Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

WowAmazeName

Members
  • Content count

    26
  • Joined

  • Last visited

About WowAmazeName

  • Rank
    Getting familiar

Profile Information

  • Gender
  1. solved

    @Kris, I know this is out of no where and a really late reply, but I just wanted to say I really appreciated your help. How are you doing?
  2. Hi, I was doing some stupid stuff like messing with disk management and was curious was setting active partitions would do. I set my memory drives as active for a stupid reason, then, after reading what setting as active partition does, I set my ssd boot drive as the one active. Now "bootmgr is missing, press Ctrl alt del to restart" shows up in the top left corner. I went into boot options and set my ssd as 1st priority yet it didn't change anything. I've also tried hold f8 and manually booting my ssd and that didn't change anything as well. I've tried "repair boot up" via windows 10 installation USB yet nothing is working out so far. Any help would be greatly appreciated. Thank you.
  3. solved

    I'm having small issue with fullscreening through Chrome. When I attempt do fullscreen, it still shows the tabs and taskbar. I assume its a quick fix. Any ideas?
  4. solved

    I know, I've done so. But it was strange which .exe was quarantined.
  5. solved

    Some of the anti-malware programs seems to be deleting some of my .exe files scanning it as a virus file, even though I know for a fact it is not. I think the program was Zemana. Just something weird I have to share. The .exe was like from games from steam apps.
  6. solved

    I'm sad to say it was the simplest way he fixed the problem. All my brother said he did was reset the router by unplugging it and re-plugging it. That's all he did. And this solved all the issues. I some how find many connectivity issues can be solved simply by turning them off and back on, strangely.
  7. solved

    My brother solved the connectivity issues. I will try to report on what he did. Your assistance on my computer was phenomenal though. Its a much cleaner better pc now.
  8. solved

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_28.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:11:52 Updated 28/06/2016 | 01.35 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Antony (Administrator)] - [ANDREW2014-PC] SID = S-1-5-21-2034708905-2678556690-501098093-1003 Boot: Normal boot System : Windows 7 Professional (64 bits) Professional Service Pack 1 ProcessorNameString : AMD Phenom(tm) II X6 1090T Processor Identifier : AMD64 Family 16 Model 10 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 8387 | Free (MB) : 6835 Pagefile = Total (MB) : 16772 | Free (MB) : 15255 Virtual = Total (MB) : 4194 | Free (MB) : 4029 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives F:\-> [Fixed] | [RECOVERY OS 7 DO NOT FORMAT.] | Total : 97.66 Go | Free : 87.28 Go -> NTFS [ATA] E:\-> [Fixed] | [OLD DATA] | Total : 919.53 Go | Free : 75.55 Go -> NTFS [ATA] D:\-> [Fixed] | [DATA] | Total : 368.1 Go | Free : 66.58 Go -> NTFS [ATA] C:\-> [Fixed] | [OS 7] | Total : 59.53 Go | Free : 9.25 Go -> NTFS (SSD) [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2016-06-24 23:58:25 Downloaded last ones : 2016-06-25 10:37:43 Installed last ones : 2016-06-25 11:30:34 Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\ANDREW 2014 C:\Users\Antony Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [27.06.2016 @ 20_11_04]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.9600.18347 (© Microsoft Corporation.) GC : 51.0.2704.103 (Copyright 2015 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 22.0.0.192 ���������� # Security AV : AS : Windows Defender Enabled AM : Malwarebytes Anti-Malware (2.3.173.0) [] FW : WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 980 | [Owner : |Parent : 660] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 1220 | [Owner : |Parent : 980] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 1492 | [Owner : |Parent : 660] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe 1608 | [Owner : SYSTEM |Parent : 660] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.18.4103) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1632 | [Owner : SYSTEM |Parent : 660] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - (1.0.0.0) = D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe 1684 | [Owner : SYSTEM |Parent : 660] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.35) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1712 | [Owner : SYSTEM |Parent : 660] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe 1752 | [Owner : SYSTEM |Parent : 660] - (.Brio - FolderSize Service.) - (1.6.0.0) = C:\Program Files\FolderSize\FolderSizeSvc.exe 1824 | [Owner : SYSTEM |Parent : 660] - (.SeriousBit - SeriousBit.NetBalancer.Service.) - (9.4.1.0) = E:\Program Files (x86)\NetBalancer\SeriousBit.NetBalancer.Service.exe 1896 | [Owner : SYSTEM |Parent : 660] - (.Native Instruments GmbH - NIHardwareService.) - (1.5.1.1124) = C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 1940 | [Owner : SYSTEM |Parent : 660] - (. - .) - (0.0.0.0) = C:\Windows\SysWOW64\PnkBstrA.exe 1980 | [Owner : SYSTEM |Parent : 660] - (.Razer Inc. - Razer Chroma SDK Service.) - (1.0.2.1) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe 2000 | [Owner : SYSTEM |Parent : 660] - (. - GameScannerService.) - (1.0.6.2673) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 1216 | [Owner : SYSTEM |Parent : 660] - (.Skype Technologies S.A. - Skype C2C Service.) - (6.13.0.13771) = C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 1708 | [Owner : SYSTEM |Parent : 660] - (.VIA Technologies, Inc. - Service binary.) - (0.1.0.0) = C:\Windows\System32\ViakaraokeSrv.exe 3000 | [Owner : LOCAL SERVICE |Parent : 508] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 1328 | [Owner : Antony |Parent : 660] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 864 | [Owner : Antony |Parent : 2664] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17514) = C:\Windows\explorer.exe 3212 | [Owner : Antony |Parent : 864] - (.VIA - VIA HD Audio CPL.) - (10.14.0.20) = C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe 3224 | [Owner : Antony |Parent : 864] - (.Pixart Imaging Inc - pximouse.) - (1.0.0.2) = C:\Windows\System32\TiltWheelMouse.exe 3252 | [Owner : Antony |Parent : 864] - (.Brio - Folder Size Window.) - (0.1.0.1) = C:\Program Files\FolderSize\FolderSize.exe 3436 | [Owner : Antony |Parent : 864] - (.SeriousBit - SeriousBit.NetBalancer.Tray.) - (9.4.1.0) = E:\Program Files (x86)\NetBalancer\SeriousBit.NetBalancer.Tray.exe 3468 | [Owner : Antony |Parent : 864] - (.Rainmeter - Rainmeter desktop customization tool.) - (4.0.0.2607) = C:\Program Files\Rainmeter\Rainmeter.exe 3508 | [Owner : Antony |Parent : 3452] - (.Razer Inc. - Razer Synapse.) - (1.18.21.28188) = C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe 3624 | [Owner : Antony |Parent : 3540] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = D:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe 3768 | [Owner : SYSTEM |Parent : 660] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe 3848 | [Owner : Antony |Parent : 3624] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = D:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe 4964 | [Owner : Antony |Parent : 864] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 3920 | [Owner : Antony |Parent : 4964] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 4284 | [Owner : Antony |Parent : 4964] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 6104 | [Owner : Antony |Parent : 3508] - (. - RzStats.Manager.) - (1.0.1.1) = C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 2036 | [Owner : Antony |Parent : 6104] - (.Razer, Inc. - RazerIngameEngine.) - (1.0.12.8578) = C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe 5632 | [Owner : Antony |Parent : 6104] - (.Razer, Inc. - Razer Chromium Render Process.) - (1.0.12.8578) = C:\Users\Antony\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe 4920 | [Owner : SYSTEM |Parent : 5208] - (.Google Inc. - Google Installer.) - (1.3.28.13) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 1956 | [Owner : NETWORK SERVICE |Parent : 660] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe 3044 | [Owner : Antony |Parent : 864] - (.Microsoft Corporation - Notepad.) - (6.1.7601.18917) = C:\Windows\System32\notepad.exe 2560 | [Owner : LOCAL SERVICE |Parent : 660] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : 3 -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Browser]~[Start] : 4 -> 3 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\nwjs Deleted : HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\perforce Moved to quarantine successfully : E:\install.exe Moved to quarantine successfully : E:\install.res.2052.dll Moved to quarantine successfully : E:\install.res.3082.dll Will be moved in quarantine at reboot : E:\msdownld.tmp Will be moved in quarantine at reboot : D:\msdownld.tmp ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 17 | Restored : 17 ~ [Drive E:] : Hidden : 2246 | Restored : 2056 ~ [Drive F:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 4 | Restored : 4 ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 28 | Restored : 28 ~ [AppData] : Hidden : 17 | Restored : 17 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=477G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 377G No No 2,048 771,969,024 1 1 07-NTFS 100G No No 771,971,072 204,797,952 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1 End : 21:22:30 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 226
  9. solved

    fixlist.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02 Ran by Antony (2016-06-27 20:03:28) Run:1 Running from E:\Users\chi\Downloads\FRST Loaded Profiles: Antony (Available Profiles: ANDREW 2014 & Antony) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2034708905-2678556690-501098093-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShortcutTarget: Dropbox.lnk -> C:\Users\Antony\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ShortcutTarget: Splice for Windows.lnk -> C:\Users\Antony\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe (No File) GroupPolicyScripts: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{911923BA-2B96-45C2-B50F-EEE73491B929}: [DhcpNameServer] 192.168.1.1 HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE07&ocid=UE07DHP SearchScopes: HKLM-x32 -> DefaultScope value is missing BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-11-26] [not signed] CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Extension: (AdBlock) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2034708905-2678556690-501098093-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx <not found> S3 Disc Soft Bus Service; "D:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe" [X] S2 AODDriver4.2.0; \??\D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] 2016-04-30 16:56 - 2016-05-16 21:57 - 0000034 _____ () C:\Users\Antony\AppData\Roaming\AdobeWLCMCache.dat 2016-06-03 11:17 - 2016-06-03 11:17 - 0000050 _____ () C:\Users\Antony\AppData\Roaming\Camdata.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 0000408 _____ () C:\Users\Antony\AppData\Roaming\CamLayout.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 0000408 _____ () C:\Users\Antony\AppData\Roaming\CamShapes.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 0004521 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.cfg 2016-06-03 11:07 - 2016-06-03 11:07 - 0000098 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.Producer.command 2016-06-03 11:07 - 2016-06-03 11:07 - 0000000 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.Producer.Data.ini 2016-06-03 11:07 - 2016-06-03 11:07 - 0001206 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.Producer.ini 2016-05-20 09:13 - 2016-05-20 09:13 - 0000017 _____ () C:\Users\Antony\AppData\Local\resmon.resmoncfg Task: {03174BFD-0151-4ECF-94B6-9CF751B3BF8F} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] () Task: {391648AD-5829-4F5D-8AA2-836A89D9E3F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {3C6DA58B-535A-40D5-A303-471268D1BA10} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.) Task: {4B30ECA6-9F5B-4EF8-9DA8-6E5E0E154AAB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {5689E365-E9BD-4C9D-9588-5C5CC09EE51F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {62A11634-5AFF-442C-AB6C-A573A0C03518} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.) Task: {64A1668E-2E18-449A-BBBC-5883318DBC6A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.) Task: {665893B5-28C7-4751-805E-896B1C3CF159} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {673645E4-8955-4AA8-9E6D-2A84C39638A2} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] () Task: {AACC88E8-89B1-4FD7-A7AC-0DD46EAA58D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated) Task: {C49D5D11-879D-4CFC-B56B-CBCA8ACB8FBB} - System32\Tasks\AdobeAAMUpdater-1.0-ANDREW2014-PC-Antony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated) Task: {DE669C5B-AA1E-43A3-97EA-7732DB5E30B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {E41F857A-2D0F-471D-B287-75B480808078} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {E5DA6B4C-B041-4B4C-8B76-EED27DA416E8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {E695019D-43B2-48BB-95C5-6F3AB569939C} - System32\Tasks\{8EEE825E-F4E9-4AE8-B7D4-EFC6709BDF9F} => pcalua.exe -a "C:\Program Files\FolderSize\FolderSize.cpl" -c Folder Size Task: {EB24C95B-8339-4A78-8B7D-AE8BBBA61B9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {F06625C5-CF13-41F2-97CB-D1456E76286B} - System32\Tasks\{B279082F-9BC3-402C-A177-6D3A144E3F95} => pcalua.exe -a "G:\Utility\StoreJet ToolBox\Windows\StoreJet.ToolBox.exe" -d "G:\Utility\StoreJet ToolBox\Windows" Task: {F8FA715A-B363-4428-BD2E-55E710CFA84F} - System32\Tasks\AdobeAAMUpdater-1.0-ANDREW2014-PC-ANDREW 2014 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated) Task: {FDFD3AC4-4A14-4697-B60C-9B177849F88F} - System32\Tasks\{3AD81216-984A-4056-A2EF-5A2A262827CC} => pcalua.exe -a H:\Autorun.exe -d H:\ Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core.job => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA.job => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Users\ANDREW 2014\Local Settings:BBlseWqp3wjplDD2LynvXTNA [2296] AlternateDataStreams: C:\Users\ANDREW 2014\AppData\Local:BBlseWqp3wjplDD2LynvXTNA [2296] AlternateDataStreams: C:\Users\ANDREW 2014\AppData\Local\Application Data:BBlseWqp3wjplDD2LynvXTNA [2296] Hosts: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state On RemoveProxy: CMD: ipconfig /flushdns Emptytemp: reboot: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. C:\Users\Antony\AppData\Roaming\Dropbox\bin\Dropbox.exe => not found. C:\Users\Antony\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe => not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{911923BA-2B96-45C2-B50F-EEE73491B929}\\DhcpNameServer => value removed successfully HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully "HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => key removed successfully "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi => moved successfully FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-11-26] [not signed] => not found Chrome DefaultSearchURL => removed successfully Chrome DefaultSuggestURL => removed successfully C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom => moved successfully "HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully "HKU\S-1-5-21-2034708905-2678556690-501098093-1003\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully Disc Soft Bus Service => service removed successfully AODDriver4.2.0 => service removed successfully EagleX64 => service removed successfully C:\Users\Antony\AppData\Roaming\AdobeWLCMCache.dat => moved successfully C:\Users\Antony\AppData\Roaming\Camdata.ini => moved successfully C:\Users\Antony\AppData\Roaming\CamLayout.ini => moved successfully C:\Users\Antony\AppData\Roaming\CamShapes.ini => moved successfully C:\Users\Antony\AppData\Roaming\CamStudio.cfg => moved successfully C:\Users\Antony\AppData\Roaming\CamStudio.Producer.command => moved successfully C:\Users\Antony\AppData\Roaming\CamStudio.Producer.Data.ini => moved successfully C:\Users\Antony\AppData\Roaming\CamStudio.Producer.ini => moved successfully C:\Users\Antony\AppData\Local\resmon.resmoncfg => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03174BFD-0151-4ECF-94B6-9CF751B3BF8F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03174BFD-0151-4ECF-94B6-9CF751B3BF8F}" => key removed successfully C:\Windows\System32\Tasks\GyazoUpdateTaskMachine => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{391648AD-5829-4F5D-8AA2-836A89D9E3F0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{391648AD-5829-4F5D-8AA2-836A89D9E3F0}" => key removed successfully C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C6DA58B-535A-40D5-A303-471268D1BA10}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C6DA58B-535A-40D5-A303-471268D1BA10}" => key removed successfully C:\Windows\System32\Tasks\AMD Updater => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMD Updater" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B30ECA6-9F5B-4EF8-9DA8-6E5E0E154AAB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B30ECA6-9F5B-4EF8-9DA8-6E5E0E154AAB}" => key removed successfully C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5689E365-E9BD-4C9D-9588-5C5CC09EE51F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5689E365-E9BD-4C9D-9588-5C5CC09EE51F}" => key removed successfully C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62A11634-5AFF-442C-AB6C-A573A0C03518}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62A11634-5AFF-442C-AB6C-A573A0C03518}" => key removed successfully C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64A1668E-2E18-449A-BBBC-5883318DBC6A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64A1668E-2E18-449A-BBBC-5883318DBC6A}" => key removed successfully C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{665893B5-28C7-4751-805E-896B1C3CF159}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{665893B5-28C7-4751-805E-896B1C3CF159}" => key removed successfully C:\Windows\System32\Tasks\Adobe online update program => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe online update program" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{673645E4-8955-4AA8-9E6D-2A84C39638A2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{673645E4-8955-4AA8-9E6D-2A84C39638A2}" => key removed successfully C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachineDaily" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AACC88E8-89B1-4FD7-A7AC-0DD46EAA58D3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AACC88E8-89B1-4FD7-A7AC-0DD46EAA58D3}" => key removed successfully C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C49D5D11-879D-4CFC-B56B-CBCA8ACB8FBB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C49D5D11-879D-4CFC-B56B-CBCA8ACB8FBB}" => key removed successfully C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ANDREW2014-PC-Antony => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-ANDREW2014-PC-Antony" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE669C5B-AA1E-43A3-97EA-7732DB5E30B0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE669C5B-AA1E-43A3-97EA-7732DB5E30B0}" => key removed successfully C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E41F857A-2D0F-471D-B287-75B480808078}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E41F857A-2D0F-471D-B287-75B480808078}" => key removed successfully C:\Windows\System32\Tasks\Java Update Scheduler => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Update Scheduler" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5DA6B4C-B041-4B4C-8B76-EED27DA416E8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5DA6B4C-B041-4B4C-8B76-EED27DA416E8}" => key removed successfully C:\Windows\System32\Tasks\avast! Emergency Update => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E695019D-43B2-48BB-95C5-6F3AB569939C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E695019D-43B2-48BB-95C5-6F3AB569939C}" => key removed successfully C:\Windows\System32\Tasks\{8EEE825E-F4E9-4AE8-B7D4-EFC6709BDF9F} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8EEE825E-F4E9-4AE8-B7D4-EFC6709BDF9F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB24C95B-8339-4A78-8B7D-AE8BBBA61B9C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB24C95B-8339-4A78-8B7D-AE8BBBA61B9C}" => key removed successfully C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F06625C5-CF13-41F2-97CB-D1456E76286B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F06625C5-CF13-41F2-97CB-D1456E76286B}" => key removed successfully C:\Windows\System32\Tasks\{B279082F-9BC3-402C-A177-6D3A144E3F95} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B279082F-9BC3-402C-A177-6D3A144E3F95}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8FA715A-B363-4428-BD2E-55E710CFA84F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8FA715A-B363-4428-BD2E-55E710CFA84F}" => key removed successfully C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ANDREW2014-PC-ANDREW 2014 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-ANDREW2014-PC-ANDREW 2014" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDFD3AC4-4A14-4697-B60C-9B177849F88F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFD3AC4-4A14-4697-B60C-9B177849F88F}" => key removed successfully C:\Windows\System32\Tasks\{3AD81216-984A-4056-A2EF-5A2A262827CC} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3AD81216-984A-4056-A2EF-5A2A262827CC}" => key removed successfully C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core.job => moved successfully C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA.job => moved successfully C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully "C:\Users\ANDREW 2014\Local Settings" => ":BBlseWqp3wjplDD2LynvXTNA" ADS not found. C:\Users\ANDREW 2014\AppData\Local => ":BBlseWqp3wjplDD2LynvXTNA" ADS removed successfully. "C:\Users\ANDREW 2014\AppData\Local\Application Data" => ":BBlseWqp3wjplDD2LynvXTNA" ADS not found. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state On ========= Ok. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2034708905-2678556690-501098093-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2034708905-2678556690-501098093-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13759128 B Java, Flash, Steam htmlcache => 255269353 B Windows/system/drivers => 38494 B Edge => 0 B Chrome => 250606319 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 66356 B systemprofile32 => 66088 B LocalService => 66228 B NetworkService => 7642 B ANDREW 2014 => 921052964 B Antony => 60073564 B RecycleBin => 0 B EmptyTemp: => 1.4 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 20:03:55 ====
  10. solved

    Reposting Addition.txt for organization Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02 Ran by Antony (2016-06-27 17:15:27) Running from E:\Users\chi\Downloads Windows 7 Professional Service Pack 1 (X64) (2014-01-21 01:47:33) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2034708905-2678556690-501098093-500 - Administrator - Disabled) ANDREW 2014 (S-1-5-21-2034708905-2678556690-501098093-1000 - Administrator - Enabled) => C:\Users\ANDREW 2014 Antony (S-1-5-21-2034708905-2678556690-501098093-1003 - Administrator - Enabled) => C:\Users\Antony Guest (S-1-5-21-2034708905-2678556690-501098093-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2034708905-2678556690-501098093-1003\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Alien: Isolation (HKLM\...\Steam App 214490) (Version: - Creative Assembly) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Autodesk FBX Converter x64 2013.2 (HKLM-x32\...\Autodesk FBX Converter x64 2013.2) (Version: - Autodesk) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Blade & Soul Closed Beta Test (HKLM-x32\...\{F7DBB870-787A-4B0E-A314-C931522A5859}) (Version: 4.0.0.6 - NC Interactive, LLC) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.1.0.0187 - Disc Soft Ltd) DragonNest (HKLM-x32\...\DragonNest) (Version: - ) Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios) Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software) FabFilter TotalBundle VST RTAS v1.3 (HKLM-x32\...\FabFilter TotalBundle x86_is1) (Version: - ) FileMind QuickFix (HKLM-x32\...\{92789900-80D0-4B61-B742-7897964A69AB}_is1) (Version: Build 4184 - Metability Software) Final Fantasy X X-2 HD Remaster (HKLM-x32\...\Final Fantasy X X-2 HD Remaster_is1) (Version: - ) Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio) Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metal Gear Solid V Phantom Pain version 1.0.5.0 (HKLM-x32\...\Metal Gear Solid V Phantom Pain_is1) (Version: 1.0.5.0 - Mr DJ) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MusicLab RealGuitar (HKLM\...\{1864B4F0-8888-5A57-9930-C2B307597966}) (Version: 3.0 - MusicLab, Inc.) MusicLab Virtual MIDI Driver (HKLM\...\{A30B7FD7-04A1-46e1-ABDF-FD592C113253}) (Version: 2.0.1.0 - MusicLab, Inc.) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) NEKOPALIVE (HKLM\...\Steam App 469990) (Version: - NEKO WORKs) NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming) Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) PhotoME Beta-Release (HKLM-x32\...\PhotoME Beta-Release_is1) (Version: 0.8ß2 - Jens Duttke) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2607 - ) Raptr (HKLM-x32\...\Raptr) (Version: - ) Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.2.4 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain) RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Sonic Charge Synplant 1.0 (HKLM-x32\...\Sonic Charge Synplant_is1) (Version: - ) Source Filmmaker (HKLM\...\Steam App 1840) (Version: - Valve) Starbound - Unstable (HKLM\...\Steam App 367540) (Version: - ) Starbound (HKLM-x32\...\Steam App 211820) (Version: - ) Staxel (HKLM-x32\...\Plukit Staxel) (Version: 1.1.1 - Plukit) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sublime Text Build 3083 (HKLM-x32\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) TERA (HKLM-x32\...\Steam App 323370) (Version: - En Masse Entertainment) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - ) TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - ) UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Vyzex MAX49 (HKLM-x32\...\{B35A4E5E-DAA8-4A0B-95A1-D3EE244EF933}_is1) (Version: Vyzex MAX49 1.02 - Psicraft Designs, Inc.) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.81 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03174BFD-0151-4ECF-94B6-9CF751B3BF8F} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] () Task: {391648AD-5829-4F5D-8AA2-836A89D9E3F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {3C6DA58B-535A-40D5-A303-471268D1BA10} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.) Task: {4B30ECA6-9F5B-4EF8-9DA8-6E5E0E154AAB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {5689E365-E9BD-4C9D-9588-5C5CC09EE51F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {62A11634-5AFF-442C-AB6C-A573A0C03518} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.) Task: {64A1668E-2E18-449A-BBBC-5883318DBC6A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-14] (Dropbox, Inc.) Task: {665893B5-28C7-4751-805E-896B1C3CF159} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {673645E4-8955-4AA8-9E6D-2A84C39638A2} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] () Task: {AACC88E8-89B1-4FD7-A7AC-0DD46EAA58D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated) Task: {C49D5D11-879D-4CFC-B56B-CBCA8ACB8FBB} - System32\Tasks\AdobeAAMUpdater-1.0-ANDREW2014-PC-Antony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated) Task: {DE669C5B-AA1E-43A3-97EA-7732DB5E30B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {E41F857A-2D0F-471D-B287-75B480808078} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {E5DA6B4C-B041-4B4C-8B76-EED27DA416E8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {E695019D-43B2-48BB-95C5-6F3AB569939C} - System32\Tasks\{8EEE825E-F4E9-4AE8-B7D4-EFC6709BDF9F} => pcalua.exe -a "C:\Program Files\FolderSize\FolderSize.cpl" -c Folder Size Task: {EB24C95B-8339-4A78-8B7D-AE8BBBA61B9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {F06625C5-CF13-41F2-97CB-D1456E76286B} - System32\Tasks\{B279082F-9BC3-402C-A177-6D3A144E3F95} => pcalua.exe -a "G:\Utility\StoreJet ToolBox\Windows\StoreJet.ToolBox.exe" -d "G:\Utility\StoreJet ToolBox\Windows" Task: {F8FA715A-B363-4428-BD2E-55E710CFA84F} - System32\Tasks\AdobeAAMUpdater-1.0-ANDREW2014-PC-ANDREW 2014 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated) Task: {FDFD3AC4-4A14-4697-B60C-9B177849F88F} - System32\Tasks\{3AD81216-984A-4056-A2EF-5A2A262827CC} => pcalua.exe -a H:\Autorun.exe -d H:\ (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core.job => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA.job => C:\Users\ANDREW 2014\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-28 22:45 - 2015-07-28 22:45 - 00214528 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Device.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll 2016-06-24 23:12 - 2016-06-24 23:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-11-04 17:11 - 2015-11-04 17:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2014-01-20 19:35 - 2012-11-14 00:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2014-01-20 19:35 - 2012-11-14 00:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2015-07-28 22:45 - 2015-07-28 22:45 - 00102400 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2015-12-21 00:55 - 2015-12-21 00:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-11-16 03:48 - 2015-11-16 03:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll 2016-01-01 23:04 - 2015-10-06 12:26 - 50656768 _____ () C:\Users\Antony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll 2016-01-01 23:04 - 2015-10-06 12:26 - 01874944 _____ () C:\Users\Antony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll 2016-01-01 23:04 - 2015-10-06 12:26 - 00075264 _____ () C:\Users\Antony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll 2016-06-18 05:51 - 2016-06-15 02:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-18 05:51 - 2016-06-15 02:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-06-18 05:51 - 2016-06-15 02:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\ANDREW 2014\Local Settings:BBlseWqp3wjplDD2LynvXTNA [2296] AlternateDataStreams: C:\Users\ANDREW 2014\AppData\Local:BBlseWqp3wjplDD2LynvXTNA [2296] AlternateDataStreams: C:\Users\ANDREW 2014\AppData\Local\Application Data:BBlseWqp3wjplDD2LynvXTNA [2296] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2016-06-27 16:52 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Antony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: Chromium => "c:\users\antony\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session MSCONFIG\startupreg: EADM => "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup MSCONFIG\startupreg: Steam => "E:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: uTorrent => "C:\Users\Antony\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{1852DC5C-64A1-406E-ACF7-50A718595BCF}] => (Allow) C:\Users\ANDREW 2014\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{43517938-3B4F-46A5-97A0-B834CC86D45F}] => (Allow) C:\Users\ANDREW 2014\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CC9C53A8-1658-433F-AF07-D28507A3B4B4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{7057D3C5-53B4-46F8-99AE-82887243D288}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2D3E9C50-08DD-4869-8203-9B47BA794732}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F6E29EE4-EDD9-4B6F-8380-9DF712F60A49}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C739F319-C2FC-4C30-8C52-17442C104D28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5F2F0078-BAFF-4046-98A4-92F8A412BCE9}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{46CCAB8B-E282-4E61-82FF-CAF59B1132DA}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D00A9190-A3AB-46EF-95C5-1D9F8C3E4343}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{B2615C69-2561-4DF9-B39F-5D83BE7D515C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{AD045BB9-2DB6-4195-A6CC-D324E77A4623}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone\Hearthstone.exe FirewallRules: [{D2C2CEED-A903-4FAF-A6AB-DD2A462D76FE}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone\Hearthstone.exe FirewallRules: [{F86D56FB-2C3C-4D1C-9043-1673849C491E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{2B8251E0-9917-4CBD-85D7-ABA253587E78}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{529D591F-E466-44D7-B8E8-15A9B37886BA}D:\program files (x86)\itunes\itunes.exe] => (Allow) D:\program files (x86)\itunes\itunes.exe FirewallRules: [{F4FE00BD-9D59-4D9C-A99A-31187F48A40B}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{5FC52077-B6CB-459D-9791-267B95ACD9F9}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{B58607BA-C2C1-44A1-A4E6-39B16237E17F}] => (Allow) C:\Users\ANDREW 2014\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{7BD0D4D2-8953-44A7-BAF2-60A837F449B6}] => (Allow) C:\Users\ANDREW 2014\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{6BA27C7B-6CC6-4392-B3DE-82917ACC7C12}C:\users\andrew 2014\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\andrew 2014\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{CA8E6CAA-6A1C-462E-B031-F0C2F72D3450}C:\users\andrew 2014\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\andrew 2014\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{A9431F24-BF0E-4E73-980E-D8715B0DC9DA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{8F081509-486A-44BB-9DC6-114667A00DBB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{096848DA-8798-48AD-AE97-45EF155A70CF}] => (Allow) D:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{EA8A1D91-95CC-49F7-813F-E31FF0F00079}] => (Allow) D:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{2EB592B5-8B06-46E1-96AA-779E5D1DDADA}] => (Allow) D:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{18D22EA9-40FC-4ACB-8F55-736C1E62E85C}] => (Allow) D:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{30FEF530-A4C4-45EA-B102-0CFCB5C13290}] => (Allow) D:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{F39DA8FD-51B4-4011-B3E7-1963F4978302}] => (Allow) D:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{2D3ADCFF-1FAE-4351-8ECC-C5D53A365C24}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{6985FC53-DE89-4784-B2C1-724CB1CD195D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [TCP Query User{F8312B19-8426-4229-B41D-807C5A9AC6EC}D:\program files (x86)\itunes\itunes.exe] => (Allow) D:\program files (x86)\itunes\itunes.exe FirewallRules: [UDP Query User{D9A8DCE2-2E64-4C05-977D-85ADBE9F33CB}D:\program files (x86)\itunes\itunes.exe] => (Allow) D:\program files (x86)\itunes\itunes.exe FirewallRules: [TCP Query User{6352F0A9-0FEC-44FA-A617-90EDA8144EEB}D:\program files (x86)\hearthstone\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\hearthstone\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{518B385F-E015-4958-891E-F479B6B358FA}D:\program files (x86)\hearthstone\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\hearthstone\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{4E8D31DC-552F-4209-8F02-76E8A70790B9}D:\program files (x86)\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{3B1BA20B-818D-4672-B8D4-1959E7198200}D:\program files (x86)\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone\hearthstone.exe FirewallRules: [{98A2407B-FE89-4DD8-9517-2F6AC5109E09}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TERA\TERA-Launcher.exe FirewallRules: [{CA4D458B-73E2-4165-8102-CD8B0429F01D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TERA\TERA-Launcher.exe FirewallRules: [TCP Query User{1AE4DC47-EC84-4A58-A00F-8F11B934569E}C:\users\andrew 2014\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\andrew 2014\appdata\roaming\utorrent\updates\3.4.3_40298.exe FirewallRules: [UDP Query User{ABCAE965-157A-4E0F-A294-39C6A2ED90A5}C:\users\andrew 2014\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\andrew 2014\appdata\roaming\utorrent\updates\3.4.3_40298.exe FirewallRules: [{A25DBEFC-6BAC-434B-83AA-B5CCB26D119B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [{D64A24CF-A094-4320-A083-AD86952F3516}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [{37094691-1278-4819-B4E6-B98B655881C3}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{7635B646-A0C8-4FD3-9318-F51554764AC8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{B5C3B842-2C29-4287-AE33-CCFDB475B000}] => (Allow) D:\DragonNest\DragonNest.exe FirewallRules: [{CC7B6B10-96E7-4E85-9D75-C87BCA929A04}] => (Allow) D:\DragonNest\DragonNest.exe FirewallRules: [{17F24307-7F57-4875-B236-A810C3D46B05}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe FirewallRules: [{54DDB951-4EAB-4F19-B3D8-DFBFD11B645F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe FirewallRules: [{C9F30C70-6BE1-4731-BEB1-D4A20BF1DF91}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{68253D92-A724-45D4-8B83-ECD5319B8271}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{63989335-3747-4103-A19B-743C5E616E98}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{7BD1C766-36F3-44BA-B29D-106F1A4D476E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{E739CB18-7A3F-4CC6-A50F-85576966C927}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{56DD8B40-3CCA-426B-88FA-15B1D129268D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{76E454D6-CED7-4944-812F-F93D76EEEAEA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{249287F4-6580-4625-9C63-8A53D7F206DF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{F374F8DA-10E5-463D-838D-69978C523A57}] => (Allow) C:\Users\Antony\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CF583054-6AC2-4C72-9D89-AF512C94121F}] => (Allow) C:\Users\Antony\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{600D343A-1D4E-4DC9-A085-583717D34765}] => (Allow) C:\Users\Antony\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{39A65F23-E84D-49BE-82EC-A767BB409BCC}] => (Allow) C:\Users\Antony\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{69BFAC52-3B12-4524-A0A1-171F3CF9101F}] => (Allow) C:\Users\Antony\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D5E2280A-524F-4409-8993-0355DE6BE1DE}] => (Allow) C:\Users\Antony\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{734C22C4-0E6D-4CE9-9323-7F71EA48F2FE}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{F954903B-5FBF-4FCD-A087-D1F8C4798934}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{02AF3629-771A-4A0B-AABB-E0DD32375153}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{3400AF04-EC32-4A23-80BE-9C0540FBCA4B}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{03EFFC26-DE0A-44EA-A3A9-5D539D46F67C}D:\downloads\clover\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\downloads\clover\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [UDP Query User{C74A3E2C-B34F-4E40-9EFB-ECF751D044E2}D:\downloads\clover\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\downloads\clover\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [TCP Query User{1DE338D0-D84D-421D-BCEA-C454B3D11D45}D:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe] => (Allow) D:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe FirewallRules: [UDP Query User{EE3BE730-0026-4B9C-94F6-B6775436A9DE}D:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe] => (Allow) D:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe FirewallRules: [TCP Query User{57B3662F-E3AF-4C90-9A95-4964D9C8C6AD}D:\program files (x86)\epic games\4.11\engine\binaries\dotnet\swarmagent.exe] => (Block) D:\program files (x86)\epic games\4.11\engine\binaries\dotnet\swarmagent.exe FirewallRules: [UDP Query User{0E07DE08-EE66-49B5-B788-EB6354128466}D:\program files (x86)\epic games\4.11\engine\binaries\dotnet\swarmagent.exe] => (Block) D:\program files (x86)\epic games\4.11\engine\binaries\dotnet\swarmagent.exe FirewallRules: [TCP Query User{A0D2E62B-8A37-4B1C-AF83-632C8EC9955B}C:\users\antony\appdata\local\staxel.launcher\gamedata\bin\staxel.server.exe] => (Allow) C:\users\antony\appdata\local\staxel.launcher\gamedata\bin\staxel.server.exe FirewallRules: [UDP Query User{63446DA1-1AC8-411E-B553-620CA028071B}C:\users\antony\appdata\local\staxel.launcher\gamedata\bin\staxel.server.exe] => (Allow) C:\users\antony\appdata\local\staxel.launcher\gamedata\bin\staxel.server.exe FirewallRules: [{50B84BC9-0AC4-4B44-84E6-25135A037303}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\launcher\launcher.exe FirewallRules: [{54A6CE6A-1C7B-4CA9-A2A9-80D1ED29D869}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Starbound - Unstable\win32\launcher\launcher.exe FirewallRules: [{3944730D-8A88-4A67-B8A9-F53D3157199B}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7D768D47-9632-45FF-91CC-FEAA109D0598}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4CB9D9A0-AF15-46CD-A73E-EA2ADDB76B16}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7D253B32-A817-433B-86D4-A0CF506D5BDD}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3D8EF57C-8589-4AA2-B657-C3FBAFD94C2B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{8AD4CF2F-7686-4283-9CED-8E0968E8D209}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{65EF4998-7BED-4A0B-979E-2A0CF946EFAB}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{F97F9D14-7043-496A-A698-88D01935EC31}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [{2833FE0A-353C-4EDE-B8E6-94A4710B8CFC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe FirewallRules: [{460AE179-35F5-4F8B-BB26-85312D305562}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\launcher\launcher.exe FirewallRules: [TCP Query User{41269D19-2E6F-4F3C-8BD3-45889922F91B}E:\program files (x86)\overwatch\overwatch.exe] => (Allow) E:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{5F8BC7E1-489C-4D80-8B1D-63F3895E649D}E:\program files (x86)\overwatch\overwatch.exe] => (Allow) E:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{CCD4FAB8-0D0E-468F-8B11-E3DBE5A774B4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe FirewallRules: [{29D710CA-B67D-4696-8B19-3EED82842BAA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe FirewallRules: [{6CA637C8-A1D2-464D-AC58-974FF2F9E912}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe FirewallRules: [{6537A902-3106-4FBA-9E2B-4C3E269E3EDB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe FirewallRules: [{502CCD1B-BEFA-406A-A245-417C0F8E2D76}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe FirewallRules: [{863BB3E5-4242-4D8C-8861-6B0F011A623B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe FirewallRules: [{91483B24-720C-4A97-908B-BBA448072F16}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{D4C1ADAB-C597-46BF-A3B2-F6C622DB8045}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{9EB0055C-B8DA-422D-A88F-593D1FEAA46D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\NEKOPALIVE\Package\Nekopara\Binaries\Win64\Nekopara.exe FirewallRules: [{F42751AB-121B-4373-B2BA-395534747618}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\NEKOPALIVE\Package\Nekopara\Binaries\Win64\Nekopara.exe FirewallRules: [{0F6DA5EA-62AA-4FF9-880A-BAB3E81B1D41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{ED5E335A-62B0-41B6-8DF2-6431FDC3A4A2}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{638A70F8-AD0E-4FA1-9359-7547478F41DA}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [{98C02E4B-A16E-4CDF-9738-0AEE54FE3B7D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{86D6CBCA-D141-48F7-8503-EC461657BFCD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{17B55DC3-D289-462F-ADAC-47E952024402}] => (Allow) E:\Program Files (x86)\Mr DJ\Metal Gear Solid V Phantom Pain\Launcher.exe FirewallRules: [{81C78EA1-17FA-4D9D-A547-2B48BB46787F}] => (Allow) E:\Program Files (x86)\Mr DJ\Metal Gear Solid V Phantom Pain\Launcher.exe FirewallRules: [{411E9D20-4044-40AA-87D4-724E42DAF90B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{F6C02270-3317-4178-B4E1-4911E86C8CDC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{61BC375D-3BF0-49CE-A814-A77845EE132C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{32988F40-5F73-42FE-A0C5-3E763E7E7AB0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7469EDEE-2DD8-4BB4-87E9-66EF2C553B50}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{CA07BAB6-4300-46CC-81BC-EEBBB0DE226C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{20913039-5E81-4905-BE8F-7DB6CA7D96A9}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{6BC2BD6C-255F-4D4B-ABA8-FB24DD4FE6EE}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe FirewallRules: [{4D4D2DE1-1258-4031-990B-553FBAC15760}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [{B7BDB292-1DFB-4C50-A4B6-25CE5DADF2D4}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe FirewallRules: [TCP Query User{CD16CC15-E654-4101-BF60-CCE10A8644BF}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [UDP Query User{FD7C76C3-D6FD-4BB4-88C6-5598DDFA995F}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [{BBD19D66-9E6B-4BAA-8C97-4C2D0259B0C2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{1117DF5F-48C2-4C09-93AD-242FE908D9E5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{B9B2221A-3D13-4F09-969F-C3CBDFDC6A36}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe FirewallRules: [{5E4EED6C-DFD4-4168-9B0A-7135C182B23D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe FirewallRules: [{2F21BE1F-D7CC-43BC-83BF-3C07629A3C84}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe FirewallRules: [{F788ED77-958D-45E2-AF5B-C88D786C19B8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe ==================== Restore Points ========================= 27-06-2016 16:43:47 Removed Java 8 Update 31 ==================== Faulty Device Manager Devices ============= Name: AODDriver4.2.0 Description: AODDriver4.2.0 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2.0 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: HP Officejet Pro 8620 Description: HP Officejet Pro 8620 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/27/2016 03:58:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2016 03:36:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2016 12:44:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzStats.Manager.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 08000008 Stack: Error: (06/26/2016 11:33:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 07:43:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 03:30:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 01:14:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzStats.Manager.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 19000019 Stack: Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8018 Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8018 Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (06/27/2016 03:57:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/27/2016 03:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: %%3 = The system cannot find the path specified. Error: (06/27/2016 03:56:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70f-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:56:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70e-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:56:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70c-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:34:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/27/2016 03:34:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: %%3 = The system cannot find the path specified. Error: (06/27/2016 03:34:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70f-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:34:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70e-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:34:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70c-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. CodeIntegrity: =================================== Date: 2016-06-27 17:14:14.268 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:14:14.236 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:14:14.102 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:12:56.690 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:12:56.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:11:50.773 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:11:50.733 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:11:50.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:09:16.378 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:09:14.550 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X6 1090T Processor Percentage of memory in use: 52% Total physical RAM: 8190.18 MB Available physical RAM: 3865.63 MB Total Virtual: 16378.54 MB Available Virtual: 11361.18 MB ==================== Drives ================================ Drive c: (OS 7) (Fixed) (Total:59.53 GB) (Free:8.05 GB) NTFS Drive d: (DATA) (Fixed) (Total:368.1 GB) (Free:66.74 GB) NTFS Drive e: (OLD DATA) (Fixed) (Total:919.53 GB) (Free:76.19 GB) NTFS Drive f: (RECOVERY OS 7 DO NOT FORMAT.) (Fixed) (Total:97.66 GB) (Free:87.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8AF6C565) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E942D85) Partition 1: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 7E9CAA7E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  11. solved

    Gotta say, I'm learning so much useful things and stuff I did not know even existed in a cool fashion Here's my speed test: http://i.imgur.com/6TFwk82.png?1 It froze once again though :/ FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02 Ran by Antony (administrator) on ANDREW2014-PC (27-06-2016 17:15:04) Running from E:\Users\chi\Downloads Loaded Profiles: Antony (Available Profiles: ANDREW 2014 & Antony) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe (SeriousBit) E:\Program Files (x86)\NetBalancer\SeriousBit.NetBalancer.Service.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Brio) C:\Program Files\FolderSize\FolderSize.exe (SeriousBit) E:\Program Files (x86)\NetBalancer\SeriousBit.NetBalancer.Tray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Advanced Micro Devices Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe (Razer, Inc.) C:\Users\Antony\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Zemana Ltd.) E:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Zemana Ltd.) E:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Igor Pavlov) C:\Program Files\7-Zip\7zFM.exe (www.sordum.org) E:\Users\chi\Downloads\DnsJumper\DnsJumper\DnsJumper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [VDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5301880 2012-11-30] (VIA) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc) HKLM\...\Run: [ZAM] => E:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13706992 2016-06-27] (Zemana Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.) HKLM-x32\...\Run: [StartCCC] => D:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2034708905-2678556690-501098093-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd) HKU\S-1-5-21-2034708905-2678556690-501098093-1003\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio) HKU\S-1-5-21-2034708905-2678556690-501098093-1003\...\Run: [NetBalancer] => E:\Program Files (x86)\NetBalancer\SeriousBit.NetBalancer.Tray.exe [1915256 2016-06-23] (SeriousBit) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File Startup: C:\Users\ANDREW 2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-31] ShortcutTarget: Dropbox.lnk -> C:\Users\Antony\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\ANDREW 2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Splice for Windows.lnk [2015-09-27] ShortcutTarget: Splice for Windows.lnk -> C:\Users\Antony\AppData\Local\Splice\Splice.WinClient\Splice.WinClient.exe (No File) Startup: C:\Users\Antony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-05-20] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter) GroupPolicyScripts: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{911923BA-2B96-45C2-B50F-EEE73491B929}: [NameServer] 8.8.8.8,8.8.4.4,192.168.1.1 Tcpip\..\Interfaces\{911923BA-2B96-45C2-B50F-EEE73491B929}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP HKU\S-1-5-21-2034708905-2678556690-501098093-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE07&ocid=UE07DHP SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2034708905-2678556690-501098093-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07] (DVDVideoSoft Ltd.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-08-09] (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-11-26] [not signed] Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-01] CHR Extension: (Magic Actions for YouTube™) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-05-30] CHR Extension: (BetterTTV) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03] CHR Extension: (Google Docs) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-01] CHR Extension: (Google Drive) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01] CHR Extension: (YouTube) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-01] CHR Extension: (Adblock Plus) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02] CHR Extension: (Google Search) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01] CHR Extension: (Google Sheets) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-01] CHR Extension: (Google Docs Offline) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24] CHR Extension: (AdBlock) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02] CHR Extension: (Facebook Unseen) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2016-05-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24] CHR Extension: (AlienTube for YouTube™) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2016-04-24] CHR Extension: (Gmail) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-01] CHR Extension: (Chrome Media Router) - C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-10] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2034708905-2678556690-501098093-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed] R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed] R2 NetBalancerService; E:\Program Files (x86)\NetBalancer\SeriousBit.NetBalancer.Service.exe [179064 2016-06-23] (SeriousBit) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.) S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-24] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-06-24] () R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [54272 2015-12-18] (Razer Inc.) [File not signed] R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-11-30] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 ZAMSvc; E:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13706992 2016-06-27] (Zemana Ltd.) S3 Disc Soft Bus Service; "D:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; D:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-02-04] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.) R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] () R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [40976 2016-01-15] (SeriousBit) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc) S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc) S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-01-10] (Razer Inc) S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [32936 2013-11-14] (Razer Inc) S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc) S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc) S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] () R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-06-27] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-06-27] (Zemana Ltd.) S2 AODDriver4.2.0; \??\D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-27 17:14 - 2016-06-27 17:15 - 00000000 ____D C:\FRST 2016-06-27 16:46 - 2016-06-27 17:14 - 00046573 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-06-27 16:46 - 2016-06-27 17:14 - 00041406 _____ C:\Windows\ZAM.krnl.trace 2016-06-27 16:45 - 2016-06-27 16:45 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-06-27 16:45 - 2016-06-27 16:45 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-06-27 16:45 - 2016-06-27 16:45 - 00000897 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-06-27 16:45 - 2016-06-27 16:45 - 00000000 ____D C:\Users\Antony\AppData\Local\Zemana 2016-06-27 16:45 - 2016-06-27 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-06-27 16:29 - 2016-06-27 16:29 - 00000681 _____ C:\RstHosts.txt 2016-06-27 16:22 - 2016-06-27 16:22 - 00000000 ____D C:\Users\Antony\AppData\Local\ElevatedDiagnostics 2016-06-27 15:42 - 2016-06-27 15:46 - 00000000 ____D C:\Windows\pss 2016-06-27 15:35 - 2016-06-27 15:37 - 00000000 ____D C:\Users\Antony\AppData\LocalLow\uTorrent 2016-06-26 23:27 - 2016-06-26 23:29 - 00005106 _____ C:\Users\Antony\Desktop\ZHPCleaner.txt 2016-06-26 23:20 - 2016-06-27 15:51 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-06-26 23:20 - 2016-06-26 23:20 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-06-26 23:20 - 2016-06-26 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-06-26 23:20 - 2016-06-26 23:20 - 00000000 ____D C:\Program Files\CCleaner 2016-06-26 20:56 - 2016-06-27 15:51 - 00003124 _____ C:\Windows\System32\Tasks\{8EEE825E-F4E9-4AE8-B7D4-EFC6709BDF9F} 2016-06-26 20:53 - 2016-06-26 20:53 - 00000222 _____ C:\Users\Antony\Desktop\Alien Isolation.url 2016-06-26 20:12 - 2016-06-26 23:29 - 00000000 ____D C:\Users\Antony\AppData\Roaming\ZHP 2016-06-26 20:12 - 2016-06-26 23:22 - 00000797 _____ C:\Users\Antony\Desktop\ZHPCleaner.lnk 2016-06-26 19:55 - 2016-06-26 19:55 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2016-06-26 19:55 - 2016-06-26 19:55 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA 2016-06-26 19:53 - 2016-06-26 19:53 - 00008460 _____ C:\Users\Antony\Desktop\JRT.txt 2016-06-26 19:22 - 2016-06-26 19:40 - 00000000 ____D C:\AdwCleaner 2016-06-26 18:38 - 2016-06-27 00:39 - 00000002 _____ C:\runcheck.txt 2016-06-26 18:37 - 2016-06-26 18:37 - 00000000 ____D C:\zoek_backup 2016-06-25 04:23 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2016-06-25 04:23 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-06-25 03:39 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2016-06-25 03:39 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2016-06-25 03:39 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2016-06-25 03:39 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2016-06-25 03:39 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2016-06-25 03:39 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2016-06-25 03:39 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2016-06-25 03:39 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2016-06-25 03:37 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-06-25 03:37 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-06-25 03:37 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-06-25 03:37 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-06-25 03:37 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-06-25 03:37 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-06-25 03:37 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-06-25 03:37 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-06-25 03:37 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-06-25 03:37 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-06-25 03:37 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-06-25 03:37 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-06-25 03:37 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-06-25 03:37 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-06-25 03:37 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-06-25 03:37 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-06-25 03:37 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-06-25 03:37 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-06-25 03:37 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-06-25 03:37 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-06-25 03:37 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-06-25 03:37 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-06-25 03:37 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-06-25 03:37 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-06-25 03:37 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-06-25 03:37 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-06-25 03:37 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-06-25 03:37 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-06-25 03:37 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-06-25 03:37 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-06-25 03:37 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-06-25 03:37 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-06-25 03:37 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-06-25 03:37 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-06-25 03:37 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-06-25 03:37 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-06-25 03:37 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-06-25 03:37 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-06-25 03:37 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-06-25 03:37 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-06-25 03:37 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-06-25 03:37 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-06-25 03:37 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-06-25 03:37 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-06-25 03:37 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-06-25 03:37 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-06-25 03:37 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-06-25 03:37 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-06-25 03:37 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-06-25 03:37 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-06-25 03:37 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-06-25 03:37 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-06-25 03:37 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-06-25 03:37 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-06-25 03:37 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-06-25 03:37 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-06-25 03:37 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-06-25 03:37 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-06-25 03:37 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-06-25 03:37 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-06-25 03:37 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-06-25 03:37 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-06-25 03:37 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-06-25 03:37 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-06-25 03:37 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-06-25 03:37 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-06-25 03:37 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-06-25 03:37 - 2016-04-14 06:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-06-25 03:37 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-06-25 03:37 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-06-25 03:37 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-06-25 03:37 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-06-25 03:37 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-06-25 03:37 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-06-25 03:37 - 2015-12-08 14:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-06-25 03:37 - 2015-12-08 14:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-06-25 03:37 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll 2016-06-25 03:37 - 2015-12-08 14:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-06-25 03:37 - 2015-12-08 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-06-25 03:37 - 2015-12-08 12:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-06-25 03:37 - 2015-12-08 12:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll 2016-06-25 03:37 - 2015-12-08 12:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-06-25 03:37 - 2015-12-08 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-06-25 03:37 - 2015-12-08 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-06-25 03:37 - 2015-12-08 11:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-06-25 03:37 - 2015-12-08 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2016-06-25 03:37 - 2015-12-08 11:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2016-06-25 03:37 - 2015-11-10 11:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-06-25 03:37 - 2015-11-10 11:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-06-25 03:37 - 2015-11-10 11:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-06-25 03:37 - 2015-11-10 11:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-06-25 03:37 - 2015-11-10 11:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-06-25 03:37 - 2015-07-16 12:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2016-06-25 03:37 - 2015-07-16 12:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2016-06-25 03:37 - 2015-07-16 12:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2016-06-25 03:37 - 2015-07-16 12:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2016-06-25 03:37 - 2015-07-16 12:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2016-06-25 03:37 - 2015-07-16 12:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2016-06-25 03:37 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2016-06-25 03:37 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2016-06-25 03:37 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2016-06-25 03:37 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2016-06-25 03:37 - 2014-08-28 19:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2016-06-25 03:37 - 2014-08-28 18:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2016-06-25 03:36 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-06-25 03:36 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-06-25 03:36 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-06-25 03:36 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-06-25 03:36 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-06-25 03:36 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-06-25 03:36 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-06-25 03:36 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-06-25 03:36 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-06-25 03:36 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-06-25 03:36 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-25 03:36 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-06-25 03:36 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-06-25 03:36 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-06-25 03:36 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-06-25 03:36 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-06-25 03:36 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2016-06-25 03:36 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll 2016-06-25 03:36 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-06-25 03:36 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe 2016-06-25 03:36 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-06-25 03:36 - 2016-03-17 15:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-06-25 03:36 - 2016-03-17 15:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-06-25 03:36 - 2016-03-15 17:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2016-06-25 03:36 - 2016-03-15 17:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2016-06-25 03:36 - 2016-03-15 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2016-06-25 03:36 - 2016-03-06 11:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-06-25 03:36 - 2016-03-06 11:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2016-06-25 03:36 - 2016-03-06 11:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-06-25 03:36 - 2016-03-06 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2016-06-25 03:36 - 2016-02-12 11:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-06-25 03:36 - 2016-02-12 11:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-06-25 03:36 - 2016-02-12 11:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-06-25 03:36 - 2016-02-12 11:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-06-25 03:36 - 2016-02-12 11:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-06-25 03:36 - 2016-02-12 11:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-06-25 03:36 - 2016-02-12 11:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-06-25 03:36 - 2016-02-12 11:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-06-25 03:36 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-06-25 03:36 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-06-25 03:36 - 2016-02-12 11:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-06-25 03:36 - 2016-02-12 11:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-06-25 03:36 - 2016-02-12 11:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-06-25 03:36 - 2016-02-12 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-06-25 03:36 - 2016-02-12 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-06-25 03:36 - 2016-02-12 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-06-25 03:36 - 2015-12-20 11:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-06-25 03:36 - 2015-12-20 11:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2016-06-25 03:36 - 2015-12-20 07:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-06-25 03:36 - 2015-11-03 12:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2016-06-25 03:36 - 2015-11-03 11:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2016-06-25 03:36 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-06-25 03:36 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-06-25 03:36 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-06-25 03:36 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-06-25 03:36 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2016-06-25 03:36 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2016-06-25 03:36 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2016-06-25 03:36 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2016-06-25 03:36 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-06-25 03:36 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-06-25 03:36 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-06-25 03:36 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-06-25 03:36 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-06-25 03:36 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-06-25 03:36 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-06-25 03:36 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-06-25 03:36 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-06-25 03:36 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-06-25 03:36 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-06-25 03:36 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-06-25 03:36 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2016-06-25 03:36 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2016-06-25 03:36 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-06-25 03:36 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-06-25 03:36 - 2014-12-11 10:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2016-06-25 03:36 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2016-06-25 03:36 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2016-06-25 03:36 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2016-06-25 03:36 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2016-06-25 03:36 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2016-06-25 03:36 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2016-06-25 03:36 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2016-06-25 03:36 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2016-06-25 03:36 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2016-06-25 03:36 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2016-06-25 03:36 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2016-06-25 03:36 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2016-06-25 03:35 - 2016-02-03 11:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2016-06-25 03:35 - 2015-10-12 21:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2016-06-25 03:35 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-06-25 03:35 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2016-06-25 03:35 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2016-06-25 03:35 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2016-06-25 03:35 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2016-06-25 03:35 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2016-06-25 03:35 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2016-06-25 03:31 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2016-06-25 03:31 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2016-06-25 01:12 - 2016-06-25 01:13 - 00000000 ____D C:\Users\Antony\AppData\Roaming\DarkSoulsII 2016-06-24 23:29 - 2016-06-24 23:29 - 00000832 _____ C:\Users\Public\Desktop\NetBalancer Tray.lnk 2016-06-24 23:29 - 2016-06-24 23:29 - 00000826 _____ C:\Users\Public\Desktop\NetBalancer.lnk 2016-06-24 23:29 - 2016-06-24 23:29 - 00000000 ____D C:\ProgramData\SeriousBit 2016-06-24 23:29 - 2016-06-24 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBalancer 2016-06-24 23:29 - 2016-01-15 09:41 - 00040976 _____ (SeriousBit) C:\Windows\system32\Drivers\nbdrv.sys 2016-06-24 23:13 - 2016-06-24 23:13 - 00000939 _____ C:\Users\Public\Desktop\Battlefield 4.lnk 2016-06-24 23:13 - 2016-06-24 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4 2016-06-24 23:13 - 2016-06-24 23:13 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2016-06-24 23:12 - 2016-06-24 23:12 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2016-06-24 23:12 - 2016-06-24 23:12 - 00281872 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2016-06-24 23:12 - 2016-06-24 23:12 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe 2016-06-24 18:44 - 2016-06-24 18:44 - 00000728 _____ C:\Users\Antony\Desktop\TechPowerUp GPU-Z.lnk 2016-06-24 18:44 - 2016-06-24 18:44 - 00000000 ____D C:\Users\Antony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2016-06-24 17:35 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-06-24 17:35 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-06-24 17:35 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-06-24 17:35 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-06-24 17:35 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-06-24 17:35 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-06-24 17:35 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-06-24 17:35 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-06-24 17:35 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-06-24 17:35 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-06-24 17:35 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-06-24 17:35 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-06-24 17:35 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-06-24 17:35 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-06-24 17:35 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-06-24 17:35 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-06-24 17:35 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-06-24 17:35 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-06-24 17:35 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-06-24 17:35 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-06-24 17:35 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-06-24 17:35 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-06-24 17:35 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-06-24 17:35 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-06-24 17:35 - 2016-03-23 15:43 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2016-06-24 17:35 - 2016-03-23 15:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-06-24 17:35 - 2016-03-23 15:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-06-24 17:35 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2016-06-24 17:35 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2016-06-24 17:35 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2016-06-24 17:35 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2016-06-24 17:35 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2016-06-24 17:35 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2016-06-24 17:35 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2016-06-24 17:35 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2016-06-24 17:34 - 2016-05-12 10:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-24 17:34 - 2016-05-12 10:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-24 17:34 - 2016-05-12 10:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-24 17:34 - 2016-05-12 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-24 17:34 - 2016-05-12 10:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-24 17:34 - 2016-05-12 10:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-24 17:34 - 2016-05-12 10:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-06-24 17:34 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-06-24 17:34 - 2016-05-12 08:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-24 17:34 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-06-24 17:34 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-06-24 17:34 - 2016-05-12 07:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-24 17:34 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-06-24 17:34 - 2016-05-12 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-24 17:34 - 2016-05-12 07:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-24 17:34 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-24 17:34 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-06-24 17:34 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-06-24 17:34 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-24 17:34 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-06-24 17:34 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-06-24 17:34 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-06-24 17:34 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2016-06-24 17:34 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-06-24 17:34 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-06-24 17:34 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-06-24 17:34 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2016-06-24 17:34 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-06-24 17:34 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-06-24 17:34 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-06-24 17:34 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-06-24 17:34 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2016-06-24 17:34 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2016-06-24 17:34 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2016-06-24 17:34 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2016-06-24 17:34 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2016-06-24 17:34 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2016-06-24 17:34 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-06-24 17:34 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2016-06-24 17:34 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2016-06-24 17:34 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2016-06-24 17:34 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2016-06-24 17:34 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2016-06-24 17:34 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2016-06-24 17:34 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2016-06-24 17:34 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2016-06-24 17:34 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2016-06-24 17:34 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2016-06-24 17:34 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2016-06-24 17:34 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2016-06-24 17:34 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2016-06-24 17:34 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2016-06-24 17:34 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2016-06-24 17:34 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2016-06-24 17:34 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2016-06-24 17:34 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2016-06-24 17:34 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2016-06-24 17:34 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2016-06-24 17:34 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2016-06-24 17:34 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2016-06-24 17:34 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2016-06-24 17:33 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-06-24 17:33 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-06-24 17:33 - 2016-05-12 10:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll 2016-06-24 17:33 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-06-24 17:33 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-06-24 17:33 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-06-24 17:33 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-06-24 17:33 - 2016-05-12 10:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll 2016-06-24 17:33 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll 2016-06-24 17:33 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll 2016-06-24 17:33 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2016-06-24 17:33 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll 2016-06-24 17:33 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll 2016-06-24 17:33 - 2016-05-12 08:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe 2016-06-24 17:33 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll 2016-06-24 17:33 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe 2016-06-24 17:33 - 2016-04-09 00:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-06-24 17:33 - 2016-04-09 00:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-06-24 17:33 - 2016-04-08 23:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-06-24 17:33 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-06-24 17:33 - 2016-02-09 02:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-06-24 17:33 - 2016-02-09 02:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-06-24 17:33 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2016-06-24 17:33 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2016-06-24 17:33 - 2016-02-09 02:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2016-06-24 17:33 - 2016-02-09 02:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-06-24 17:33 - 2016-02-09 02:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-06-24 17:33 - 2016-02-09 02:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2016-06-24 17:33 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2016-06-24 17:33 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2016-06-24 17:33 - 2016-02-04 18:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-06-24 17:33 - 2016-02-04 11:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-06-24 17:33 - 2016-02-03 11:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-06-24 17:33 - 2016-02-03 11:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-06-24 17:33 - 2016-02-03 11:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-06-24 17:33 - 2016-02-03 11:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-06-24 17:33 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-06-24 17:33 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-06-24 17:33 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-06-24 17:33 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-06-24 17:33 - 2015-11-13 16:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe 2016-06-24 17:33 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-06-24 17:33 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-06-24 17:33 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-06-24 17:33 - 2015-11-11 11:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2016-06-24 17:33 - 2015-11-11 11:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2016-06-24 17:33 - 2015-11-11 11:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2016-06-24 17:33 - 2015-11-11 11:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2016-06-24 17:33 - 2015-11-05 12:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2016-06-24 17:33 - 2015-11-05 12:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2016-06-24 17:33 - 2015-11-05 02:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2016-06-24 17:33 - 2015-10-13 09:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2016-06-24 17:33 - 2015-10-13 09:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2016-06-24 17:33 - 2015-08-05 10:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2016-06-24 17:33 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2016-06-24 17:33 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2016-06-24 17:33 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2016-06-24 17:33 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2016-06-24 17:33 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2016-06-24 17:33 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2016-06-24 17:33 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2016-06-24 17:33 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2016-06-24 17:33 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2016-06-24 17:33 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2016-06-24 17:33 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2016-06-24 17:33 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2016-06-24 17:33 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2016-06-24 17:33 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2016-06-24 17:33 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-06-24 17:33 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2016-06-24 17:33 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-06-24 17:33 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-06-24 17:33 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-06-24 17:33 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-06-24 17:33 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2016-06-24 17:33 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2016-06-24 17:33 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2016-06-24 17:33 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2016-06-24 17:31 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-06-24 17:31 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-24 17:31 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-24 17:31 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-06-24 17:31 - 2016-04-08 20:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-06-24 17:31 - 2016-02-09 02:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-06-24 17:31 - 2015-11-03 12:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2016-06-24 17:31 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2016-06-24 17:31 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2016-06-24 17:31 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2016-06-24 17:27 - 2016-06-25 14:04 - 00000000 ____D C:\Users\Antony\AppData\Roaming\Origin 2016-06-24 17:27 - 2016-06-24 23:15 - 00000000 ____D C:\Users\Antony\AppData\Local\Origin 2016-06-24 17:15 - 2016-06-27 00:39 - 00000000 ____D C:\ProgramData\Origin 2016-06-24 17:15 - 2016-06-24 23:21 - 00000000 ____D C:\ProgramData\Electronic Arts 2016-06-24 17:15 - 2016-06-24 17:15 - 00000740 _____ C:\Users\Public\Desktop\Origin.lnk 2016-06-24 17:15 - 2016-06-24 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-06-23 00:31 - 2016-06-23 00:31 - 00000971 _____ C:\Users\Public\Desktop\Metal Gear Solid V Phantom Pain.lnk 2016-06-23 00:31 - 2016-06-23 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ 2016-06-21 21:19 - 2016-06-21 21:19 - 00000221 _____ C:\Users\Antony\Desktop\LIMBO.url 2016-06-21 01:50 - 2016-06-21 01:50 - 00000000 ____D C:\Users\Antony\AppData\Roaming\.technic 2016-06-21 01:41 - 2016-06-21 01:41 - 00000000 ____D C:\ProgramData\RELOADED 2016-06-19 18:25 - 2016-06-19 18:25 - 00000000 ____D C:\Users\Antony\AppData\LocalLow\Sunyiru 2016-06-13 09:26 - 2016-06-13 09:26 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Local\SpliceSettings 2016-06-12 00:09 - 2016-06-12 00:09 - 00000000 ____D C:\Users\Antony\AppData\Local\CAPCOM 2016-06-12 00:04 - 2016-06-12 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen 2016-06-11 17:01 - 2016-06-11 17:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2016-06-11 17:01 - 2016-06-11 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories 2016-06-11 17:01 - 2016-06-11 17:01 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories 2016-06-11 13:35 - 2016-06-11 13:35 - 00001250 _____ C:\Users\Antony\Desktop\Final Fantasy X X-2 HD Remaster.lnk 2016-06-11 13:35 - 2016-06-11 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy X X-2 HD Remaster 2016-06-03 11:17 - 2016-06-03 11:17 - 00004521 _____ C:\Users\Antony\AppData\Roaming\CamStudio.cfg 2016-06-03 11:17 - 2016-06-03 11:17 - 00000408 _____ C:\Users\Antony\AppData\Roaming\CamShapes.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 00000408 _____ C:\Users\Antony\AppData\Roaming\CamLayout.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 00000050 _____ C:\Users\Antony\AppData\Roaming\Camdata.ini 2016-06-03 11:07 - 2016-06-03 11:07 - 00001206 _____ C:\Users\Antony\AppData\Roaming\CamStudio.Producer.ini 2016-06-03 11:07 - 2016-06-03 11:07 - 00000098 _____ C:\Users\Antony\AppData\Roaming\CamStudio.Producer.command 2016-06-03 11:07 - 2016-06-03 11:07 - 00000000 _____ C:\Users\Antony\AppData\Roaming\CamStudio.Producer.Data.ini 2016-06-03 09:35 - 2016-06-03 09:35 - 00000944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk 2016-06-03 09:34 - 2016-06-03 09:34 - 00000000 ____D C:\Program Files\Adobe 2016-05-31 22:30 - 2016-05-31 22:30 - 00000000 ____D C:\Users\Antony\AppData\Local\Nekopara 2016-05-31 22:29 - 2016-05-31 22:29 - 00000222 _____ C:\Users\Antony\Desktop\NEKOPALIVE.url 2016-05-31 19:08 - 2016-05-31 19:08 - 00000000 ____D C:\Users\Antony\AppData\Local\KeyConfig 2016-05-31 19:08 - 2016-05-31 19:08 - 00000000 ____D C:\Users\Antony\AppData\Local\Crashpad 2016-05-31 19:08 - 2016-05-31 19:08 - 00000000 ____D C:\Users\Antony\AppData\Local\9-rooms- 2016-05-31 14:47 - 2016-06-13 09:26 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Local\Splice 2016-05-31 14:47 - 2016-05-31 14:47 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Local\SquirrelTemp 2016-05-31 10:10 - 2016-05-31 10:10 - 00000000 ____D C:\ProgramData\Gyazo 2016-05-31 09:51 - 2016-05-31 09:51 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-30 01:01 - 2016-05-30 01:04 - 00000000 ____D C:\Users\Antony\AppData\Local\Staxel.Launcher ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-27 17:02 - 2014-01-20 19:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-27 16:50 - 2014-01-20 19:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-27 16:46 - 2016-01-01 22:16 - 00000000 ____D C:\Users\Antony 2016-06-27 16:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-06-27 16:25 - 2015-06-14 21:15 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000UA.job 2016-06-27 16:04 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-27 16:04 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-27 16:02 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-27 15:57 - 2016-01-01 23:05 - 00000000 ____D C:\Users\Antony\AppData\Roaming\uTorrent 2016-06-27 15:56 - 2014-01-20 21:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-27 15:56 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-27 15:53 - 2016-05-04 20:54 - 00000000 ____D C:\Users\Antony\AppData\Local\Battle.net 2016-06-27 15:51 - 2014-01-20 19:43 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-06-27 15:51 - 2014-01-20 19:43 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-06-27 15:44 - 2016-04-30 16:56 - 00003516 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ANDREW2014-PC-Antony 2016-06-27 15:44 - 2015-05-05 10:33 - 00003706 _____ C:\Windows\System32\Tasks\Java Update Scheduler 2016-06-27 15:44 - 2014-02-18 13:52 - 00003696 _____ C:\Windows\System32\Tasks\Adobe online update program 2016-06-27 15:44 - 2014-01-20 21:29 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-06-27 15:35 - 2016-01-01 22:17 - 00000000 ____D C:\Users\Antony\AppData\Roaming\Raptr 2016-06-26 23:35 - 2014-06-02 20:45 - 00000000 ____D C:\Windows\Minidump 2016-06-26 23:35 - 2014-01-20 18:43 - 00000000 ____D C:\Windows\Panther 2016-06-26 23:33 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-06-26 20:53 - 2016-01-01 22:46 - 00000000 ____D C:\Users\Antony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-06-26 20:25 - 2015-06-14 21:15 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2034708905-2678556690-501098093-1000Core.job 2016-06-26 16:59 - 2016-04-25 23:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-26 15:38 - 2016-01-01 22:17 - 00000000 ____D C:\Users\Antony\AppData\Local\Adobe 2016-06-25 20:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2016-06-25 12:28 - 2009-07-13 21:45 - 05084632 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-25 12:26 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal 2016-06-25 12:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-06-25 12:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism 2016-06-25 12:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-06-25 04:15 - 2014-01-20 19:47 - 00000000 ____D C:\Windows\system32\MRT 2016-06-25 04:09 - 2014-01-20 19:47 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-24 23:13 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-06-24 23:12 - 2014-01-28 12:52 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-23 23:11 - 2014-03-18 02:40 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-06-18 05:51 - 2014-01-20 19:43 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-16 22:55 - 2014-01-20 21:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-06-16 22:55 - 2014-01-20 21:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-14 15:59 - 2016-04-25 01:09 - 00000000 ____D C:\Users\Antony\AppData\LocalLow\Adobe 2016-06-14 15:59 - 2016-01-01 22:17 - 00000000 ____D C:\Users\Antony\AppData\Roaming\Adobe 2016-06-13 19:31 - 2010-11-20 20:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-06-13 09:29 - 2014-11-27 15:31 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Roaming\Dropbox 2016-06-13 09:29 - 2014-02-03 00:45 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Roaming\Skype 2016-06-13 09:26 - 2015-08-09 17:39 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Roaming\Raptr 2016-06-13 09:26 - 2015-06-14 21:15 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Local\Dropbox 2016-06-13 09:26 - 2014-11-27 15:33 - 00000000 ___RD C:\Users\ANDREW 2014\Dropbox 2016-06-13 09:25 - 2014-01-20 19:36 - 00112176 _____ C:\Users\ANDREW 2014\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-11 17:22 - 2016-04-26 16:13 - 00000904 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk 2016-06-06 15:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2016-06-03 09:37 - 2016-01-01 22:17 - 00112176 _____ C:\Users\Antony\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-03 09:35 - 2014-08-19 01:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-06-03 09:34 - 2014-08-19 01:14 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-06-03 09:33 - 2014-08-19 01:13 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2016-06-03 09:33 - 2014-08-19 01:13 - 00001522 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk 2016-06-01 16:26 - 2014-01-20 21:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-06-01 02:00 - 2014-01-20 21:28 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Local\Adobe 2016-05-31 14:47 - 2015-09-27 16:20 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice 2016-05-31 14:47 - 2014-01-20 19:43 - 00000000 ____D C:\Users\ANDREW 2014\AppData\Local\Deployment 2016-05-31 10:10 - 2015-08-26 13:22 - 00003442 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily 2016-05-31 10:10 - 2015-08-26 13:22 - 00003316 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine 2016-05-31 10:10 - 2015-08-26 13:22 - 00000000 ____D C:\Program Files (x86)\Gyazo 2016-05-31 10:02 - 2014-12-24 22:04 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2016-04-30 16:56 - 2016-05-16 21:57 - 0000034 _____ () C:\Users\Antony\AppData\Roaming\AdobeWLCMCache.dat 2016-06-03 11:17 - 2016-06-03 11:17 - 0000050 _____ () C:\Users\Antony\AppData\Roaming\Camdata.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 0000408 _____ () C:\Users\Antony\AppData\Roaming\CamLayout.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 0000408 _____ () C:\Users\Antony\AppData\Roaming\CamShapes.ini 2016-06-03 11:17 - 2016-06-03 11:17 - 0004521 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.cfg 2016-06-03 11:07 - 2016-06-03 11:07 - 0000098 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.Producer.command 2016-06-03 11:07 - 2016-06-03 11:07 - 0000000 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.Producer.Data.ini 2016-06-03 11:07 - 2016-06-03 11:07 - 0001206 _____ () C:\Users\Antony\AppData\Roaming\CamStudio.Producer.ini 2016-05-20 09:13 - 2016-05-20 09:13 - 0000017 _____ () C:\Users\Antony\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== C:\Users\ANDREW 2014\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe C:\Users\ANDREW 2014\AppData\Local\Temp\AutoDetectUtilApp.exe C:\Users\ANDREW 2014\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpceltpd.dll C:\Users\ANDREW 2014\AppData\Local\Temp\install-splice.exe C:\Users\ANDREW 2014\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\ANDREW 2014\AppData\Local\Temp\NGMDll.dll C:\Users\ANDREW 2014\AppData\Local\Temp\NGMResource.dll C:\Users\ANDREW 2014\AppData\Local\Temp\raptr_stub.exe C:\Users\ANDREW 2014\AppData\Local\Temp\SkypeSetup.exe C:\Users\ANDREW 2014\AppData\Local\Temp\unicows.dll C:\Users\Antony\AppData\Local\Temp\7za.exe C:\Users\Antony\AppData\Local\Temp\DaS_21.exe C:\Users\Antony\AppData\Local\Temp\hijackthis.exe C:\Users\Antony\AppData\Local\Temp\libeay32.dll C:\Users\Antony\AppData\Local\Temp\msvcr120.dll C:\Users\Antony\AppData\Local\Temp\NirCmd.exe C:\Users\Antony\AppData\Local\Temp\PEVZ.EXE C:\Users\Antony\AppData\Local\Temp\remove.exe C:\Users\Antony\AppData\Local\Temp\sed.exe C:\Users\Antony\AppData\Local\Temp\shortcut.exe C:\Users\Antony\AppData\Local\Temp\sqlite3.dll C:\Users\Antony\AppData\Local\Temp\swreg.exe C:\Users\Antony\AppData\Local\Temp\swxcacls.exe C:\Users\Antony\AppData\Local\Temp\wget.exe C:\Users\Antony\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-17 00:56 ==================== End of FRST.txt ============================
  12. solved

    Anyway, I have done the other steps and here is my MTB log: MiniToolBox by Farbar Version: 17-06-2016 Ran by Antony (administrator) on 27-06-2016 at 17:01:46 Running from "E:\Users\chi\Downloads" Microsoft Windows 7 Professional Service Pack 1 (X64) Model: System Product Name Manufacturer: System manufacturer Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : ANDREW2014-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller Physical Address. . . . . . . . . : F4-6D-04-44-8F-BA DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, June 27, 2016 3:56:58 PM Lease Expires . . . . . . . . . . : Tuesday, June 28, 2016 4:59:42 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: google-public-dns-a.google.com Address: 8.8.8.8 Name: google.com Addresses: 2607:f8b0:4007:80a::200e 216.58.216.46 Pinging google.com [216.58.216.46] with 32 bytes of data: Reply from 216.58.216.46: bytes=32 time=14ms TTL=54 Reply from 216.58.216.46: bytes=32 time=13ms TTL=54 Ping statistics for 216.58.216.46: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 13ms, Maximum = 14ms, Average = 13ms Server: google-public-dns-a.google.com Address: 8.8.8.8 Name: yahoo.com Addresses: 2001:4998:c:a06::2:4008 2001:4998:58:c02::a9 2001:4998:44:204::a7 98.138.253.109 98.139.183.24 206.190.36.45 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=63ms TTL=47 Reply from 98.138.253.109: bytes=32 time=63ms TTL=47 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 63ms, Maximum = 63ms, Average = 63ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 11...f4 6d 04 44 8f ba ......Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 10 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.100 266 192.168.1.100 255.255.255.255 On-link 192.168.1.100 266 192.168.1.255 255.255.255.255 On-link 192.168.1.100 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.100 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.100 266 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 1 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/27/2016 03:58:44 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2016 03:36:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2016 12:44:31 AM) (Source: .NET Runtime) (User: ) Description: Application: RzStats.Manager.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 08000008 Stack: Error: (06/26/2016 11:33:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 07:43:51 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 03:30:28 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 01:14:39 AM) (Source: .NET Runtime) (User: ) Description: Application: RzStats.Manager.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 19000019 Stack: Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8018 Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8018 Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (06/27/2016 03:57:02 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/27/2016 03:56:58 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: %%3 = The system cannot find the path specified. Error: (06/27/2016 03:56:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70f-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:56:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70e-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:56:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70c-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:34:54 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (06/27/2016 03:34:51 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: %%3 = The system cannot find the path specified. Error: (06/27/2016 03:34:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70f-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:34:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70e-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Error: (06/27/2016 03:34:49 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY) Description: Encrypted volume check: Volume information on \\?\Volume{31c0b70c-0dbd-11e6-9fa2-806e6f6e6963} cannot be read. Microsoft Office Sessions: ========================= Error: (06/27/2016 03:58:44 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2016 03:36:35 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2016 12:44:31 AM) (Source: .NET Runtime)(User: ) Description: Application: RzStats.Manager.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 08000008 Stack: Error: (06/26/2016 11:33:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 07:43:51 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 03:30:28 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2016 01:14:39 AM) (Source: .NET Runtime)(User: ) Description: Application: RzStats.Manager.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 19000019 Stack: Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8018 Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8018 Error: (06/25/2016 04:54:36 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2016-06-27 17:00:21.750 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:00:21.717 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:00:13.647 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:00:13.614 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:00:12.871 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 17:00:12.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 16:59:41.558 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 16:59:41.527 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 16:58:45.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 16:58:44.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\VMWRP64.DLL because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ µTorrent (HKCU\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Alien: Isolation (HKLM\...\Steam App 214490) (Version: - Creative Assembly) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Autodesk FBX Converter x64 2013.2 (HKLM-x32\...\Autodesk FBX Converter x64 2013.2) (Version: - Autodesk) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Blade & Soul Closed Beta Test (HKLM-x32\...\{F7DBB870-787A-4B0E-A314-C931522A5859}) (Version: 4.0.0.6 - NC Interactive, LLC) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.1.0.0187 - Disc Soft Ltd) DragonNest (HKLM-x32\...\DragonNest) (Version: - ) Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios) Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software) FabFilter TotalBundle VST RTAS v1.3 (HKLM-x32\...\FabFilter TotalBundle x86_is1) (Version: - ) FileMind QuickFix (HKLM-x32\...\{92789900-80D0-4B61-B742-7897964A69AB}_is1) (Version: Build 4184 - Metability Software) Final Fantasy X X-2 HD Remaster (HKLM-x32\...\Final Fantasy X X-2 HD Remaster_is1) (Version: - ) Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio) Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metal Gear Solid V Phantom Pain version 1.0.5.0 (HKLM-x32\...\Metal Gear Solid V Phantom Pain_is1) (Version: 1.0.5.0 - Mr DJ) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MusicLab RealGuitar (HKLM\...\{1864B4F0-8888-5A57-9930-C2B307597966}) (Version: 3.0 - MusicLab, Inc.) MusicLab Virtual MIDI Driver (HKLM\...\{A30B7FD7-04A1-46e1-ABDF-FD592C113253}) (Version: 2.0.1.0 - MusicLab, Inc.) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) NEKOPALIVE (HKLM\...\Steam App 469990) (Version: - NEKO WORKs) NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming) Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) PhotoME Beta-Release (HKLM-x32\...\PhotoME Beta-Release_is1) (Version: 0.8ß2 - Jens Duttke) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2607 - ) Raptr (HKLM-x32\...\Raptr) (Version: - ) Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.2.4 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain) RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Sonic Charge Synplant 1.0 (HKLM-x32\...\Sonic Charge Synplant_is1) (Version: - ) Source Filmmaker (HKLM\...\Steam App 1840) (Version: - Valve) Starbound - Unstable (HKLM\...\Steam App 367540) (Version: - ) Starbound (HKLM-x32\...\Steam App 211820) (Version: - ) Staxel (HKLM-x32\...\Plukit Staxel) (Version: 1.1.1 - Plukit) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sublime Text Build 3083 (HKLM-x32\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) TERA (HKLM-x32\...\Steam App 323370) (Version: - En Masse Entertainment) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com) The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - ) TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - ) UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Vyzex MAX49 (HKLM-x32\...\{B35A4E5E-DAA8-4A0B-95A1-D3EE244EF933}_is1) (Version: Vyzex MAX49 1.02 - Psicraft Designs, Inc.) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.81 - Zemana Ltd.) ========================= Devices: ================================ Name: AODDriver4.2.0 Description: AODDriver4.2.0 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2.0 Device ID: ROOT\LEGACY_AODDRIVER4.2.0\0000 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: HP Officejet Pro 8620 Description: HP Officejet Pro 8620 Class Guid: Manufacturer: Service: Device ID: USB\VID_03F0&PID_7012&MI_04\6&2BB18748&0&0004 Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ========================= Memory info: =================================== Percentage of memory in use: 47% Total physical RAM: 8190.18 MB Available physical RAM: 4286.16 MB Total Virtual: 16378.54 MB Available Virtual: 11796.47 MB ========================= Partitions: ===================================== 1 Drive c: (OS 7) (Fixed) (Total:59.53 GB) (Free:8.19 GB) NTFS 2 Drive d: (DATA) (Fixed) (Total:368.1 GB) (Free:66.74 GB) NTFS 3 Drive e: (OLD DATA) (Fixed) (Total:919.53 GB) (Free:76.19 GB) NTFS 4 Drive f: (RECOVERY OS 7 DO NOT FORMAT.) (Fixed) (Total:97.66 GB) (Free:87.28 GB) NTFS ========================= Users: ======================================== User accounts for \\ANDREW2014-PC Administrator ANDREW 2014 Antony Guest **** End of log ****
  13. solved

    I have done so but this is what only shows up. http://i.imgur.com/5oW6Vvq.png
  14. solved

    I suppose if I do not have Non-Plug and play drivers, then I do not have NetBt installed?
  15. solved

    Ahh, figured it out. I had to use my username while email was not doing it. And what is the end of the speedtest is supposed to appear like? Mine freezes like this: http://i.imgur.com/Tr7SSJr.png And here is ZHP clean up: ~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13) ~ Run by Antony (Administrator) (26/06/2016 23:29:18) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Type : Repair ~ Report : C:\Users\Antony\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Antony\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (2) REPLACED: Number of found redirections 1/22 ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (22) MOVED file: C:\ProgramData\InstallMate\{96E28685-16BE-4D99-AF72-5E9C4D01A473}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup] =>PUP.Optional.Tarma MOVED file: C:\ProgramData\InstallMate\{96E28685-16BE-4D99-AF72-5E9C4D01A473}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library] =>PUP.Optional.Tarma MOVED file^: C:\ProgramData\InstallMate\{5845AE7B-AB01-418D-A366-E32383A68C8D}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup] =>PUP.Optional.Tarma MOVED file^: C:\ProgramData\InstallMate\{5845AE7B-AB01-418D-A366-E32383A68C8D}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library] =>PUP.Optional.Tarma MOVED file: C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic MOVED file: C:\Users\Antony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage =>PUP.Optional.PutLocker MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal =>PUP.Optional.PutLocker MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.ms_0.localstorage =>PUP.Optional.PutLocker MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.ms_0.localstorage-journal =>PUP.Optional.PutLocker MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.tw_0.localstorage =>PUP.Optional.PutLocker MOVED file: C:\Documents and Settings\ANDREW 2014\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.tw_0.localstorage-journal =>PUP.Optional.PutLocker MOVED folder: C:\ProgramData\InstallMate =>PUP.Optional.Tarma MOVED folder: C:\Users\Antony\AppData\Local\Temp\UninstallRes =>PUP.Optional.Multiplug MOVED folder: C:\Users\Administrator\AppData\Local\Torch =>PUP.Optional.Torch MOVED folder: C:\Users\Guest\AppData\Local\Torch =>PUP.Optional.Torch MOVED folder: C:\Windows\Installer\MSI169.tmp- =>Empty MOVED folder: C:\Windows\Installer\MSI5270.tmp- =>Empty MOVED folder: C:\Windows\Installer\MSI70BA.tmp- =>Empty MOVED folder: C:\Windows\Installer\MSI71D4.tmp- =>Empty ---\\ Registry ( Key, Value, Data) (4) DELETED key*: HKEY_USERS\S-1-5-21-2034708905-2678556690-501098093-1003\Software\ICSW1.20 [] =>PUP.Optional.InstallCore DELETED key: HKCU\Software\ICSW1.20 [] =>PUP.Optional.InstallCore DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.2.4 (Not File)] =>Toolbar.AVGSearch DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.2.4 (Not File)] =>Toolbar.AVGSearch ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 786 ~ Items found : 1 ~ Items cancelled : 0 ~ Items repaired : 26 ~ End of clean in 0 minutes =================== ZHPCleaner-[R]-26062016-23_29_31.txt ZHPCleaner--26062016-23_27_34.txt

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!