Prosím o kontrolu logu Vyřešeno

[Prophet]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:43:02, on 25.11.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0608)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Prophet\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Prophet\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Prophet\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe" Minimum
O4 - HKCU\..\Run: [TB Client] C:\Program Files (x86)\TrucksBook Client\TB Client.exe -h
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Discord] C:\Users\Prophet\AppData\Local\Discord\app-0.0.298\Discord.exe
O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
O4 - Startup: Twitch.lnk = Prophet\AppData\Roaming\Twitch\Bin\Twitch.exe
O4 - Global Startup: avast! SecureLine.lnk = C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem20.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 11490 bytes

Problémy jsem neměl, až na to, že při druhém scanu zoek, který trval 5 hodin protože jsem nevypl antivir

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Prophet\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED

Pro jistotu jseště poslední nástroj:

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Prophet]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
Ran by Prophet (administrator) on PR0PH3T (26-11-2017 10:29:41)
Running from C:\Users\Prophet\Desktop
Loaded Profiles: Prophet (Available Profiles: Prophet)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-15] (AVAST Software)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-11-22] (Valve Corporation)
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [19228160 2016-07-22] ()
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [TB Client] => C:\Program Files (x86)\TrucksBook Client\TB Client.exe [337408 2017-01-19] (TrucksBook)
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1375984 2017-01-24] (Bogdan Sharkov)
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [Discord] => C:\Users\Prophet\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [1322984 2017-11-22] ()
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} - "I:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d53-cf45-11e5-9bd6-80a58923c7ac} - "G:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} - "H:\RunGame.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-10-18]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)
Startup: C:\Users\Prophet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-08-17]
ShortcutTarget: Twitch.lnk -> C:\Users\Prophet\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50c177da-e51a-4f91-b881-881591381ab4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c685251a-4b81-4528-a553-e41b6b5980a3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://windows.microsoft.com/cs-cz/hotm ... ?ocid=iehp
SearchScopes: HKU\S-1-5-21-86409248-2870395879-2700398821-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-07] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-07] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: lbu8gz7z.default-1507294862855
FF ProfilePath: C:\Users\Prophet\AppData\Roaming\Mozilla\Firefox\Profiles\lbu8gz7z.default-1507294862855 [2017-11-26]
FF Homepage: Mozilla\Firefox\Profiles\lbu8gz7z.default-1507294862855 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\lbu8gz7z.default-1507294862855 -> about:newtab
FF Extension: (Adblock Plus) - C:\Users\Prophet\AppData\Roaming\Mozilla\Firefox\Profiles\lbu8gz7z.default-1507294862855\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-18]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Prophet\AppData\Roaming\Mozilla\Firefox\Profiles\lbu8gz7z.default-1507294862855\features\{c58a1e80-5414-4bfa-bebd-5a5501f4ad0a}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-07] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-15] (AVAST Software)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-15] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-11-02] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2017-07-04] ()
S4 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-24] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-15] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-15] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-15] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-15] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-15] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-15] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-15] (AVAST Software)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2016-03-01] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-02-09] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-02-09] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-16] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-23] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-16] (Malwarebytes)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_29749435e24d8b1d\nvlddmkm.sys [14249416 2016-10-12] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2017-10-12] (Macrovision Europe Ltd) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-11-25] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-25] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

[Prophet]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 10:29 - 2017-11-26 10:30 - 000018037 _____ C:\Users\Prophet\Desktop\FRST.txt
2017-11-26 10:29 - 2017-11-26 10:29 - 000000000 ____D C:\FRST
2017-11-26 10:28 - 2017-11-26 10:28 - 000000000 ____D C:\Users\Prophet\Downloads\backups
2017-11-26 10:26 - 2017-11-26 10:26 - 002393088 _____ (Farbar) C:\Users\Prophet\Desktop\FRST64.exe
2017-11-25 21:27 - 2017-11-25 21:27 - 000000000 ____D C:\Users\Prophet\AppData\LocalLow\Hinterland
2017-11-25 21:27 - 2017-11-25 21:27 - 000000000 ____D C:\Users\Prophet\AppData\Local\Hinterland
2017-11-25 18:13 - 2017-11-26 10:30 - 000064915 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-25 18:13 - 2017-11-26 10:30 - 000061255 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-25 18:13 - 2017-11-25 18:13 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-11-25 18:13 - 2017-11-25 18:13 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-11-25 18:13 - 2017-11-25 18:13 - 000001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-11-25 18:13 - 2017-11-25 18:13 - 000000000 ____D C:\Users\Prophet\AppData\Local\Zemana
2017-11-25 18:13 - 2017-11-25 18:13 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-25 18:13 - 2017-11-25 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-11-25 18:13 - 2017-11-25 18:13 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-25 18:04 - 2017-11-25 17:53 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2017-11-24 19:52 - 2017-11-24 19:52 - 000000000 ____D C:\zoek_backup
2017-11-24 19:51 - 2017-11-24 19:51 - 006625600 _____ (Zemana Ltd. ) C:\Users\Prophet\Downloads\Zemana.AntiMalware.Setup.exe
2017-11-24 18:47 - 2017-11-24 18:47 - 001313792 _____ C:\Users\Prophet\Desktop\zoek.exe
2017-11-24 16:41 - 2017-11-24 16:41 - 001134098 _____ C:\Users\Prophet\Downloads\12813021.pdf
2017-11-24 14:37 - 2017-11-24 14:37 - 000000000 ____D C:\ProgramData\Sophos
2017-11-24 14:36 - 2017-11-24 14:36 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-11-24 14:36 - 2017-11-24 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-11-24 14:36 - 2017-11-24 14:36 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-11-24 14:30 - 2017-11-24 14:35 - 181788160 _____ (Sophos Limited) C:\Users\Prophet\Downloads\Sophos Virus Removal Tool.exe
2017-11-24 14:30 - 2017-11-24 14:31 - 026838600 _____ (Adlice Software) C:\Users\Prophet\Desktop\RogueKiller_portable64.exe
2017-11-23 20:17 - 2017-11-23 20:17 - 000000000 ____D C:\Users\Prophet\AppData\Local\Electronic Arts
2017-11-23 20:16 - 2017-11-23 20:16 - 000000000 ____D C:\Users\Prophet\Documents\Electrontic Arts
2017-11-23 20:16 - 2017-11-23 20:16 - 000000000 ____D C:\Users\Prophet\Documents\Electronic Arts
2017-11-23 20:00 - 2011-08-30 19:52 - 000327545 _____ C:\Users\Prophet\Desktop\com.androidemu.nes-62-2.5.0.apk
2017-11-23 18:32 - 2017-11-23 20:16 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\vlc
2017-11-23 18:32 - 2017-11-23 18:32 - 000001141 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-11-23 18:32 - 2017-11-23 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-11-23 18:31 - 2017-11-23 18:31 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-11-23 18:30 - 2017-11-23 18:31 - 030950664 _____ C:\Users\Prophet\Downloads\vlc-2.2.6-win32.exe
2017-11-23 18:25 - 2017-11-23 18:25 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\3909
2017-11-23 18:17 - 2017-11-23 18:20 - 000000549 _____ C:\Users\Prophet\Desktop\JRT.txt
2017-11-23 18:07 - 2017-11-23 18:07 - 001790024 _____ (Malwarebytes) C:\Users\Prophet\Desktop\JRT.exe
2017-11-23 16:53 - 2017-11-23 16:53 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-23 16:41 - 2017-11-23 16:48 - 000000000 ____D C:\AdwCleaner
2017-11-23 16:31 - 2017-11-23 16:31 - 000448512 _____ (OldTimer Tools) C:\Users\Prophet\Downloads\TFC.exe
2017-11-23 16:30 - 2017-11-23 16:30 - 008261584 _____ (Malwarebytes) C:\Users\Prophet\Desktop\AdwCleaner.exe
2017-11-23 16:29 - 2017-11-23 16:29 - 000050688 _____ (Atribune.org) C:\Users\Prophet\Downloads\ATF-Cleaner.exe
2017-11-23 16:22 - 2017-11-24 16:35 - 000002302 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-11-23 16:21 - 2017-11-23 16:21 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-11-23 16:20 - 2017-06-29 18:55 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 002190976 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000525768 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000088312 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-11-23 16:20 - 2017-06-29 18:55 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-11-23 16:20 - 2017-06-29 18:52 - 002110592 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-11-23 16:20 - 2017-06-29 18:52 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-23 16:20 - 2017-06-29 03:05 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2017-11-23 16:19 - 2017-06-29 18:55 - 013122576 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 012988336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 006410088 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 005938904 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 005593608 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 003092336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000923736 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000677664 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-23 16:19 - 2017-06-29 18:55 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 010536152 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 002291304 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 001422920 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 001334376 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 001213656 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 001166152 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000999848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000678176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000618184 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000514520 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000500552 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000428224 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000406448 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-11-23 16:19 - 2017-06-29 18:54 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000253864 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-11-23 16:19 - 2017-06-29 18:53 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-11-23 16:19 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-23 16:19 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-23 16:19 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-23 16:19 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-11-23 16:19 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-23 16:19 - 2017-06-29 18:51 - 014057248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 001186832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 001133064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 001003856 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 000931616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 000154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-11-23 16:19 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-23 16:19 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-23 16:19 - 2017-06-29 18:50 - 000118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-11-23 16:19 - 2017-06-29 18:50 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-11-23 16:19 - 2017-06-29 03:05 - 012334923 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-23 16:19 - 2017-06-29 03:05 - 001920870 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2017-11-23 16:12 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-11-22 18:48 - 2017-11-22 18:48 - 000002110 _____ C:\Users\Public\Desktop\Action!.lnk
2017-11-22 18:43 - 2017-11-22 18:47 - 023694752 _____ (Mirillis Ltd.) C:\Users\Prophet\Downloads\action_2_8_1_setup.exe
2017-11-22 17:39 - 2017-11-22 17:40 - 001710308 _____ C:\WINDOWS\Minidump\112217-37390-01.dmp
2017-11-22 17:39 - 2017-11-22 17:39 - 841011511 _____ C:\WINDOWS\MEMORY.DMP
2017-11-22 17:39 - 2017-11-22 17:39 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-18 13:31 - 2017-11-18 13:34 - 000000000 ____D C:\Users\Prophet\Documents\Overwatch
2017-11-18 12:14 - 2017-11-18 12:16 - 000000000 ____D C:\Users\Prophet\Desktop\Rufus
2017-11-18 11:18 - 2017-11-18 15:07 - 000000000 ____D C:\Users\Prophet\AppData\Local\Battle.net
2017-11-18 11:17 - 2017-11-18 11:17 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2017-11-18 11:17 - 2017-11-18 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-11-18 11:16 - 2017-11-18 11:18 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-18 11:14 - 2017-11-18 11:14 - 003889136 _____ (Blizzard Entertainment) C:\Users\Prophet\Downloads\Battle.net-Setup.exe
2017-11-18 11:13 - 2017-11-18 11:18 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\Battle.net
2017-11-16 23:32 - 2017-11-16 23:34 - 000000000 ____D C:\Users\Prophet\Documents\Need For Speed
2017-11-16 22:52 - 2017-11-16 22:52 - 000000000 ____D C:\Users\Prophet\.Origin
2017-11-16 22:48 - 2017-11-16 23:48 - 000000000 ____D C:\ProgramData\Origin
2017-11-16 21:18 - 2017-11-16 21:18 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-16 21:18 - 2017-11-16 21:18 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-16 21:18 - 2017-11-16 21:18 - 000000000 ____D C:\WINDOWS\Panther
2017-11-16 18:16 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-16 18:16 - 2017-11-02 06:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-16 18:16 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-16 18:16 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-16 18:16 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-16 18:16 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-16 18:16 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-16 18:16 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-16 18:16 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-16 18:16 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-16 18:16 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-16 18:16 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-16 18:16 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-16 18:16 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-16 18:16 - 2017-11-02 05:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-16 18:16 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-16 18:16 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-16 18:16 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-16 18:16 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-16 18:16 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-16 18:16 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-16 18:16 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-16 18:16 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-16 18:16 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-16 18:16 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-16 18:16 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-16 18:16 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-16 18:16 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-16 18:16 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-16 18:16 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-16 18:16 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-16 18:16 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-16 18:16 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-16 18:16 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-16 18:16 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-16 18:16 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-16 18:16 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-16 18:16 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-16 18:16 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-16 18:16 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-16 18:16 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-16 18:16 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-16 18:16 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-16 18:16 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-16 18:16 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-16 18:16 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-16 18:16 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-16 18:15 - 2017-11-02 06:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-16 18:15 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-16 18:15 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-16 18:15 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-16 18:15 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-16 18:15 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-16 18:15 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-16 18:15 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-16 18:15 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-16 18:15 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-16 18:15 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-16 18:15 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-16 18:15 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-16 18:15 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-16 18:15 - 2017-11-02 05:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-16 18:15 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-16 18:15 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-16 18:15 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-16 18:15 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-16 18:15 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-16 18:15 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-16 18:15 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-16 18:15 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-16 18:15 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-16 18:15 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-16 18:15 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-16 18:15 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-16 18:15 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-16 18:15 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-16 18:15 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-16 18:15 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-16 18:15 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-16 18:15 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-16 18:15 - 2017-11-02 05:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-16 18:15 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-16 18:15 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-16 18:15 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-16 18:15 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-16 18:15 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-16 18:15 - 2017-11-02 05:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-16 18:15 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-16 18:15 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-16 18:15 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-16 18:15 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-16 18:15 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-16 18:15 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-16 18:15 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-16 18:15 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-16 18:15 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-16 18:15 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-16 18:15 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-16 18:15 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-16 18:15 - 2017-11-02 05:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-16 18:15 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-16 18:15 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-16 18:15 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-16 18:15 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-16 18:15 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-16 18:15 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-16 18:15 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-16 18:15 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-16 18:15 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-16 18:15 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-16 18:15 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-16 18:15 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-16 18:14 - 2017-11-02 06:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-16 18:14 - 2017-11-02 06:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-16 18:14 - 2017-11-02 06:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-16 18:14 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-16 18:14 - 2017-11-02 06:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-16 18:14 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-16 18:14 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-16 18:14 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-16 18:14 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-16 18:14 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-16 18:14 - 2017-11-02 06:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-16 18:14 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-16 18:14 - 2017-11-02 06:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-16 18:14 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-16 18:14 - 2017-11-02 05:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-16 18:14 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-16 18:14 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-16 18:14 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-16 18:14 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-16 18:14 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-16 18:14 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-16 18:14 - 2017-11-02 05:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-16 18:14 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-16 18:14 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-16 18:14 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-16 18:14 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-16 18:14 - 2017-11-02 05:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-16 18:14 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-16 18:14 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-16 18:14 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-16 18:14 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-16 18:14 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-16 18:14 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-16 18:14 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-16 18:14 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-16 18:14 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-16 18:14 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-16 18:14 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-16 18:14 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-16 18:14 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-16 18:14 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-16 18:14 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-16 18:14 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-16 18:14 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-16 18:14 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-16 18:14 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-16 18:14 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-16 18:14 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-16 18:14 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-16 18:14 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-16 18:14 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-16 18:14 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-16 18:14 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-16 18:14 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-16 18:14 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-16 18:13 - 2017-11-02 06:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-16 18:13 - 2017-11-02 06:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-16 18:13 - 2017-11-02 06:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-16 18:13 - 2017-11-02 06:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-16 18:13 - 2017-11-02 06:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-16 18:13 - 2017-11-02 06:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-16 18:13 - 2017-11-02 06:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-16 18:13 - 2017-11-02 06:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-16 18:13 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-16 18:13 - 2017-11-02 06:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-16 18:13 - 2017-11-02 06:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-16 18:13 - 2017-11-02 06:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-16 18:13 - 2017-11-02 06:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-16 18:13 - 2017-11-02 06:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-16 18:13 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-16 18:13 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-16 18:13 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-16 18:13 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-16 18:13 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-16 18:13 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-16 18:13 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-16 18:13 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-16 18:13 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-16 18:13 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-16 18:13 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-16 18:13 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-16 18:13 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-16 18:13 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-16 18:13 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-16 18:13 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-16 18:13 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-16 18:13 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-16 18:13 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-16 18:13 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-16 18:13 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-16 18:13 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-16 18:13 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-16 18:13 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-16 18:13 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-16 18:13 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 16:14 - 2017-11-15 16:13 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-15 16:13 - 2017-11-15 16:13 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-14 16:40 - 2017-11-14 16:51 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\discord
2017-11-14 16:40 - 2017-11-14 16:40 - 000002284 _____ C:\Users\Prophet\Desktop\Discord.lnk
2017-11-14 16:40 - 2017-11-14 16:40 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-11-14 16:39 - 2017-11-14 16:40 - 000000000 ____D C:\Users\Prophet\AppData\Local\Discord
2017-11-14 16:37 - 2017-11-14 16:38 - 054332920 _____ (Discord Inc.) C:\Users\Prophet\Downloads\DiscordSetup.exe
2017-11-10 16:40 - 2017-11-10 16:40 - 000000000 ____D C:\Users\Public\Documents\TimeGate Studios
2017-11-08 17:50 - 2017-11-25 18:41 - 000000000 ____D C:\Users\Prophet\Desktop\KMSAuto Net 2016 1.4.9 Portable + 1.5.1
2017-11-04 20:46 - 2017-11-04 20:46 - 000352098 _____ C:\Users\Prophet\Downloads\Lubiho Minecraftové dobrodružství.pdf
2017-11-01 20:11 - 2017-11-01 20:11 - 004320066 _____ C:\Users\Prophet\Desktop\mysummercar 2017-11-01 20-11-47-58.bmp
2017-10-31 19:31 - 2017-10-31 19:32 - 000000000 ____D C:\Users\Public\Documents\Monolith Productions
2017-10-31 19:22 - 2017-10-31 19:22 - 000000000 ____D C:\GOG Games
2017-10-31 18:11 - 2010-03-13 00:19 - 000000000 ____D C:\Users\Prophet\Desktop\NFSU2 Configurator (NFSU2 Car Hacker)
2017-10-29 15:27 - 2017-10-29 15:27 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-29 15:27 - 2017-10-29 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-29 15:27 - 2017-10-29 15:27 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-29 15:27 - 2017-10-29 15:27 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-29 15:27 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-29 11:28 - 2017-10-29 11:28 - 000000000 ____D C:\Users\Prophet\Documents\WB Games
2017-10-29 11:28 - 2017-10-29 11:28 - 000000000 ____D C:\Users\Prophet\Documents\CPY_SAVES
2017-10-29 11:19 - 2017-10-29 11:19 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\Mad Max_Uninstall
2017-10-29 11:16 - 2017-10-29 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-10-29 10:45 - 2017-10-29 11:31 - 000000000 ____D C:\Program Files (x86)\Mad Max
2017-10-29 09:56 - 2017-10-29 09:56 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\SmartSteamEmu
2017-10-29 09:52 - 2017-10-29 09:52 - 000000000 ____D C:\Users\Prophet\Documents\MySummerCar
2017-10-29 09:52 - 2017-10-29 09:52 - 000000000 ____D C:\Users\Prophet\AppData\LocalLow\Amistech

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-26 10:30 - 2016-02-09 18:07 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\Skype
2017-11-26 10:29 - 2017-07-25 12:24 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8C7BE2C6-B6BB-4309-B3BD-0C45AE04ED5C}
2017-11-26 10:29 - 2016-11-20 21:42 - 000000000 ____D C:\Users\Prophet\AppData\LocalLow\Mozilla
2017-11-26 10:25 - 2016-02-24 18:26 - 000000000 ____D C:\Users\Prophet\AppData\Local\CrashDumps
2017-11-26 10:24 - 2017-07-25 11:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-25 23:19 - 2016-02-09 17:04 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-25 18:48 - 2017-07-25 12:00 - 000000000 ____D C:\Users\Prophet
2017-11-25 18:07 - 2017-07-25 11:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-25 18:07 - 2016-02-09 16:38 - 000000000 __SHD C:\Users\Prophet\IntelGraphicsProfiles
2017-11-25 18:06 - 2017-07-25 12:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-25 18:05 - 2017-03-18 12:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2017-11-25 17:09 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-24 18:49 - 2016-02-24 17:01 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-24 16:35 - 2017-07-27 11:38 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-86409248-2870395879-2700398821-1001
2017-11-24 16:35 - 2017-07-25 12:24 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-24 16:35 - 2017-07-25 12:24 - 000003354 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1461248769
2017-11-24 16:35 - 2017-07-25 12:24 - 000002820 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2017-11-24 16:35 - 2017-07-25 12:24 - 000002440 _____ C:\WINDOWS\System32\Tasks\{0CF353E3-E09A-448F-8625-83E100B1D432}
2017-11-24 16:35 - 2017-07-25 12:24 - 000002436 _____ C:\WINDOWS\System32\Tasks\{852B5856-BE50-4EFF-9AD5-634AACFC0D20}
2017-11-24 16:35 - 2017-07-25 12:24 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-11-24 16:35 - 2017-07-25 12:24 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-11-24 16:35 - 2017-07-25 12:24 - 000002222 _____ C:\WINDOWS\System32\Tasks\{DFB5235F-DBD8-4CF7-A10C-5CE8CDA94FAF}
2017-11-24 16:35 - 2017-07-25 12:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-11-24 16:29 - 2017-07-25 12:24 - 000003488 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-23 18:16 - 2016-03-01 16:41 - 000000000 ____D C:\Program Files\COMODO
2017-11-23 16:22 - 2015-10-18 13:17 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-11-23 16:21 - 2017-07-25 11:58 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-23 16:21 - 2017-07-25 11:58 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-23 16:20 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-23 16:15 - 2017-07-25 12:20 - 002268780 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-23 16:15 - 2017-03-20 05:43 - 000995184 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-23 16:15 - 2017-03-20 05:43 - 000224910 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-23 15:01 - 2016-02-09 19:32 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\uTorrent
2017-11-22 18:48 - 2017-10-15 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2017-11-22 18:48 - 2017-10-15 14:59 - 000000000 ____D C:\Program Files (x86)\Mirillis
2017-11-20 21:01 - 2017-10-12 16:40 - 000000000 ____D C:\ProgramData\NFS Underground
2017-11-19 15:51 - 2017-10-08 17:04 - 000000000 ____D C:\Users\Prophet\Desktop\hudba do tydlifona
2017-11-18 14:30 - 2016-04-09 15:33 - 000000000 ____D C:\Users\Prophet\AppData\Local\Blizzard Entertainment
2017-11-18 13:02 - 2016-02-10 18:51 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\TS3Client
2017-11-18 12:20 - 2017-02-19 11:06 - 000000270 __RSH C:\ProgramData\ntuser.pol
2017-11-18 11:15 - 2016-08-16 19:27 - 000000000 ____D C:\Users\Prophet\AppData\Local\Blizzard
2017-11-18 07:55 - 2017-06-30 13:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-18 07:55 - 2016-08-22 19:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-17 15:59 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-17 14:33 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-17 13:30 - 2016-08-22 19:28 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-17 13:30 - 2016-08-22 19:28 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\Mozilla
2017-11-16 23:48 - 2016-03-21 19:19 - 000000000 ____D C:\ProgramData\Electronic Arts
2017-11-16 23:12 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-16 23:08 - 2015-08-15 06:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-16 22:43 - 2015-10-18 13:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-16 21:18 - 2017-07-25 11:54 - 004978968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-16 21:16 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-16 21:16 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-16 21:15 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-16 21:15 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-16 21:15 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 16:14 - 2017-07-25 12:24 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-15 16:14 - 2017-06-17 11:00 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-15 16:14 - 2016-03-12 13:03 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-15 16:13 - 2017-02-08 16:32 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-15 16:13 - 2017-02-08 16:32 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-15 16:13 - 2017-02-08 16:32 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-15 16:13 - 2017-02-08 16:32 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-15 16:13 - 2016-03-12 13:03 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-15 16:13 - 2016-03-12 13:03 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151075887348404
2017-11-15 16:13 - 2016-03-12 13:03 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-15 16:13 - 2016-03-12 13:03 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-15 16:13 - 2016-03-12 13:03 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-15 16:13 - 2016-03-12 13:03 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-15 16:13 - 2016-03-12 13:03 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-15 16:13 - 2016-03-12 13:03 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-14 17:51 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 17:51 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 16:40 - 2017-03-02 16:47 - 000000000 ____D C:\Users\Prophet\AppData\Local\SquirrelTemp
2017-11-14 16:40 - 2016-02-09 16:38 - 000000000 ____D C:\Users\Prophet\AppData\Local\Packages
2017-11-14 16:20 - 2016-02-09 18:07 - 000000000 ____D C:\ProgramData\Skype
2017-11-13 15:54 - 2016-09-10 14:59 - 000000000 ____D C:\Users\Prophet\AppData\Local\Ubisoft Game Launcher
2017-11-10 19:49 - 2016-02-09 17:18 - 000000000 ____D C:\Users\Prophet\Documents\My Games
2017-11-10 16:46 - 2016-04-15 12:52 - 000000000 ____D C:\Users\Prophet\Desktop\Hry resp. zástupci. duh
2017-11-10 16:42 - 2015-10-18 13:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-10 16:39 - 2017-06-18 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2017-11-08 17:50 - 2016-02-18 17:30 - 000000000 ____D C:\Users\Prophet\AppData\Local\MSfree Inc
2017-11-05 11:04 - 2017-07-21 14:44 - 000000000 ____D C:\Users\Prophet\AppData\Roaming\.minecraft
2017-11-05 02:40 - 2017-03-18 22:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-05 02:40 - 2017-03-18 22:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 15:15 - 2016-02-09 16:42 - 000002434 _____ C:\Users\Prophet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-04 15:15 - 2016-02-09 16:42 - 000000000 ___RD C:\Users\Prophet\OneDrive
2017-10-31 18:06 - 2016-10-22 13:39 - 000000000 ____D C:\Program Files (x86)\EA GAMES
2017-10-29 15:40 - 2017-07-10 22:04 - 000000000 ____D C:\Program Files\Farming Simulator 17
2017-10-29 15:27 - 2016-02-23 17:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-29 11:19 - 2016-02-22 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics

==================== Files in the root of some directories =======

2005-07-26 16:23 - 2005-07-26 16:23 - 001351430 _____ () C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 001078532 _____ () C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 000916710 _____ () C:\Program Files\Aug2005_MDX_x86.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 000703080 _____ () C:\Program Files\BDA.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 001156363 _____ () C:\Program Files\BDANT.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 000976020 _____ () C:\Program Files\BDAXP.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 015493481 _____ () C:\Program Files\DirectX.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 000075472 _____ (Microsoft Corporation) C:\Program Files\DSETUP.dll
2005-07-26 16:23 - 2005-07-26 16:23 - 002245840 _____ (Microsoft Corporation) C:\Program Files\dsetup32.dll
2005-07-26 16:23 - 2005-07-26 16:23 - 000040702 _____ () C:\Program Files\dxdllreg_x86.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 013265040 _____ () C:\Program Files\dxnt.cab
2005-07-26 16:23 - 2005-07-26 16:23 - 000482000 _____ (Microsoft Corporation) C:\Program Files\DXSETUP.exe
2005-07-26 16:23 - 2005-07-26 16:23 - 000068237 _____ () C:\Program Files\dxupdate.cab
2016-05-12 20:35 - 2016-05-12 20:35 - 000000048 ____H () C:\Program Files (x86)\vnd8ezmqkg.dat
2017-02-01 21:29 - 2017-09-10 14:44 - 000000132 _____ () C:\Users\Prophet\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-02-12 22:03 - 2016-02-12 22:03 - 000007608 _____ () C:\Users\Prophet\AppData\Local\Resmon.ResmonCfg
2016-05-06 15:24 - 2016-05-06 15:24 - 004446016 _____ () C:\Users\Prophet\AppData\Local\Tempmusic.ogg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-24 19:33

==================== End of FRST.txt ============================

[Prophet]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by Prophet (26-11-2017 10:31:39)
Running from C:\Users\Prophet\Desktop
Windows 10 Home Version 1703 15063.726 (X64) (2017-07-25 11:34:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-86409248-2870395879-2700398821-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-86409248-2870395879-2700398821-503 - Limited - Disabled)
Guest (S-1-5-21-86409248-2870395879-2700398821-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-86409248-2870395879-2700398821-1010 - Limited - Enabled)
Prophet (S-1-5-21-86409248-2870395879-2700398821-1001 - Administrator - Enabled) => C:\Users\Prophet

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.8.1 - Mirillis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.54 - NVIDIA Corporation) Hidden
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - )
Bloody6 (HKLM-x32\...\Bloody3) (Version: 16.07.0013 - Bloody)
Call of Juarez (HKLM-x32\...\{07119BED-86AE-4AE3-97A5-45A118A3F06A}) (Version: 1.1.1.0 - Techland) Hidden
Call of Juarez (HKLM-x32\...\InstallShield_{07119BED-86AE-4AE3-97A5-45A118A3F06A}) (Version: 1.1.1.0 - Techland)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Doomsday 2.0.0.2281 (HKLM\...\{C6F039A6-8F9B-408D-B6CF-64AACB261968}) (Version: 2.0.0.2281 - dengine.net)
Dračí oko (HKLM-x32\...\Dračí oko) (Version: 1.00 Czech - Deep Silver (Koch Media))
Dual Monitor Tools (HKLM-x32\...\{0DAA6DDB-DE54-4687-ADDE-B4CA1C74E0C3}) (Version: 2.5.0.0 - GNE)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Far Cry (AMD64 Exclusive Content Update) (HKLM\...\{2304A2EE-010B-43EE-90F8-2218FB93244E}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (HKLM-x32\...\{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft)
Far Cry (Patch 1.32 AMD64) (HKLM\...\{02A116A8-E559-488C-879C-B212F3EA963A}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (Patch 1.4) (HKLM-x32\...\{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}) (Version: 1.00.0000 - Název společnosti:) Hidden
Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hidden & Dangerous 2 (HKLM-x32\...\H&D2_is1) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Juiced2_HIN (HKLM-x32\...\{BE17ECD5-555F-4B03-B421-428E3470CFB2}) (Version: 1.00.0000 - THQ)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\{6B84E528-9705-4D36-9C97-97B8E23DAB75}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\{6FEDADF5-40EC-4E18-A376-0FDBACE65338}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Mad Max (HKLM-x32\...\Mad Max_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Malwarebytes verze 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}) (Version: 1.1.0324 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0 (x64 cs) (HKLM\...\Mozilla Firefox 57.0 (x64 cs)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Need For Speed Underground (HKLM-x32\...\{A99968BE-C155-474C-0089-33239DEE1CE2}) (Version: - )
NVIDIA Ovladače grafiky 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 373.06 - NVIDIA Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
TrucksBook Client verze 1.1.5 (HKLM-x32\...\TrucksBook Client_is1) (Version: 1.1.5 - TrucksBook)
Twitch (HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WhatsApp (HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

[Prophet]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-15] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-15] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-15] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-15] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-01] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-15] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {063D3185-479F-4EB3-BB7A-399ED6ABAD8F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1183C507-FE73-4B10-B391-797171509AFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-16] (Microsoft Corporation)
Task: {214332A4-9B9D-428D-8F9C-1D4A4337C10B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {34062FFE-B7A5-4A07-BF84-AB2BF27B8EB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {36518428-986F-468D-9FF6-9F5BD0032B5E} - System32\Tasks\{DFB5235F-DBD8-4CF7-A10C-5CE8CDA94FAF} => C:\WINDOWS\system32\pcalua.exe -a G:\RCSetup\RCSetup.exe -d G:\ -c -startup
Task: {3F4318EE-64C3-4986-B823-3699635D214B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {3FDF3E18-A7F7-4A36-B1FA-911A66F491EC} - System32\Tasks\SafeZone scheduled Autoupdate 1461248769 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {4381E722-1A16-4579-94D0-ACA1583CBB2C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-15] (AVAST Software)
Task: {4DF8682D-50CE-45BB-9B2C-77A52DA0A75F} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-05-20] (AVAST Software)
Task: {532B4B6C-8494-452B-8E0D-C26E16DCC1EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-16] (Microsoft Corporation)
Task: {6500E502-1AFA-4BA6-AC14-D40D93DC5557} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-30] ()
Task: {6DCC165D-4DDF-43E2-A05A-DD8B12AA12DC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-30] ()
Task: {79A7C610-0361-450A-8182-4FFF81D23FDA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {7F876F11-9B2F-4D7B-B772-4262AB94DE91} - System32\Tasks\{852B5856-BE50-4EFF-9AD5-634AACFC0D20} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Illusion Softworks\Hidden & Dangerous 2\hd2.exe" -d "C:\Program Files (x86)\Illusion Softworks\Hidden & Dangerous 2"
Task: {83D5C072-46D9-40E3-9016-2CB4FA670208} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {86ADDF63-88B4-4DF2-8994-38B7E9428A3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {877BC5FA-2482-4723-A201-6F593F572FE6} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {885BBF4A-3251-48AB-98B0-E38E657A7AD9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {96E42157-3352-46DA-8DF8-17FEB093551C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Terka\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A13FDD0A-C606-4639-B0DB-38593E053C50} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-06-29] (Realtek Semiconductor)
Task: {AEF6C8B7-93BA-4856-B439-6DE888504086} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C7E67846-A46E-4F57-9430-2DCFCE835E27} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-06-29] (Realtek Semiconductor)
Task: {D9A2C38B-C4B8-46D1-9B2A-1E0828B40989} - System32\Tasks\{0CF353E3-E09A-448F-8625-83E100B1D432} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Illusion Softworks\Hidden & Dangerous 2\setup.exe" -d "C:\Program Files (x86)\Illusion Softworks\Hidden & Dangerous 2"
Task: {E50F801D-5D2F-4E3A-A080-7882ADD3A39A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-25 18:13 - 2017-11-25 18:13 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-11-30 21:57 - 2016-11-30 21:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-08-16 12:57 - 2016-07-22 15:42 - 019228160 _____ () C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
2017-11-22 17:29 - 2017-11-22 17:26 - 001322984 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2017-03-20 05:47 - 2017-03-20 05:47 - 000071680 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-20 05:47 - 2017-03-20 05:47 - 000176640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-20 05:47 - 2017-03-20 05:47 - 035234304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-18 21:59 - 2017-03-20 05:45 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-16 12:57 - 2013-10-11 08:43 - 000085504 _____ () C:\Program Files (x86)\Bloody6\Bloody6\DLL\DLL_ZoomControl.dll
2016-08-16 12:57 - 2016-05-26 14:28 - 004672512 _____ () C:\Program Files (x86)\Bloody6\Bloody6\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2017-11-15 16:13 - 2017-11-15 16:13 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-15 16:13 - 2017-11-15 16:13 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-06-29 12:24 - 2017-06-29 12:24 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-15 16:13 - 2017-11-15 16:13 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-15 16:13 - 2017-11-15 16:13 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-15 16:13 - 2017-11-15 16:13 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\WLXPGSS.SCR:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2017-11-25 18:03 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-86409248-2870395879-2700398821-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Prophet\Desktop\maxresdefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: ASUSGiftBoxDekstop => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) Security Assist => 3
MSCONFIG\Services: isaHelperSvc => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SecureLine => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\StartupFolder: => "fcbd.bat"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "GSplay.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "Source Voice InGame"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "World of Tanks"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "TB Client"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\StartupApproved\Run: => "Clownfish"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AAB3224F-A2BF-488B-B4D7-F6A388DA024E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{4147E67B-227D-4F3A-BF9E-9C4BB3A245C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{1523DDB8-DFF5-480A-8F50-CCCDF4426C85}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{74AB1E45-E141-4B41-817B-289786AD49D2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0474CE56-56AF-44AD-818E-1A9005340BEF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{045CAFE3-FCB3-4A6F-AFA0-D3301DF2A2C2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{C95EC440-353D-4DCA-87F4-0525B63E1CA0}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{9C12E86D-E982-472E-94BB-CE684B2EB17B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{4FFAF20C-1B25-4A78-92E9-E925574A8EF0}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{EE20A071-6BB5-4993-BCE7-A8523F7F9259}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C832C49C-9E13-4FD7-B08B-75FC88A3B021}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{0E54F833-40F3-4F95-A83E-C1CE5AEBA88E}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{275D1FFF-DD50-46F3-AE92-B2FF3D28BB3A}D:\games\doom\doomx64.exe] => (Block) D:\games\doom\doomx64.exe
FirewallRules: [TCP Query User{FAE2AEB8-1C8D-489F-BB9D-1FE3C0C558CF}D:\games\doom\doomx64.exe] => (Block) D:\games\doom\doomx64.exe
FirewallRules: [{6C5D39EB-6B53-4C48-A6C0-442EEAE13F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [{A9687D12-3537-4B80-9993-DD300843A59F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe
FirewallRules: [UDP Query User{C125DDAE-326B-462C-B75D-3265B8CE7635}C:\program files\doomsday 2.0.0\bin\doomsday.exe] => (Block) C:\program files\doomsday 2.0.0\bin\doomsday.exe
FirewallRules: [TCP Query User{C8B3B147-A7A5-432E-B54E-9833725A84AD}C:\program files\doomsday 2.0.0\bin\doomsday.exe] => (Block) C:\program files\doomsday 2.0.0\bin\doomsday.exe
FirewallRules: [UDP Query User{04981BFD-4990-43D2-8840-9494B95AC7BF}D:\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) D:\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{E6CE4BC5-833A-498E-A246-5C3E5161FB1F}D:\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) D:\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{04E905DE-2BA4-41AE-B88C-C74FBC5F9686}C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe] => (Allow) C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe
FirewallRules: [TCP Query User{FAD3C126-A11E-4CD5-A5F0-EF8B83E711CA}C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe] => (Allow) C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe
FirewallRules: [{31CB118E-FB90-4C96-81AA-25A8771D3ECB}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{7E5CB1AF-2CB3-4EA7-9ACE-381D63A23674}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{78055A85-DA81-4525-8F09-7BF4B4924017}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{A93B8043-CF48-4247-BD4B-BF5241A5ADEA}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{BE55981F-6193-40A4-8ADD-E8801453A050}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{4865F791-86BF-4F8D-8C13-A5FC7A439B93}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [UDP Query User{4F394B5C-4E19-4779-B8FB-1BE7B9EDE483}C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe] => (Block) C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe
FirewallRules: [TCP Query User{3B388658-19DF-4744-BF7E-88C246D9F7B3}C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe] => (Block) C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe
FirewallRules: [{A3126AA3-8016-475F-8444-BF6086F47FEF}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{83AC1FC5-84E6-432C-80B4-5836D64389A4}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [UDP Query User{5569F862-84F6-49BA-BA5A-4830E3A5BD41}C:\program files (x86)\quake iii arena\quake3.exe] => (Block) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{D8B1C062-2E52-432A-9150-C11B61FF819F}C:\program files (x86)\quake iii arena\quake3.exe] => (Block) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{CB8B2DC6-477B-44B4-BE73-575EC3B37371}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{A5337919-96A6-46C0-8F4D-31ECFC4D2476}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [{A75E77B8-1178-4884-B8D0-78AF1394C9C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Welcome to the Game\WTTG.exe
FirewallRules: [{E4C3F5EC-F002-4D85-8DD9-6B83BEBB1DBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Welcome to the Game\WTTG.exe
FirewallRules: [UDP Query User{5915DCC2-F3B2-4901-AA8F-4B196169173A}C:\users\prophet\desktop\ezquake-gl.exe] => (Allow) C:\users\prophet\desktop\ezquake-gl.exe
FirewallRules: [TCP Query User{AD35388E-B727-44DF-9701-A4E34041185A}C:\users\prophet\desktop\ezquake-gl.exe] => (Allow) C:\users\prophet\desktop\ezquake-gl.exe
FirewallRules: [{40342DF4-E08F-480E-A8AA-95FD95C2DB9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{74541D02-EF8F-4C0E-9D5F-82B1D84D3C83}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AE6E4E58-DA04-4F1F-A0DB-A4AEBE303A21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{B7B36CC3-CA75-4B73-BBB5-5428B0E39565}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{903C3387-7D96-41F0-B318-9F626466BDAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{A9ADF6D2-B05B-4393-AE2B-8B20EF0B8048}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{BB578D0E-44C3-418A-A478-2EE9AAE6759B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{B5A15E5B-0EFE-445F-82E8-79E821207033}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{7E5F1AB3-C86B-4C3C-84B4-5C1EA7D02B72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{730CD757-2858-406C-80F3-58E8C3482C1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{FA87568A-C63A-48D7-A7E2-77056673CFD7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4D233B37-E88B-4442-A35C-DCB83C7C999D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B09C3BB8-0A18-4C2A-8A39-2A4F53182112}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{EEB25244-EF24-4EAF-B779-C003954AB9E7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{0DFA1B4F-3DC8-4354-988C-6D7494BEFE6E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{6A886794-E875-4DC2-BC63-F47CB4BED76D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{7DB13AAA-F422-4B40-B3FC-2D0729DC3A19}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{591FBCB7-960C-4097-A109-AABF1E4AA98A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{A3E3259C-FB6D-4337-994B-E1DEC0E7E6A8}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{E8336D72-CBAD-467B-84D4-88D4869882BD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{F7C0880E-4A2E-4DCA-A731-2865E50A047A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{BB47B723-05CE-47EB-9A71-DB17BD1279A9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{7BE90913-0007-430A-9E6A-500A0850324E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{6A7CD2BE-362F-460B-9711-99D46FC146E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{37424C9C-7CAD-4641-96F5-BA40DE81C607}] => (Allow) C:\Games\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{A9F8254B-4257-41C1-B6FF-6B0CD530F3E3}] => (Allow) C:\Games\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{B2C5DB53-A01D-4823-A7F2-FCA756786C6D}] => (Allow) C:\Games\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{25507D2C-5679-4585-8819-61DF1E897006}] => (Allow) C:\Games\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{402FC9FE-39CD-4CC6-B3A8-C955F62533BB}] => (Allow) LPort=9987
FirewallRules: [{5A9C1CD3-CFC4-4076-AD81-F93CE4F9F454}] => (Allow) LPort=30033
FirewallRules: [{EFE0848F-9C72-4CB1-B522-35B0BFB9F30F}] => (Allow) LPort=10011
FirewallRules: [UDP Query User{C338110A-987F-4307-8CE8-F262581982EE}C:\users\prophet\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\prophet\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [TCP Query User{2AFFB58B-F663-4487-AFFF-2CA7EC13994E}C:\users\prophet\desktop\teamspeak3-server_win64\ts3server.exe] => (Allow) C:\users\prophet\desktop\teamspeak3-server_win64\ts3server.exe
FirewallRules: [{0B0174B8-E458-4108-9433-EA42B861BE33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{49CD95DA-BA69-4A9A-ABF9-1FC8DCDD0980}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D81E2E79-0D57-4B9D-945F-8C655FB054CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F6ACFD63-2063-4B1B-99D9-BF76F98CD016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{6E750B6F-5496-4817-8AF3-66B624E52B52}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{21E98DDF-5673-457E-A74C-E09474ABF7AC}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{64377257-7C39-4320-A2B0-36FF821F2E7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{59BDACB6-B8D7-4742-B81E-55193FDE5E4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{72DC4CDF-1097-43F2-996D-5071FC54D29B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{39F8070B-F458-4557-86A9-1528FAE4052F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{7C57A617-D619-42CE-9BDC-6BB28B9BB25D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{58530C8A-7541-480B-8498-1F193649F5C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{8DFF5528-11CB-4A83-A922-68F7178C0807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{CF550B8A-A32A-4AE2-8F73-003E517181FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{7D3C6F3B-8DD4-436F-BFD7-3BD1151F941B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{9F348B63-425D-4B08-8CD8-4B189E3CBE73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [UDP Query User{C0F30BB5-7CAE-493C-BB1A-FFDE32AD157A}C:\games\car mechanic simulator 2015\cms2015.exe] => (Block) C:\games\car mechanic simulator 2015\cms2015.exe
FirewallRules: [TCP Query User{5502FC55-2E6B-4AB0-8BEA-AC5DC0FBECD2}C:\games\car mechanic simulator 2015\cms2015.exe] => (Block) C:\games\car mechanic simulator 2015\cms2015.exe
FirewallRules: [UDP Query User{90362DA1-F1CC-4D49-8DA4-C5A266989E1A}C:\program files (x86)\ea\need for speed the run\need for speed the run.exe] => (Block) C:\program files (x86)\ea\need for speed the run\need for speed the run.exe
FirewallRules: [TCP Query User{50C6B779-74D2-4BD1-AE79-D787FC051BF5}C:\program files (x86)\ea\need for speed the run\need for speed the run.exe] => (Block) C:\program files (x86)\ea\need for speed the run\need for speed the run.exe
FirewallRules: [{4D4E7DEB-3448-4E3C-84E8-D1D3B09F590A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5C8A47DF-FD03-40DF-8AD6-FB2484DB3BAF}] => (Allow) LPort=1900
FirewallRules: [{86CB7EA0-CAC9-494A-AA12-330CCAE756BE}] => (Allow) LPort=2869
FirewallRules: [{46C7D645-75DC-453B-8582-73468D92BF3B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{64CFDF32-0F53-4264-AB3F-B0892E5EBEB3}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{0A7D2195-8BF8-4D26-A338-B250D10744B5}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{F1C7A4A8-6B70-4DA4-91EF-DAA9394027BA}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{0DC5E9E9-075A-4840-9049-00B550BD2B60}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{23555648-3C92-436F-B2FF-A7EE44B2BBEE}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{61EA7797-D022-4C96-BCDF-3564C52D3518}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3513A818-CD29-4275-80FC-7A1E8F5113D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1EF7E2E4-2203-44B0-8562-05A28BABE8FF}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{D3AEC4CF-D10D-412F-8AC3-C20AEAE5DD79}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{A5CE9C62-241B-4E93-8038-C2BCE4F79754}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EE2A5B59-2E4E-4F6B-B930-932F52F64576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{37CB2988-EB60-4621-96C8-1EC61AE5279A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{69B8E0E6-1BEE-4BD7-9C33-9C6D18CF7F98}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6326991B-921E-419F-8549-7A2B43B874BF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{86A09C0B-0D20-48AF-BE87-772E72A05DAD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CA60B73B-E4A6-490B-9226-5CB92976DF3D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6FDFE3A1-1EF6-44A8-B84B-C18CAF0D6D0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A7AE9A7-4F14-48F1-81FF-C755A06F0DEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{8B1C8A80-96C7-4165-85B1-15BAA05DDA87}F:\hry\crysis 2\bin32\crysis2.exe] => (Allow) F:\hry\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{53219BAD-6DB2-4203-9720-EC1CF5315D4A}F:\hry\crysis 2\bin32\crysis2.exe] => (Allow) F:\hry\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{3050BB5A-A101-496E-9F08-BDB3315201FC}C:\program files (x86)\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{F7C6B9CC-E2E9-442C-B5C3-754DC5AF699F}C:\program files (x86)\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{4816DEAC-38F2-4D37-AB23-CC423DABB0D0}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Block) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{D044309F-2246-4FFE-A346-4AD2CBD4997C}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Block) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [TCP Query User{B9F19252-0496-40B3-8551-AEA99E23A448}C:\program files (x86)\ea\crysis 2 - maximum edition\crysis2.exe] => (Block) C:\program files (x86)\ea\crysis 2 - maximum edition\crysis2.exe
FirewallRules: [UDP Query User{BFF9D587-BB4A-4C62-9A37-F2E0BFF15933}C:\program files (x86)\ea\crysis 2 - maximum edition\crysis2.exe] => (Block) C:\program files (x86)\ea\crysis 2 - maximum edition\crysis2.exe
FirewallRules: [TCP Query User{BD4F8833-F386-483B-9071-73450B84EA0A}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{FD886734-54C1-49CB-BD73-DF4B2A2DC24A}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{7BC57237-E461-4E52-99A3-C39EFFFD41AD}] => (Allow) C:\Users\Prophet\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE4915CD-2919-494E-91B7-10CEA404E27B}] => (Allow) C:\Users\Prophet\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1D507A41-7671-4B91-916B-F10EC4CB2516}] => (Allow) C:\Users\Prophet\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6BB1CB39-CC28-42A5-AB78-31CB30767B33}] => (Allow) C:\Users\Prophet\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{C71AF401-9868-49B5-89FB-2CE6EDE45DA7}] => (Allow) C:\Users\Prophet\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{5F737DE2-39C6-4F33-A768-B94D3998B569}] => (Allow) C:\Users\Prophet\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{23E76B4D-417F-4505-AFCF-74223F9E6F72}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{D438B1D8-5CA8-4615-91C7-50EFD35838B9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{800110A7-32C3-4A3D-AE89-5984EB2F2120}C:\program files\java\jre1.8.0_77\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\java.exe
FirewallRules: [UDP Query User{A6034580-F176-40D0-AE0D-7B76EDE74C98}C:\program files\java\jre1.8.0_77\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\java.exe
FirewallRules: [{80BA07DA-3516-4D03-94D2-C894E467A2E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{FCDA49EC-EA6E-42E8-AF25-6FA7503700F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [TCP Query User{58D5924E-6558-40BB-BEB7-88525AAC145F}C:\program files (x86)\prototype 2\prototype2.exe] => (Block) C:\program files (x86)\prototype 2\prototype2.exe
FirewallRules: [UDP Query User{9DD8F054-6EED-4470-BD53-6A9F213A468A}C:\program files (x86)\prototype 2\prototype2.exe] => (Block) C:\program files (x86)\prototype 2\prototype2.exe
FirewallRules: [{82DD8352-609B-48D2-9262-695EF3C9506D}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{AB78BD1D-A9CA-480D-9C0D-452C558FA50F}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{EA43232B-5C87-4EAC-A484-1684A042C2D6}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{6B54BE56-1674-41DC-80F0-E579A1756FCD}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{B642AC32-2AA3-48F9-BB1F-F1C58D5F9AD5}] => (Allow) LPort=25565
FirewallRules: [{C34F855E-05AA-4324-A490-91ABAC56AD22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{7FBC94A9-0A39-4A2A-84C0-6AC1A9564830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{A3EA3C41-3474-4B85-80A1-6ED05E40E4A6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{4C3AE7C6-F94F-4228-B621-4F8C6EA6F99F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{B96E6BA8-616F-45BD-ACEE-902260E0B78F}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{43BCFFBF-1464-4CF4-86AE-1C27C390F9E0}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [{6168178D-0044-487B-AC9E-14A327C4488D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6085FF95-27E0-494A-8AF9-DA04E707E863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2546AA83-8B90-470B-BA9B-2961048B9774}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{6E51999F-1AB9-4675-AAA0-6710479225E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{A20816A1-91C5-4B9C-9655-EE509B34325B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{1517A2F7-0C5F-4FCA-9FE4-576B857296C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3498C1B2-C916-4D93-9CFD-E3EB20291C7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{EC1CE6AF-D8BD-401B-8BA2-67FCD27DA999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{20AFAD40-1B2A-4565-A178-202EA55E1518}C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe] => (Allow) C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe
FirewallRules: [UDP Query User{F6E2CCA2-CB8F-47D2-83E8-C1A84AEC81D7}C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe] => (Allow) C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe
FirewallRules: [TCP Query User{ADA9EFE9-B19A-41DC-9C18-CF3524FC712C}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{3916B2B8-6D0C-4DEF-B02A-5F542DF8EBEC}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{A9870D51-DF8A-4E7A-8A61-6275EB66C018}C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe] => (Block) C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe
FirewallRules: [UDP Query User{329E7F83-E1EE-4B59-A088-12C157DFDAF2}C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe] => (Block) C:\program files (x86)\counter-strike 1.6 v42b full client\game.exe
FirewallRules: [TCP Query User{3F0D0DE9-0F45-495D-A1EE-C0CD70444A35}C:\hry\far cry 3\bin\farcry3_d3d11.exe] => (Block) C:\hry\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{834A3A64-0D85-44C9-9365-89826AEA4982}C:\hry\far cry 3\bin\farcry3_d3d11.exe] => (Block) C:\hry\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{14B2A737-ABC8-4A4F-9F2A-0AA19C5A5F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{7144A377-F2FF-4754-81F4-AD1848D587E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{FE6325E3-6279-4D8F-BD09-20A5F5E0BE90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{CE379592-CED4-4FD5-9B61-A522D9E6C7D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{6FA2FD4E-16E2-49FA-B345-4D26ADE37D60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{B824D962-A216-4003-9B2D-BE08C517E5D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [TCP Query User{85E46397-325E-45E5-8C36-3C1563214831}D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe] => (Block) D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{5B03D7D1-D7BC-4D80-9EA4-00F848E2861F}D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe] => (Block) D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe
FirewallRules: [TCP Query User{C5B8A6F1-2030-401F-B9E8-267A2E7B1194}C:\users\prophet\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\prophet\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0B2D6B57-05C3-4D19-9DB4-DFF769F16F1A}C:\users\prophet\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\prophet\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C833BED4-C1FD-49D5-A39C-3F8A0BFB1EBE}C:\program files (x86)\world of warcraft 6.2.3 full - firestorm\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\world of warcraft 6.2.3 full - firestorm\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{D62B034A-1238-42F6-9FAD-50810BB7A66D}C:\program files (x86)\world of warcraft 6.2.3 full - firestorm\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\world of warcraft 6.2.3 full - firestorm\hearthstone\hearthstone.exe
FirewallRules: [{B50A0BB0-7C4D-4F8A-9F54-5E2BCEF994E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{66CFD9A7-60B0-41FA-880F-D1311AB78944}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{40F24015-9AE4-48A1-B59B-A3701B6D4F8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21B98A6C-79D9-46AE-85A5-1E97E71E2E2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2021CFF2-1A8F-48BB-8961-B06A1E189974}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [{2E86BD1A-565B-48B0-9068-EE0BBDBBC2EA}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [{A62F4FC8-B9DD-4E66-B43A-CD928253BFBB}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [{7B9AF767-06BC-41FC-8EE8-0220F5568BE9}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [TCP Query User{0FB39ACC-AB90-4127-9801-16A0AB060854}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{9D49FD26-619F-4004-8C0D-C56DD2794430}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Block) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [{B18372D9-F284-4BE8-96A6-1161DEB81EA6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{7C672DD7-9593-4E01-8108-02380B026460}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{7916247C-41B8-47DE-89DC-FB1D35CDB54B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{F9DE6A0F-30D3-488B-9D44-3DC057A053C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B458C2D0-27D5-431A-8999-22F648A21A00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{905A941B-BAFE-4FF6-B086-186831EEDCCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{D8CC8A73-BC83-4E87-B32C-A08BEA4B9945}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{6EE45129-68BD-4F8F-B3D8-22F5F35D98BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{01E14F4E-8748-409B-8C07-81A269C4FAE7}C:\users\prophet\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\prophet\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{38A07336-DCE2-4BC5-A600-1289C967B305}C:\users\prophet\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\prophet\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{00D66D1F-B4C3-40EA-BA4D-65D59846246B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{DE1EDACC-6B2F-4514-BAD2-0E3FD697B77A}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{CDA8AA27-1BA2-46A3-B024-5996F9344251}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{64EB3780-BB12-44FA-847C-644DC2515792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B8F30F2E-0FD4-4534-BE7B-95121C088682}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{5A4FC926-F3EE-4C87-979D-0AD13297B8A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{8C49CF76-18EE-4349-B1E6-95D873D39EC9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{4F5412C3-F953-4C5A-9068-68DCC7EE6C33}] => (Allow) C:\Program Files (x86)\THQ\Juiced2_HIN\Juiced2_HIN.exe
FirewallRules: [{0BBC5648-6349-4A88-9405-BD6D1C786BE6}] => (Allow) C:\Program Files (x86)\THQ\Juiced2_HIN\Juiced2_HIN.exe
FirewallRules: [TCP Query User{BEC2F1AD-42B9-432E-B2B2-8139D26651F6}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files (x86)\ea games\need for speed underground 2\speed2.exe
FirewallRules: [UDP Query User{E6165E29-7979-409A-968C-86AFEE4B5A2D}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files (x86)\ea games\need for speed underground 2\speed2.exe
FirewallRules: [{2839DC83-1479-4C82-8DB7-81AAA557E0D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{E9D56249-C3E8-4B81-AFCA-ABE5BEE83626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [TCP Query User{848C8D16-BDF6-4733-92AC-5BEBB38AB2CB}D:\my.summer.car.v30.08.2017\my.summer.car.v30.08.2017\mysummercar.exe] => (Block) D:\my.summer.car.v30.08.2017\my.summer.car.v30.08.2017\mysummercar.exe
FirewallRules: [UDP Query User{DFAFF953-A4F2-4BFF-A877-3391C5E15DAC}D:\my.summer.car.v30.08.2017\my.summer.car.v30.08.2017\mysummercar.exe] => (Block) D:\my.summer.car.v30.08.2017\my.summer.car.v30.08.2017\mysummercar.exe
FirewallRules: [{FE302DCC-4C88-492E-9D18-9A17F8D9F8D2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{B3B044CC-6EBF-4D0E-9F2B-D4D589E90F79}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [TCP Query User{65151A6D-451E-43C4-A90D-43011BE67DD5}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5BCB162C-189B-425A-AAF8-2555DCB63E38}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{17D5C304-EB26-487E-9D22-3B79C054BD04}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{F132EEA9-93B1-4F96-BD8A-061791A1E2E8}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{A345699B-9B9D-4129-84DA-16FAA47C483A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{4CBCDB36-57E3-4BD3-AD1D-04C93873D548}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{8DAF9306-1B1D-4DC3-9EA2-742F848396DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{89EB0307-CD66-4DB7-8097-8654365720E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{B6A23D55-605A-477F-97FD-5B0EB8F35F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{E59CEC5D-18D7-435A-8014-5E7695CEFE3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space 2\deadspace2.exe
FirewallRules: [{98D8CE9D-65CD-4AA4-AFED-34B2BA4E10F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{EC423800-362B-4EB2-BB6C-08ED897B8B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{37126322-73CF-4685-98B4-4FEC52BE6F63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{A4ED12A1-901F-440F-BC83-EECBD4C8EC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe

[Prophet]

==================== Restore Points =========================

23-11-2017 17:54:29 Naplánovaný kontrolní bod
23-11-2017 18:14:20 JRT Pre-Junkware Removal
23-11-2017 18:19:40 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2017 10:25:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ZAM.exe, verze: 2.74.0.150, časové razítko: 0x00000000
Název chybujícího modulu: RPCRT4.dll, verze: 10.0.15063.674, časové razítko: 0xd343d532
Kód výjimky: 0xc0020043
Posun chyby: 0x00043d32
ID chybujícího procesu: 0x201c
Čas spuštění chybující aplikace: 0x01d36610b7fbe22f
Cesta k chybující aplikaci: C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\RPCRT4.dll
ID zprávy: d3dacc61-e38f-49fc-90aa-420996524620
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/26/2017 10:24:32 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (11/25/2017 06:42:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (11/25/2017 12:11:19 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (11/24/2017 07:54:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (11/24/2017 07:32:27 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (11/24/2017 07:32:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (11/24/2017 07:32:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (11/24/2017 07:32:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (11/24/2017 07:32:01 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (11/26/2017 10:25:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ZAM Controller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/26/2017 10:24:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/25/2017 06:11:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/25/2017 06:11:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Presentation Foundation Font Cache 3.0.0.0 bylo dosaženo časového limitu (30000 ms).

Error: (11/25/2017 06:11:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (11/25/2017 06:11:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/25/2017 06:11:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SAMSUNG Mobile Connectivity Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/25/2017 06:11:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/25/2017 06:06:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/25/2017 06:06:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 8059.99 MB
Available physical RAM: 5302.51 MB
Total Virtual: 9723.99 MB
Available Virtual: 6719.92 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:30.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:542.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3925EB41)

Partition: GPT.

==================== End of Addition.txt ============================

[Orcus]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} - "I:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d53-cf45-11e5-9bd6-80a58923c7ac} - "G:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} - "H:\RunGame.exe"
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-86409248-2870395879-2700398821-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>


(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusť FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

[Prophet]

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by Prophet (26-11-2017 11:54:32) Run:1
Running from C:\Users\Prophet\Desktop
Loaded Profiles: Prophet (Available Profiles: Prophet)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} - "I:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d53-cf45-11e5-9bd6-80a58923c7ac} - "G:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} - "H:\RunGame.exe"
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-86409248-2870395879-2700398821-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} => key removed successfully
HKLM\Software\Classes\CLSID\{bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} => key not found.
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc41d53-cf45-11e5-9bd6-80a58923c7ac} => key removed successfully
HKLM\Software\Classes\CLSID\{ddc41d53-cf45-11e5-9bd6-80a58923c7ac} => key not found.
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} => key removed successfully
HKLM\Software\Classes\CLSID\{ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully


The system needed a reboot.

==== End of Fixlog 11:55:36 ====

[jaro3]

Ještě jeden.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} - "I:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d53-cf45-11e5-9bd6-80a58923c7ac} - "G:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} - "H:\RunGame.exe"
ShortcutTarget: Twitch.lnk -> C:\Users\Prophet\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-86409248-2870395879-2700398821-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Users\Prophet\AppData\Local\Resmon.ResmonCfg
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {83D5C072-46D9-40E3-9016-2CB4FA670208} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {877BC5FA-2482-4723-A201-6F593F572FE6} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {885BBF4A-3251-48AB-98B0-E38E657A7AD9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {AEF6C8B7-93BA-4856-B439-6DE888504086} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {E50F801D-5D2F-4E3A-A080-7882ADD3A39A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
AlternateDataStreams: C:\WINDOWS\WLXPGSS.SCR:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Program Files (x86)\vnd8ezmqkg.dat

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Prophet]

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017 01
Ran by Prophet (27-11-2017 16:05:55) Run:2
Running from C:\Users\Prophet\Desktop
Loaded Profiles: Prophet (Available Profiles: Prophet)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} - "I:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d53-cf45-11e5-9bd6-80a58923c7ac} - "G:\RunGame.exe"
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\...\MountPoints2: {ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} - "H:\RunGame.exe"
ShortcutTarget: Twitch.lnk -> C:\Users\Prophet\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-86409248-2870395879-2700398821-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Users\Prophet\AppData\Local\Resmon.ResmonCfg
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {83D5C072-46D9-40E3-9016-2CB4FA670208} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {877BC5FA-2482-4723-A201-6F593F572FE6} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {885BBF4A-3251-48AB-98B0-E38E657A7AD9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {AEF6C8B7-93BA-4856-B439-6DE888504086} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {E50F801D-5D2F-4E3A-A080-7882ADD3A39A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
AlternateDataStreams: C:\WINDOWS\WLXPGSS.SCR:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} => key not found
HKLM\Software\Classes\CLSID\{bbeae8ff-f1bd-11e5-9be6-2c56dc3618e0} => key not found
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc41d53-cf45-11e5-9bd6-80a58923c7ac} => key not found
HKLM\Software\Classes\CLSID\{ddc41d53-cf45-11e5-9bd6-80a58923c7ac} => key not found
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} => key not found
HKLM\Software\Classes\CLSID\{ddc41d7d-cf45-11e5-9bd6-80a58923c7ac} => key not found
C:\Users\Prophet\AppData\Roaming\Twitch\Bin\Twitch.exe => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKU\S-1-5-21-86409248-2870395879-2700398821-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key not found
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Users\Prophet\AppData\Local\Resmon.ResmonCfg => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83D5C072-46D9-40E3-9016-2CB4FA670208} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83D5C072-46D9-40E3-9016-2CB4FA670208} => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{877BC5FA-2482-4723-A201-6F593F572FE6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{877BC5FA-2482-4723-A201-6F593F572FE6} => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{885BBF4A-3251-48AB-98B0-E38E657A7AD9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{885BBF4A-3251-48AB-98B0-E38E657A7AD9} => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AEF6C8B7-93BA-4856-B439-6DE888504086} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEF6C8B7-93BA-4856-B439-6DE888504086} => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E50F801D-5D2F-4E3A-A080-7882ADD3A39A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E50F801D-5D2F-4E3A-A080-7882ADD3A39A} => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => key removed successfully
C:\WINDOWS\WLXPGSS.SCR => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\CFRMD.sys => ":$CmdTcID" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 70376291 B
Java, Flash, Steam htmlcache => 516645972 B
Windows/system/drivers => 1233721 B
Edge => 2530830 B
Chrome => 0 B
Firefox => 385150369 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 29378 B
NetworkService => 0 B
Prophet => 53434781 B

RecycleBin => 10835423 B
EmptyTemp: => 999.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:07:13 ====

[Prophet]

https://www.virustotal.com/#/file/b7717 ... /detection