3BB8DF55B7} => pcalua.exe -a "d:\mygames\bethesda.net launcher\bethesdanetlauncher.exe" -c bethesdanet://uninstall/8
Task: {6FE1C419-5EA6-4508-86F2-7B3A8EB115E4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {72B52D9E-2EE2-4A54-ACBF-8D7A827C18DE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {76267BAC-3588-446B-A943-EF4D66902606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {7F1252E4-D377-4294-86FD-FEF4D310E766} - System32\Tasks\{17D16A22-F131-4CD9-BBED-207B24FE040B} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=prometheus --displayname="Overwatch"
Task: {A5CC2E01-13C4-4627-A72D-D5009A414849} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {E27A6E0A-28CA-4322-852E-4E9210EDA832} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {FB6029F8-C98D-444A-A798-6DD81335E58B} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2017-01-26] (Verto Analytics Inc.)
Task: {FBCD54B1-CC8F-4F83-83DC-0A3416CAC7E7} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-25] (Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-04 18:11 - 2015-11-04 18:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-09-17 17:42 - 2015-09-17 17:42 - 00192232 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
2016-12-14 16:50 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-14 14:22 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 14:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 14:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 14:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 14:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-10 14:20 - 2016-12-21 01:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-02-06 20:26 - 2017-02-06 20:26 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 20:26 - 2017-02-06 20:26 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 20:26 - 2017-02-06 20:26 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:26 - 2017-02-06 20:26 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 10618760 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyCameoUE.ax
2016-11-04 14:23 - 2016-11-04 14:23 - 19655560 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyApi.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 06355848 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\psyplatform.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 12881800 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\opencv_core310.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00106888 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_thread-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00025480 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_system-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00122248 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_filesystem-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00056712 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_date_time-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00034696 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_chrono-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00656776 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_log-vc120-mt-1_56.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 38267784 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\PersonifyML.dll
2016-11-04 14:23 - 2016-11-04 14:23 - 00447368 _____ () C:\Program Files (x86)\Personify\ChromaCam\64\boost_program_options-vc120-mt-1_56.dll
2017-02-06 20:23 - 2017-02-01 04:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 20:23 - 2017-02-01 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-12-08 15:47 - 2016-12-08 15:47 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-12-08 15:47 - 2016-12-08 15:47 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-02-15 19:34 - 2017-02-15 19:34 - 31178840 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_24_0_0_221.dll
2017-01-01 08:59 - 2017-01-01 08:59 - 00336384 _____ () C:\Program Files\Rainmeter\Plugins\RunCommand.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00125952 _____ () C:\Program Files\Rainmeter\Plugins\WiFiStatus.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00136704 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2017-01-01 08:59 - 2017-01-01 08:59 - 00096256 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.DLL
2017-01-01 09:00 - 2017-01-01 09:00 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2017-02-03 19:07 - 2017-02-03 19:07 - 00033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 00103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 00111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-02-03 19:07 - 2017-02-03 19:07 - 00041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 00405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-02-03 19:07 - 2017-02-03 19:07 - 00173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 01934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 01780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 00505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-02-03 19:07 - 2017-02-03 19:07 - 03812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2017-01-24 13:55 - 2017-01-24 13:55 - 02493440 _____ () D:\Program Files\Origin\libGLESv2.dll
2017-01-19 23:59 - 2016-12-23 13:28 - 00657184 _____ () D:\Program Files\SDL2.dll
2016-10-16 16:11 - 2016-08-31 20:02 - 04969248 _____ () D:\Program Files\v8.dll
2017-01-19 23:59 - 2017-01-18 20:30 - 02327840 _____ () D:\Program Files\video.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 02549760 _____ () D:\Program Files\libavcodec-56.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00491008 _____ () D:\Program Files\libavformat-56.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00332800 _____ () D:\Program Files\libavresample-2.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00442880 _____ () D:\Program Files\libavutil-54.dll
2016-10-16 16:10 - 2016-01-27 02:49 - 00485888 _____ () D:\Program Files\libswscale-3.dll
2016-10-16 16:10 - 2016-08-31 20:02 - 01563936 _____ () D:\Program Files\icui18n.dll
2016-10-16 16:10 - 2016-08-31 20:02 - 01195296 _____ () D:\Program Files\icuuc.dll
2017-01-19 23:59 - 2017-01-18 20:30 - 00838432 _____ () D:\Program Files\bin\chromehtml.DLL
2016-05-27 13:59 - 2016-05-27 13:59 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\A6210\Ralink.dll
2016-03-23 10:04 - 2016-03-23 10:04 - 00091136 _____ () D:\Program Files\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00224256 _____ () D:\Program Files\Corsair\Corsair Utility Engine\quazip.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00200704 _____ () D:\Program Files\Corsair\Corsair Utility Engine\lua52.dll
2017-01-19 23:59 - 2017-01-04 22:12 - 68813088 _____ () D:\Program Files\bin\cef\cef.win7\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Alex:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2016-08-13 16:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: UI0Detect => 3
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\StartupApproved\Run: => "GalaxyClient"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7C0704A1-D58A-4021-8E3A-51379704204E}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{1F0E3D8E-564A-483B-BC9C-5B0C54885A2F}] => (Allow) D:\Program Files\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{1CCCC589-15E6-4049-BECD-78249F465FC4}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{65E48A8E-AA8A-40BF-B5A1-55D6A098A58B}] => (Allow) D:\Program Files\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [UDP Query User{9F4325B5-D02A-4483-91D0-5EC10DFC8B4E}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{53AEB4F6-BED8-4F8B-88BA-8DCB202E9A29}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [{DBC74ABE-470A-4F9E-845A-EBB02995EA9C}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{05058520-6CA9-4835-BAE9-E2F05083B1E1}] => (Allow) D:\Program Files\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [UDP Query User{D26B4CBB-3919-44D3-91CB-9A10D2DEAA9A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{B1AB9472-439F-4043-9572-451E25157900}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D7C8AB7B-7D41-4A12-9DBD-F75642190927}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe
FirewallRules: [TCP Query User{3440BF39-FF11-4DD4-9430-646CD02849E8}C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe] => (Allow) C:\users\alex\appdata\local\pokemon\app-0.1.5\pokemon go live map.exe
FirewallRules: [{1A8AE1FD-480E-46FD-8D18-A7F9383A9D9C}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{710AD082-CCE0-4BA5-975D-2A6079A9EE06}] => (Allow) D:\Program Files\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [UDP Query User{997199BA-C68E-4917-913C-0AB4C860EB18}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6432A5AF-7C9D-43FA-986D-1F0655C81307}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{9949C6E6-6E28-4266-8911-1D95BF514AB3}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{2C34A8CE-5C63-427C-82B4-FE0A6C2AC285}] => (Allow) C:\Program Files (x86)\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{3B7CBB59-A35E-4FDD-B8EE-52A0B21ECFEB}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{B854A948-8B81-4E01-BC62-CACE71DBDB47}] => (Allow) D:\Program Files\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [UDP Query User{363E62CA-8251-4F17-B611-4FEE8154C13C}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{5A73C8AC-796E-450B-B49A-8EF51391CB53}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{81642C3F-1818-436C-B794-C362C9336226}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [TCP Query User{9A5921FE-A72C-483F-AB34-9DF49B5D205D}D:\program files\steamapps\common\shatteredskies\shatteredskies.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\shatteredskies.exe
FirewallRules: [UDP Query User{A5A7998A-531C-433A-9517-84A3A6D9DBA3}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe
FirewallRules: [TCP Query User{43F6FB40-43BB-45D4-B311-073229C3E646}D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe] => (Allow) D:\program files\steamapps\common\shatteredskies\launcher.exe.new.exe
FirewallRules: [{F8FA1393-795D-4AA8-93D7-9DEDD2A96CC9}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{89C63A50-D4D9-4749-802E-CC37975BA183}] => (Allow) D:\Program Files\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [UDP Query User{15178F20-B741-4595-8706-71B3109CAAA8}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{DFBE9F09-A34E-4F2A-A32D-2BAAF3036928}D:\program files\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{3F6206DA-F60B-488D-B77F-42CCC05C0FF3}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{F90643C9-214B-4B64-B83E-5955D08EFABE}D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\r.g. catalyst\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{5FCBA658-F134-43D3-8749-A1D7CD2E43B1}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4B4649A6-8BAC-40D0-9DB9-0DE4CB9D42C3}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1E0FE48B-2D75-41CB-822D-9EB9F07D02AA}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1423BF4C-23D8-47D4-86EE-A59486EDE905}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DEA6E8E0-0E9D-45B0-B60F-948EEA5B9423}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A840BD21-C554-4096-A815-761DA30984ED}] => (Allow) C:\Users\Alex\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{6EFFB89E-9052-40AA-97B6-C9EDCF6922FF}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [TCP Query User{11F09761-93E2-4CD6-AC69-1B345548F5DD}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{123E48FC-FF7C-4630-B553-8BC55F875E3C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{04BDC280-8B25-4DDF-8C9D-F1DA25995260}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{51EE83C2-799F-4956-A0FE-665EBA3732D3}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{0F17E784-9FBF-473A-BB61-7CA7DA5FEC8D}] => (Allow) D:\Program Files\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{95FA5F07-84C8-41E0-A96E-4363A4D6A9D5}] => (Allow) D:\Program Files\Common7\IDE\devenv.exe
FirewallRules: [{9C2D7E88-990C-4F95-AF62-F2B27E9B3CCF}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1E1EAAA6-9F72-44CA-A622-9ABFDE8BDE0C}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E6170835-893A-4C71-8D54-C62CE5818BC7}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1EEF1C58-36AA-4E37-973F-DE5E084036F6}] => (Allow) D:\Program Files\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3BE52819-47BA-48A3-88CF-5794CA833FA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7D6BDA0A-7615-43A8-AB79-6003B3A15303}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{8053B95C-D354-48BB-BE1F-13D51294EC36}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [UDP Query User{F1036AB9-80D3-4247-9972-662524568B80}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{5C79A667-496E-4E53-8871-5596B8775263}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{795974DE-55F4-423D-B661-4A89FCA927B3}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
FirewallRules: [{46A8F05A-D583-4C15-A9EC-1AFCA3B20344}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
FirewallRules: [{0EB782BD-70F3-4847-B4A2-58C58FFE54C2}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{E666E68B-CBAF-474F-956E-B678ACCA2BEE}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [UDP Query User{109544A9-56C8-4CF4-8899-0660C345CD8F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F3821F34-CC6E-4E36-80EB-7DBE3B27408B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{5245E333-5589-4EED-8425-9E6EA60D8D09}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{AA50E546-1D2A-482C-940D-41D3E56E665F}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe
FirewallRules: [{20F81835-530C-4AFE-B76B-2B4DD3B9FE9D}] => (Allow) D:\Program Files\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{5503E2C5-AC91-45C4-8CB3-3F71CA997258}] => (Allow) D:\Program Files\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{0F5B3ADF-9183-444B-B85A-25A5B56EDDDB}D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{8DCD5CE5-99D9-4D1E-A799-15C367974E73}D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\program files\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{DE625E71-85B3-40C5-919C-2671D7B7479A}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1E02A506-E1F4-4A1B-B255-B8466ADD76BD}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{CF2D9881-F072-469D-BADE-06BE3FC0D8FB}] => (Allow) D:\Program Files\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{A52CC80E-91C3-456E-BB10-A59394F3A131}] => (Allow) D:\Program Files\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{0C7E4714-D67E-4BB2-8DD1-D69F4CF2C4DC}] => (Allow) D:\Program Files\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{EA46D325-5F27-4D0F-AD53-977B9267C7D6}] => (Allow) D:\Program Files\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [TCP Query User{5FFFAF0F-BFD6-48EB-8701-DF60A37591CD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{E2C04F09-FB43-4473-A012-0C4F579FE3F6}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9F3A6F25-E17D-4493-A3E2-8A2D88E98913}D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{820D28AD-0666-48E6-AD78-AACCF36952EE}D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\program files\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{87E16974-42F1-48D8-A3F8-90591E05BF32}] => (Allow) D:\Program Files\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{713BF6B3-5861-420F-ADB0-09E68B377E0B}] => (Allow) D:\Program Files\steamapps\common\Besiege\Besiege.exe
FirewallRules: [TCP Query User{0BE46364-F121-4EE6-A047-E80387C185D1}D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FB1345CC-49F4-48F3-88E6-889080FFEDFC}D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6423A8F1-0F05-438E-8CB4-F99EB01B9C50}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{304E691B-2C99-4C63-BCFB-D786050FC1D6}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{C1AE42E1-1BEA-4497-857B-89D85DFD1F3F}] => (Allow) D:\Program Files\firefox.exe
FirewallRules: [{6E99E329-7CC6-4B39-BA9F-06B8417EE55D}] => (Allow) D:\Program Files\firefox.exe
FirewallRules: [{408E9F7B-8E22-4B5D-BAA5-7470A060AE8A}] => (Allow) D:\Program Files\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{17C318AB-AB5C-4B33-8988-C5AD40325A21}] => (Allow) D:\Program Files\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{568608E3-C2BA-483A-89B6-382FB1526D9B}] => (Allow) D:\Program Files\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{76E786BC-4BBF-487F-A62B-C762E591F2D7}] => (Allow) D:\Program Files\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{CF5CDE4D-3E82-48E9-A319-9573155F8661}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{1D04FA51-92CD-40ED-8520-E168235CF435}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{D43CC1D2-4C17-4FF3-9C93-6A4E045AD9EB}] => (Allow) D:\Program Files\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{BEA85D24-F17F-4D4F-B0CA-50D722A0C5D4}] => (Allow) D:\Program Files\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [TCP Query User{3B6D7D56-9885-454B-BCF2-90C6307CFC57}D:\games\mafia iii\launcher.exe] => (Allow) D:\games\mafia iii\launcher.exe
FirewallRules: [UDP Query User{8BD1A5C7-1715-40AE-BBB5-190EA4EB6330}D:\games\mafia iii\launcher.exe] => (Allow) D:\games\mafia iii\launcher.exe
FirewallRules: [TCP Query User{3A5681DE-270D-4C11-98C9-1DA0185F34D1}D:\games\mafia iii\mafia3.exe] => (Allow) D:\games\mafia iii\mafia3.exe
FirewallRules: [UDP Query User{CE0D9238-0F60-49A5-9477-0F18C8489F2C}D:\games\mafia iii\mafia3.exe] => (Allow) D:\games\mafia iii\mafia3.exe
FirewallRules: [TCP Query User{E3A30844-6A11-4F35-826D-F37C2261E8B4}D:\mygames\dreadnought\dreadnoughtlauncher.exe] => (Allow) D:\mygames\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{BF996F91-76E7-4CC8-A33F-8A05AF56A5D7}D:\mygames\dreadnought\dreadnoughtlauncher.exe] => (Allow) D:\mygames\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{BC886EEB-6AA5-475F-9F27-ADCEB2361F84}D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [UDP Query User{97B941A3-FB45-4E4E-9F8A-1832DBD9D8CC}D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) D:\mygames\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [{546EAED9-8710-4E93-ACEF-FD6998A4D704}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{F8FD505F-B305-4A32-91BB-77F9F13726C8}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{3B163A2E-995C-4267-BF31-90241C69315B}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{EB79317C-1E48-40E8-8536-73FE693168F4}] => (Allow) D:\Program Files\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [TCP Query User{B794F121-3D72-44B1-A9B1-7FC0F4ACB4AD}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{19190C39-6AD7-482F-8C41-26A2CBAD0022}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{4BB69660-D87A-4349-B2BB-4ADA764666C4}] => (Allow) D:\Program Files\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{3FD6506F-7F29-43FA-85DF-48578B9FFF8D}] => (Allow) D:\Program Files\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [TCP Query User{AC6A2911-2869-41A8-B72E-ADCAC86CD563}D:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\games\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{238F7DFC-0A5D-4C81-81C9-81E9E7175BFB}D:\games\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\games\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{F4617028-9AD7-4CB3-9B89-06B0515D1296}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4FF8A6D7-27E4-4E66-9912-A9305898D03C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{10F420C4-121D-44FB-9503-042DEDFD31EA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{14956C60-4E70-4A07-9CF9-8ADC4E97D8AD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{FC65AB8F-BD1D-49BE-B8DB-29380CE246F1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{0CDF9934-E2C0-4F8C-8083-6B45380A9024}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{2321E578-FD0C-4940-9D32-BB9CBBA34AF7}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{4E0C9E57-B77C-4C12-8D39-44837FAC6123}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{0C5B13CD-189A-4E49-881F-7F68CEDB8A90}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{D73BBE80-7276-45D4-98F2-1E3673391138}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [TCP Query User{C4F393B7-4E97-4662-AF94-7EC504822E06}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{5192318F-FA11-4305-952B-89FAE8A381D8}D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) D:\program files\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{0CE808DA-66A5-4E73-8C4B-03FF0380EFC1}] => (Allow) D:\Program Files\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{BC884C10-5B82-4C6E-89DC-3CE70BC4181C}] => (Allow) D:\Program Files\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [TCP Query User{530B3057-BC01-4EBD-8FB5-29D659D76A3B}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FE3F37FA-0C79-4E71-932A-45EB5F1226B7}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [{70E13AAD-7D6C-4E5E-AFD3-726E3FCC38B0}] => (Allow) D:\Program Files\steamapps\common\Oh...Sir! The Insult Simulator\ohsir.exe
FirewallRules: [{E69D5173-F73B-4371-95C0-71EA3F88201A}] => (Allow) D:\Program Files\steamapps\common\Oh...Sir! The Insult Simulator\ohsir.exe
FirewallRules: [{44073D58-C698-443A-AB94-C9C3D745F8A1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [TCP Query User{4C7E99D3-A41C-464B-8C3C-A82CF3F8B83D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{14E00438-05D4-46D6-88D9-13FD06202B22}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{4C33C44A-E4D0-4216-8A58-B6A2CB07B7FA}D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{033F163D-4A90-430D-81C0-B746DCE60F73}D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) D:\program files\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{932386BB-04AE-4C2F-BDCF-C183621E063C}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{78191ABF-2BBB-4D5B-AB11-2497767BBA2E}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1DBEB7AF-433E-4122-A780-F913BBA3C3D7}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe
FirewallRules: [UDP Query User{58DD19A8-A0BF-4FDF-BF77-819100BBD4B1}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe
FirewallRules: [{4E9E0DE6-DF58-4402-91AD-6497A5630C15}] => (Allow) D:\Program Files\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{B0F87A21-75C0-4FB1-9E25-F0F4477EE152}] => (Allow) D:\Program Files\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{B4F9536B-925C-4BDC-9758-1B64E2EBB042}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{46BDC1E0-F746-477F-9956-2E59884985FA}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [{D5FC2307-7DAB-4222-8257-14AFAC83A926}] => (Allow) D:\Program Files\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{98313921-E751-4C53-A2EC-5541A3E7BCCB}] => (Allow) D:\Program Files\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{DF3408F1-CAE1-41FA-B103-890C4D73C9F2}] => (Allow) D:\Program Files\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{27A1D7EB-0C04-4293-B877-4D36B16CFCDA}] => (Allow) D:\Program Files\steamapps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{0319FA43-E27E-4E5C-B4BF-43EA26E12E62}] => (Allow) D:\Program Files\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3A085136-CFE1-496A-919E-81FCCAC0D9F1}] => (Allow) D:\Program Files\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{30A19C67-1229-4BCD-A593-62CC46EADEEC}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe
FirewallRules: [{83158AF5-C609-4F21-B69C-353DFEB7A266}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe
FirewallRules: [{E3DA5D27-36A8-46B0-A715-C165CAAAE950}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{621DA289-E055-4CB0-8170-2D0D4B13A6AE}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{5EA3797F-ED14-456B-ABD8-66F325B3E27F}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{9F7CEC21-DDC2-4851-A145-54F0785787E5}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{51DDDF8E-6BAF-4492-BFAD-968B40B646E0}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{1D14DC8D-1AED-4E0F-8A39-9293678180B1}] => (Allow) D:\Program Files\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [TCP Query User{D0FBC86C-E07F-4F8C-9044-E89D6076E61A}D:\mygames\hearthstone\hearthstone.exe] => (Allow) D:\mygames\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BDC716C1-45EE-497C-BDE2-455CA553386F}D:\mygames\hearthstone\hearthstone.exe] => (Allow) D:\mygames\hearthstone\hearthstone.exe
FirewallRules: [{0B26197B-239A-4C2C-95B7-27FBB25D2B7F}] => (Allow) D:\Program Files\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{0544A184-951F-464E-935C-3DD6D41B2749}] => (Allow) D:\Program Files\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{AB5C49BC-7D55-4025-8387-EBDA95F32401}] => (Allow) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E9BFA106-8469-4EA6-A8B3-9FC0CB91CEC4}] => (Allow) D:\Program Files\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B07BAFFD-1CA7-4921-AF4A-D23BC6A98A7D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{CDDB549E-F691-4FB2-A9F7-59AE6C46F4AC}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{0ED88236-0F3E-4067-905A-7B3332CDE67D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{8784C72F-2CAE-4665-B460-67D592707E7D}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{1F72A3F3-1C10-4A5F-AF24-7CDD6BCCE559}] => (Allow) D:\Program Files\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{3097DBB8-F9BB-4C56-9539-695703EF8F27}] => (Allow) D:\Program Files\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [TCP Query User{E1F8E471-16D9-4BD4-907A-F2E2FFBBD734}D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe] => (Allow) D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe
FirewallRules: [UDP Query User{AFA06608-B254-4010-B36C-E222E180AC87}D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe] => (Allow) D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe
FirewallRules: [TCP Query User{787D83F7-1DB3-40B3-971C-1399392EE1C4}C:\program files (x86)\obs\obs.exe] => (Allow) C:\program files (x86)\obs\obs.exe
FirewallRules: [UDP Query User{38B1A61F-62C7-474F-B3FB-998091535E7A}C:\program files (x86)\obs\obs.exe] => (Allow) C:\program files (x86)\obs\obs.exe
FirewallRules: [{46677828-6604-47D8-8410-848E84B23E74}] => (Allow) D:\Program Files\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{A1EDC62A-0B07-4008-BA09-EBF254422F61}] => (Allow) D:\Program Files\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{6F7CE1A4-0BA3-4743-8DF0-8BB7EDB44A8F}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{C5462689-206C-49CD-B06A-3033BACF5FF0}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [{5F1C904B-259D-4BF6-8943-18DF302ADADF}] => (Allow) D:\Program Files\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{45F6EABF-B7DB-4235-ABDE-75A1EAD05D54}] => (Allow) D:\Program Files\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{56C2260A-3C24-4661-8F5D-6CF3CEA2205D}D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{0E681B7C-9573-4393-A180-3AD76192DBCC}D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{8E46FF36-342C-492A-A901-72BB2E48D262}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe
FirewallRules: [UDP Query User{4F3BD096-B971-4BBC-A2F4-E0B74E99B209}C:\program files (x86)\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files (x86)\obs-studio\bin\64bit\obs64.exe
FirewallRules: [TCP Query User{83D1641D-D5D4-43CB-895F-073BDD083196}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{88F9E578-A8C0-4090-B642-5A6A5E5E98C5}D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\program files\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{BB0FECEE-9B40-4C25-A914-B311185FD1C4}] => (Allow) D:\Program Files\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{B31C72A1-A369-4950-8C0F-42C67DB7639F}] => (Allow) D:\Program Files\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{1FA6AA1F-40F6-4B01-8FEC-2CA41AC040E0}] => (Allow) D:\Program Files\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F882544F-639E-4DDA-81F2-D913CF725C24}] => (Allow) D:\Program Files\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2CCA8D6A-8093-46B2-B2A5-EA3FFFBA7B55}] => (Allow) D:\Program Files\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{2167CE76-84B6-49F7-BFBD-0F928FA6D286}] => (Allow) D:\Program Files\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [TCP Query User{E2C1A28E-916D-4A5E-94E4-773508CE3EAF}D:\program files\steamapps\common\artofwar\game\u1game.exe] => (Allow) D:\program files\steamapps\common\artofwar\game\u1game.exe
FirewallRules: [UDP Query User{AD562972-D1C1-433F-8839-BEE22BDFFB38}D:\program files\steamapps\common\artofwar\game\u1game.exe] => (Allow) D:\program files\steamapps\common\artofwar\game\u1game.exe
FirewallRules: [{97B89324-C406-4F9D-83B9-A51C6B1C96E3}] => (Allow) D:\Program Files\steamapps\common\strife\bin\strife.exe
FirewallRules: [{9975367C-5C07-47DA-A8D0-C0ABB390D147}] => (Allow) D:\Program Files\steamapps\common\strife\bin\strife.exe
FirewallRules: [{735DE04A-790D-4FBE-A1C1-D66E380DF372}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44B5FD61-DC8E-49D1-A8AD-3B14E3387CB2}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BF04F192-9E7C-40EF-A52F-AA03984DE57A}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FEDF7FD7-07A3-4578-AFF7-D14E992FD874}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0C64BA5D-A38D-45CC-9A91-E98D9445D179}] => (Allow) D:\Program Files\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{828AD62B-4685-43FF-A0EB-B864C1AB18E9}] => (Allow) D:\Program Files\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{30791891-8890-43C5-8F33-9E12FC8016BA}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D4A98DAE-086C-4105-AB0A-B7CFFF9D0D14}] => (Allow) D:\Program Files\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4966FFE6-9ABF-4644-A1D4-4CC6E374372E}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{AA6E322C-0598-409D-B209-51760DF1E3D2}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{E02EA610-8830-49B0-801F-985F76D62B6A}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{76D07510-6E75-44B5-9D32-AFAF2E5CF728}] => (Allow) D:\Program Files\steamapps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{5CD4B408-E280-495B-A66E-52A0C32B81E6}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [UDP Query User{26710EEE-3ADD-4850-8CDA-CD45CC90BB44}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [{CB1BD3C8-9261-4689-832A-1E4A646BE075}] => (Allow) C:\Users\Alex\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{54AB7627-7EA3-4CC6-9288-C8B194742D93}D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe] => (Allow) D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [UDP Query User{378D9DE6-1208-41AF-BDF0-780A411F81E6}D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe] => (Allow) D:\mygames\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [{1D1C4217-CABD-4D24-87B8-474C9F56FF50}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{59ED376E-8919-4ED6-AF9F-3744324438DB}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{6892DD58-706E-469D-ACE7-46FB5CACB6B9}D:\program files\steamapps\common\arma 3\arma3.exe] => (Allow) D:\program files\steamapps\common\arma 3\arma3.exe
FirewallRules: [{186FB69E-91B6-452C-AFA5-8D7AD4B14836}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{0CDD6A89-0253-4D2E-8D2C-329FE2712724}] => (Allow) D:\Program Files\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{A841513D-E2BE-482E-854D-03987A0F6943}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{E1163190-ACE6-486B-8F3C-ED4246DD402E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{C9074CE8-3909-410B-8A1C-42235BD5D26A}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8D8D75AA-FAFE-4435-833B-9B2B696F0957}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [{B888F033-59E8-475E-B376-35123CC978FB}] => (Allow) D:\Program Files\steamapps\common\For Honor\forhonor.exe
FirewallRules: [{EFD8C446-57A7-4A6F-81B8-1DEFA2A2E8B8}] => (Allow) D:\Program Files\steamapps\common\For Honor\forhonor.exe
FirewallRules: [{9BE10B0C-0026-40D2-832B-58990EDB5A6F}] => (Allow) D:\Program Files\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{D24DE78E-B577-4C35-B2B5-A8260BCE6B83}] => (Allow) D:\Program Files\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [TCP Query User{E73400D9-ECC4-406A-90F8-AA65F2B5E7B8}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4E4C620D-CB9B-4EF0-AD81-D976B4DCE6DB}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2017 11:54:10 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/17/2017 03:50:02 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/17/2017 10:14:14 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/17/2017 10:14:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 56.0.2924.87, time stamp: 0x58916e12
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc000000d
Fault offset: 0x00000000000ff44c
Faulting process id: 0x1c80
Faulting application start time: 0x01d289300137ef3b
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f0089e3d-0b7c-4768-bfe7-5e2510e0df9c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/17/2017 10:10:28 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/17/2017 03:25:03 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (02/17/2017 03:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 56.0.2924.87, time stamp: 0x58916e12
Faulting module name: boost_thread-vc120-mt-1_56.dll, version: 0.0.0.0, time stamp: 0x54a184de
Exception code: 0xc0000005
Fault offset: 0x000000000000b2e3
Faulting process id: 0x20c0
Faulting application start time: 0x01d288d3c826c69a
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Program Files (x86)\Personify\ChromaCam\64\boost_thread-vc120-mt-1_56.dll
Report Id: 76eabbd6-5653-4fb2-9299-b707e634c84b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/17/2017 03:24:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 56.0.2924.87, time stamp: 0x58916e12
Faulting module name: boost_log-vc120-mt-1_56.dll, version: 0.0.0.0, time stamp: 0x54a1850a
Exception code: 0xc0000005
Fault offset: 0x0000000000006ec1
Faulting process id: 0x20c0
Faulting application start time: 0x01d288d3c826c69a
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Program Files (x86)\Personify\ChromaCam\64\boost_log-vc120-mt-1_56.dll
Report Id: cde3c47b-b63a-423a-b298-62f3e3f774ca
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/17/2017 12:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x587fbba8
Faulting module name: boost_log-vc120-mt-1_56.dll, version: 0.0.0.0, time stamp: 0x54a1850a
Exception code: 0xc0000005
Fault offset: 0x0000000000006ec1
Faulting process id: 0xa1c
Faulting application start time: 0x01d288d4d7bf5db3
Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Program Files (x86)\Personify\ChromaCam\64\boost_log-vc120-mt-1_56.dll
Report Id: c6cbb979-decb-4415-857e-e6489e25f34c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/16/2017 11:10:14 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (02/17/2017 11:55:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/17/2017 11:54:10 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000012b (0xffffffffc00002c4, 0x000000000000068a, 0x0000000023a13cf0, 0xffffd700ad101000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: fdfd7713-ccf1-46be-846e-a11eb52689c9.
 
Error: (02/17/2017 11:54:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:00:17 PM on ‎2/‎17/‎2017 was unexpected.
 
Error: (02/17/2017 10:14:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/17/2017 03:25:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/16/2017 03:29:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/16/2017 03:13:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/15/2017 05:10:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/15/2017 05:07:10 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000012b (0xffffffffc00002c4, 0x0000000000000b95, 0x0000000012100980, 0xffffdd806b271000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 53ff7eca-cf42-466a-82cc-b25083a29466.
 
Error: (02/15/2017 05:07:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:01:12 AM on ‎2/‎15/‎2017 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-14 05:58:33.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-14 05:58:33.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-13 22:57:46.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-13 22:57:46.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 21%
Total physical RAM: 16295.52 MB
Available physical RAM: 12771.09 MB
Total Virtual: 18727.52 MB
Available Virtual: 14775.92 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.44 GB) (Free:62.23 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:931.51 GB) (Free:253.79 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 59C3683A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 59C36822)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello :)

 

One question before we begin:  Are you knowingly running a proxy on your machine?


  • 0

#6
agamer7809

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

I do not believe I am.  


  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I do not believe I am.


Hello :) Thank you for your response. This should eliminate the error you are getting upon startup.

Step 1: P2P Warning

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST

Notice: Before running this step, please move FRST64.exe from D:\Downloads to the Desktop or the fix will not work. All tools must be run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\nlqterdk.dll <===== ATTENTION
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\MountPoints2: E - "E:\setup.exe"
GroupPolicy: Restriction <======= ATTENTION
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
C:\Users\Alex\AppData\Local\YddrPack
C:\ProgramData\hash.dat
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
RemoveProxy:
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
User returned.
  • 0

#10
agamer7809

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
This is the fixlist log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Alex (24-02-2017 10:37:30) Run:1
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\Run: [Uxbgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Alex\AppData\Local\YddrPack\nlqterdk.dll <===== ATTENTION
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\...\MountPoints2: E - "E:\setup.exe"
GroupPolicy: Restriction <======= ATTENTION
CHR HomePage: Default -> hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
CHR StartupUrls: Default -> "","hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV="
C:\Users\Alex\AppData\Local\YddrPack
C:\ProgramData\hash.dat
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
RemoveProxy:
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Uxbgmedia => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Alex\AppData\Local\YddrPack => moved successfully
C:\ProgramData\hash.dat => moved successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-482574108-2876646391-2450146034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1933348 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 106322654 B
Java, Flash, Steam htmlcache => 159977033 B
Windows/system/drivers => 203676960 B
Edge => 147616 B
Chrome => 817684364 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 1044480 B
NetworkService => 770616 B
Alex => 830363695 B
 
RecycleBin => 417036032 B
EmptyTemp: => 2.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:37:58 ====

  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Please follow the remaining steps, post the logs, and we will continue. :thumbsup:
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
User returned.

Please run steps 3, 4, and 5 and post the logs and we'll continue. :thumbsup:
  • 0

#14
agamer7809

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

this is the JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Alex (Administrator) on Fri 02/24/2017 at 10:41:28.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Alex\AppData\Roaming\speedrunnerslog.txt (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/24/2017 at 10:42:26.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#15
agamer7809

agamer7809

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the AdwCleaner log

# AdwCleaner v6.044 - Logfile created 08/03/2017 at 16:15:30
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-07.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Alex - ALEXSPC
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Alex\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\Alex\AppData\Roaming\Main.dat
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mystart.incredibar.com/?a=6R9m9Z7cl4&i=26&loc=skw
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.0.5.292&pid=safeguard&sg=0&sap=hp
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.0.443&pid=safeguard&sg=0&sap=hp
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.786&pid=safeguard&sg=0&sap=hp
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://mysearch.avg.com?cid={EAC1DF63-03D4-4D08-AA9D-6884E1AF8A6D}&mid=115329c8301347d6a438b1a22fbcac4a-d47c504e3b45933e927aff2f306beaa1108f39d0&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2013-09-26 19:46:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=8&UP=SPDE37641D-D109-4BCC-9802-91C3E5978CAE&D=061215&SSPV=
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://mystart.incredibar.com/?a=6Oz8ZpUKl9&loc=skw
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: Firewall rules cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4384 Bytes] - [08/03/2017 16:15:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [3711 Bytes] - [08/03/2017 16:14:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4530 Bytes] ##########

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP