Author Topic: [In Progress] Avira suspicious files warning, slow internet  (Read 2827 times)

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #15 on: December 27, 2016, 10:28:25 PM »
Sorry, next time I'll make sure to ask first. The computer was running slow, and freezing very frequently. Here are the new scan results.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Katrina (administrator) on TRINA-PC (27-12-2016 19:24:45)
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Valve Corporation) D:\Steam\Steam.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Flux Software LLC) C:\Users\Katrina\AppData\Local\FluxSoftware\Flux\flux.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
((C) LINE Corporation) C:\Program Files\WindowsApps\NAVER.LINEwin8_5.4.6.0_x64__8ptj331gd3tyt\LINE_APP.exe
() C:\Program Files\WindowsApps\NAVER.LINEwin8_5.4.6.0_x64__8ptj331gd3tyt\VoipHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe\Music.UI.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira System Speedup User Starter] => "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\Run: [Steam] => D:\Steam\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\Run: [MusicManager] => C:\Users\Katrina\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-12-13] (Siber Systems)
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\Run: [Google Update] => C:\Users\Katrina\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-19] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-10-31] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-12-10]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-12-10]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-12-10]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2016-11-17]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (No File)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{15191175-0a54-4bed-a533-06e171fa0513}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2c2320df-e52a-400d-a653-bca286dc916c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3bd93821-b9da-451c-ad8f-59b3fe9adb9a}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{92ab792f-c7fb-4c15-8d71-aa2aba08d94e}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> DefaultScope {9CE73D96-60F5-4725-B57C-E6DBCC21EAB7} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CE73D96-60F5-4725-B57C-E6DBCC21EAB7} URL =
SearchScopes: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001 -> DefaultScope {59475AA8-6A00-4D28-92E6-7D7A3172BFBF} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-13] (Siber Systems Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-13] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-13] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-13] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-13] (Siber Systems Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2016-12-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-23]

FireFox:
========
FF ProfilePath: C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196 [2016-12-27]
FF NewTab: Mozilla\Firefox\Profiles\guklx149.default-1466234566196 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\guklx149.default-1466234566196 -> hxxps://habitica.com/#/tasks
FF Keyword.URL: Mozilla\Firefox\Profiles\guklx149.default-1466234566196 -> user_pref("keyword.URL", true);
FF Extension: (Grammarly for Firefox) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-11-02]
FF Extension: (Avira Browser Safety) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-06-26]
FF Extension: (MEGA) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\firefox@mega.co.nz.xpi [2016-12-26]
FF Extension: (Emoji Stickers Postcards Emoticons) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\i2symbol@sciweavers.org.xpi [2016-10-10]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2016-08-06]
FF Extension: (Pin It button) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-07-04]
FF Extension: (Rikaichan Japanese-English Dictionary File) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\rikaichan-jpen@polarcloud.com [2016-06-18]
FF Extension: (Rikaichan Japanese Names Dictionary File) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\rikaichan-jpnames@polarcloud.com [2016-06-18]
FF Extension: (uBlock Origin) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\uBlock0@raymondhill.net.xpi [2016-12-19]
FF Extension: (Rikaisama) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\{697F6AFE-5321-4DE1-BFE6-4471C3721BD4} [2016-06-18]
FF Extension: (LeechBlock) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-08-09]
FF Extension: (Greasemonkey) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-12-13]
FF HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2016-04-16] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3486530618-2175211192-3325098576-1001: @nsroblox.roblox.com/launcher -> C:\Users\Katrina\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3486530618-2175211192-3325098576-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Katrina\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3486530618-2175211192-3325098576-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Katrina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3486530618-2175211192-3325098576-1001: @talk.google.com/O1DPlugin -> C:\Users\Katrina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3486530618-2175211192-3325098576-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3486530618-2175211192-3325098576-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Katrina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Katrina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=875977&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default [2016-12-20]
CHR Extension: (No Name) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-10]
CHR Extension: (No Name) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-10]
CHR Extension: (No Name) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-10]
CHR Extension: (No Name) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-10]
CHR Extension: (Google Cast) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-09-10]
CHR Extension: (YOU.DJ app) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2016-09-10]
CHR Extension: (No Name) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-10]
CHR Extension: (SiteAdvisor) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-09-10]
CHR Extension: (No Name) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-10]
CHR Extension: (No Name) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-10]
CHR Extension: (Chrome Media Router) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-04-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-04-02]


Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #16 on: December 27, 2016, 10:41:31 PM »
==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-25] (Windows (R) Win 7 DDK provider)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [299440 2016-12-20] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-29] (Acer Incorporated)
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2016-01-04] (BioWare)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-07] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [362120 2015-11-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520 2015-07-06] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2016-12-12] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [395616 2015-07-17] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-17] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 SpeedupService; "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-10-17] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [28272 2016-12-15] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-11-02] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_f9dcfec999e08ef9\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 14:13 - 2016-12-26 14:13 - 00000000 ____D C:\Users\Katrina\AppData\Local\UnrealEngine
2016-12-26 14:13 - 2016-12-26 14:13 - 00000000 ____D C:\Users\Katrina\AppData\Local\TheMeanGreens
2016-12-26 10:08 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-12-26 10:08 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-12-26 10:08 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-12-26 10:08 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-12-26 10:08 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-12-26 10:08 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-12-26 10:08 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-12-26 10:08 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-12-25 19:21 - 2016-12-25 19:21 - 00000322 _____ C:\Users\Katrina\Desktop\ESET results.txt
2016-12-25 15:48 - 2016-12-25 15:49 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Katrina\Desktop\esetonlinescanner_enu.exe
2016-12-23 22:32 - 2016-12-23 22:32 - 00000501 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-12-23 22:32 - 2016-12-23 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-12-23 20:11 - 2016-12-23 20:11 - 03126768 _____ (Blizzard Entertainment) C:\Users\Katrina\Desktop\Battle.net-Setup.exe
2016-12-23 17:48 - 2016-12-23 18:12 - 00000000 ___HD C:\$SysReset
2016-12-21 20:27 - 2016-12-23 17:48 - 00002938 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2016-12-21 15:27 - 2016-12-21 15:27 - 00000000 ____D C:\Users\Katrina\AppData\Local\ESET
2016-12-20 11:08 - 2016-12-23 18:23 - 00000771 _____ C:\Users\Katrina\Desktop\JRT.txt
2016-12-20 11:03 - 2016-12-20 11:05 - 01663040 _____ (Malwarebytes) C:\Users\Katrina\Desktop\JRT.exe
2016-12-20 11:03 - 2016-12-20 11:03 - 00009814 _____ C:\Users\Katrina\Desktop\AdwCleaner[C4].txt
2016-12-20 10:50 - 2016-12-20 10:51 - 03977168 _____ C:\Users\Katrina\Desktop\adwcleaner_6.041.exe
2016-12-19 12:19 - 2016-12-19 12:19 - 00000000 ____D C:\Users\Katrina\AppData\LocalLow\Hinterland
2016-12-19 11:48 - 2016-12-19 11:48 - 00000000 ____D C:\Users\Katrina\AppData\Local\Hinterland
2016-12-18 10:04 - 2016-12-27 19:25 - 00032294 _____ C:\Users\Katrina\Desktop\FRST.txt
2016-12-18 10:03 - 2016-12-27 19:24 - 00000000 ____D C:\FRST
2016-12-18 10:01 - 2016-12-23 18:16 - 02420736 _____ (Farbar) C:\Users\Katrina\Desktop\FRST64.exe
2016-12-18 08:44 - 2016-12-18 08:44 - 00000000 _____ C:\WINDOWS\system32\tracert
2016-12-17 14:53 - 2016-12-17 14:53 - 00003714 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001UA1d258b86a90d5ec
2016-12-17 14:53 - 2016-12-17 14:53 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001Core1d258b86a8d049b
2016-12-17 10:14 - 2016-12-17 11:15 - 00549624 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-12-17 01:09 - 2016-12-17 01:09 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\NVIDIA
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\Katrina\Documents\AGS
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\RELAY
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\GameSparks
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\AGS
2016-12-16 20:45 - 2016-12-16 20:45 - 00000000 ____D C:\Users\Katrina\.aws
2016-12-16 20:38 - 2016-12-16 20:38 - 00000874 _____ C:\Users\Public\Desktop\Breakaway.lnk
2016-12-16 19:36 - 2016-12-16 20:45 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Twitch
2016-12-16 19:36 - 2016-12-16 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twitch Launcher
2016-12-16 19:36 - 2016-12-16 19:36 - 00000590 _____ C:\Users\Public\Desktop\Twitch Launcher.lnk
2016-12-16 19:36 - 2016-12-16 19:36 - 00000000 ____D C:\ProgramData\Twitch
2016-12-16 19:31 - 2016-12-16 19:33 - 133525984 _____ (Twitch) C:\Users\Katrina\Downloads\TwitchLauncherInstaller.exe
2016-12-16 18:54 - 2016-12-16 18:54 - 00000228 _____ C:\Users\Katrina\Documents\discord_backup_codes.txt
2016-12-14 23:41 - 2016-12-14 23:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-14 23:41 - 2016-12-11 10:47 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-12-14 23:41 - 2016-12-09 00:52 - 07639617 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-12-14 23:41 - 2016-09-09 10:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-12-14 23:41 - 2016-09-09 10:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-12-14 23:41 - 2016-09-09 10:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-12-14 23:41 - 2016-09-09 10:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-12-14 23:40 - 2016-12-11 19:03 - 40125496 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 35222976 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 34710584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 28201408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 10912744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 10353960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 09158616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 08761560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 03474392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 02950200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 02587704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437633.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437633.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 01038392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00974784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00942528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00894400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00643928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-12-14 23:40 - 2016-12-11 19:03 - 00042286 _____ C:\WINDOWS\system32\nvinfo.pb
2016-12-14 23:40 - 2016-12-11 19:03 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-12-14 23:40 - 2016-12-11 19:03 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-12-13 10:32 - 2016-12-09 02:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 10:32 - 2016-12-09 02:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 10:32 - 2016-12-09 02:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 10:32 - 2016-12-09 02:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 10:32 - 2016-12-09 02:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 10:32 - 2016-12-09 02:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 10:32 - 2016-12-09 02:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 10:32 - 2016-12-09 01:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 10:32 - 2016-12-09 01:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 10:32 - 2016-12-09 01:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 10:32 - 2016-12-09 01:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 10:32 - 2016-12-09 01:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 10:32 - 2016-12-09 01:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 10:32 - 2016-12-09 01:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 10:32 - 2016-12-09 01:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 10:32 - 2016-12-09 01:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 10:32 - 2016-12-09 01:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 10:32 - 2016-12-09 01:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 10:32 - 2016-12-09 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 10:31 - 2016-12-09 02:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 10:31 - 2016-12-09 02:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 10:31 - 2016-12-09 02:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 10:31 - 2016-12-09 02:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 10:31 - 2016-12-09 02:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 10:31 - 2016-12-09 02:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 10:31 - 2016-12-09 02:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 10:31 - 2016-12-09 02:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 10:31 - 2016-12-09 02:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 10:31 - 2016-12-09 02:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 10:31 - 2016-12-09 02:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 10:31 - 2016-12-09 02:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 10:31 - 2016-12-09 02:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 10:31 - 2016-12-09 02:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 10:31 - 2016-12-09 02:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 10:31 - 2016-12-09 02:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 10:31 - 2016-12-09 02:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 10:31 - 2016-12-09 02:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 10:31 - 2016-12-09 02:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 10:31 - 2016-12-09 02:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 10:31 - 2016-12-09 02:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 10:31 - 2016-12-09 02:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 10:31 - 2016-12-09 02:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 10:31 - 2016-12-09 02:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 10:31 - 2016-12-09 02:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 10:31 - 2016-12-09 02:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 10:31 - 2016-12-09 02:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 10:31 - 2016-12-09 02:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 10:31 - 2016-12-09 02:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 10:31 - 2016-12-09 02:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 10:31 - 2016-12-09 01:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 10:31 - 2016-12-09 01:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 10:31 - 2016-12-09 01:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 10:31 - 2016-12-09 01:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 10:31 - 2016-12-09 01:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 10:31 - 2016-12-09 01:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 10:31 - 2016-12-09 01:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 10:31 - 2016-12-09 01:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 10:31 - 2016-12-09 01:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 10:31 - 2016-12-09 01:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 10:31 - 2016-12-09 01:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 10:31 - 2016-12-09 01:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 10:31 - 2016-12-09 01:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 10:31 - 2016-12-09 01:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 10:31 - 2016-12-09 01:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 10:31 - 2016-12-09 01:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 10:31 - 2016-12-09 01:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 10:31 - 2016-12-09 01:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 10:31 - 2016-12-09 01:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 10:31 - 2016-12-09 01:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 10:31 - 2016-12-09 01:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 10:31 - 2016-12-09 01:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 10:31 - 2016-12-09 01:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 10:31 - 2016-12-09 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 10:31 - 2016-12-09 01:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 10:31 - 2016-12-09 01:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 10:31 - 2016-12-09 01:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 10:31 - 2016-12-09 01:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 10:31 - 2016-12-09 01:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 10:31 - 2016-12-09 01:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 10:31 - 2016-12-09 01:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 10:31 - 2016-12-09 01:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 10:31 - 2016-12-09 01:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 10:31 - 2016-12-09 01:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 10:31 - 2016-12-09 01:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 10:31 - 2016-12-09 01:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 10:31 - 2016-12-09 01:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 10:31 - 2016-12-09 01:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 10:31 - 2016-12-09 01:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 10:31 - 2016-12-09 01:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 10:31 - 2016-12-09 01:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 10:31 - 2016-12-09 01:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 10:31 - 2016-12-09 01:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 10:31 - 2016-12-09 01:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 10:31 - 2016-12-09 01:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 10:31 - 2016-12-09 01:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 10:31 - 2016-12-09 01:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 10:31 - 2016-12-09 01:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 10:31 - 2016-12-09 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 10:31 - 2016-12-09 01:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 10:31 - 2016-12-09 01:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 10:31 - 2016-12-09 01:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 10:31 - 2016-12-09 01:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 10:31 - 2016-12-09 01:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 10:31 - 2016-12-09 01:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 10:31 - 2016-12-09 01:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 10:31 - 2016-12-09 01:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 10:31 - 2016-12-09 01:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 10:31 - 2016-12-09 01:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 10:31 - 2016-12-09 01:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 10:31 - 2016-12-09 01:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 10:31 - 2016-12-09 01:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 10:31 - 2016-12-09 01:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 10:31 - 2016-12-09 00:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 10:31 - 2016-11-02 02:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 10:31 - 2016-11-02 02:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 10:31 - 2016-09-15 08:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-11 00:11 - 2016-12-12 06:08 - 00000102 _____ C:\Users\Katrina\AppData\Roaming\WB.CFG
2016-12-10 23:50 - 2016-12-10 23:50 - 00000003 _____ C:\WINDOWS\SysWOW64\HRUPPROG.EXIT
2016-12-10 23:49 - 2016-12-10 23:50 - 00000003 _____ C:\WINDOWS\SysWOW64\HRUPPROG.TXT
2016-12-10 23:49 - 2016-12-07 10:26 - 00395024 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-12-10 14:12 - 2016-12-10 14:12 - 00000000 ____D C:\ProgramData\UniqueId
2016-12-10 14:11 - 2016-12-10 14:14 - 00000000 ____D C:\Users\Katrina\AppData\Local\WinZip
2016-12-10 14:11 - 2016-12-10 14:12 - 00000000 ____D C:\ProgramData\WinZip
2016-12-10 14:11 - 2016-12-10 14:11 - 00003610 _____ C:\WINDOWS\System32\Tasks\WinZipBackGroundToolsTask
2016-12-10 14:11 - 2016-12-10 14:11 - 00002840 _____ C:\WINDOWS\System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527}
2016-12-10 14:11 - 2016-12-10 14:11 - 00002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2016-12-10 14:11 - 2016-12-10 14:11 - 00002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip Background Tools.lnk
2016-12-10 14:11 - 2016-12-10 14:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-12-10 14:11 - 2016-12-10 14:11 - 00002189 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-12-10 14:11 - 2016-12-10 14:11 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2016-12-10 14:11 - 2016-12-10 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2016-12-10 14:11 - 2016-12-10 14:11 - 00000000 ____D C:\Program Files\WinZip
2016-12-10 14:10 - 2016-12-10 14:10 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-10 14:09 - 2016-12-10 14:10 - 01499680 _____ (WinZip) C:\Users\Katrina\Downloads\winzip21-home.exe
2016-12-10 13:42 - 2016-12-10 13:42 - 00000803 _____ C:\Users\Public\Desktop\MEGAsync.lnk
2016-12-10 13:42 - 2016-12-10 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-12-10 13:42 - 2016-12-10 13:42 - 00000000 ____D C:\ProgramData\MEGAsync
2016-12-10 12:26 - 2016-12-10 13:20 - 00000000 ____D C:\Users\Katrina\AppData\Local\MEGAsync
2016-12-09 12:05 - 2016-11-11 02:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 12:05 - 2016-11-11 02:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 12:05 - 2016-11-11 02:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 12:05 - 2016-11-11 02:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 12:05 - 2016-11-11 02:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 12:05 - 2016-11-11 02:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 12:05 - 2016-11-11 02:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 12:05 - 2016-11-11 02:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 12:05 - 2016-11-11 02:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 12:05 - 2016-11-11 02:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 12:05 - 2016-11-11 02:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 12:05 - 2016-11-11 02:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 12:05 - 2016-11-11 02:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 12:05 - 2016-11-11 02:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 12:05 - 2016-11-11 02:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 12:05 - 2016-11-11 02:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 12:05 - 2016-11-11 02:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 12:05 - 2016-11-11 02:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 12:05 - 2016-11-11 02:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 12:05 - 2016-11-11 02:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 12:05 - 2016-11-11 01:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 12:05 - 2016-11-11 01:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 12:05 - 2016-11-11 01:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 12:05 - 2016-11-11 01:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 12:05 - 2016-11-11 01:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 12:05 - 2016-11-11 01:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 12:05 - 2016-11-11 01:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 12:05 - 2016-11-11 01:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 12:05 - 2016-11-11 01:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 12:05 - 2016-11-11 01:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 12:05 - 2016-11-11 01:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 12:05 - 2016-11-11 01:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 12:05 - 2016-11-11 01:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 12:05 - 2016-11-11 01:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 12:05 - 2016-11-11 01:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 12:05 - 2016-11-11 01:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 12:05 - 2016-11-11 01:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 12:05 - 2016-11-11 01:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 12:05 - 2016-11-11 01:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 12:05 - 2016-11-11 01:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 12:05 - 2016-11-11 01:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 12:05 - 2016-11-11 01:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 12:05 - 2016-11-11 01:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 12:05 - 2016-11-11 01:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 12:05 - 2016-11-11 01:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 12:05 - 2016-11-11 01:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 12:05 - 2016-11-11 01:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 12:05 - 2016-11-11 01:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 12:05 - 2016-11-11 01:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 12:05 - 2016-11-11 01:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 12:05 - 2016-11-11 01:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 12:05 - 2016-11-11 01:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 12:05 - 2016-11-11 01:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 12:05 - 2016-11-11 01:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 12:05 - 2016-11-11 01:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 12:05 - 2016-11-11 01:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 12:05 - 2016-11-11 01:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 12:05 - 2016-11-11 01:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 12:05 - 2016-11-11 01:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 12:05 - 2016-11-11 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 12:05 - 2016-11-11 01:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 12:05 - 2016-11-11 01:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 12:05 - 2016-11-11 01:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 12:05 - 2016-11-11 01:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 12:05 - 2016-11-11 01:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 12:05 - 2016-11-11 01:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 12:05 - 2016-11-11 01:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 12:05 - 2016-11-11 01:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 12:05 - 2016-11-11 01:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 12:05 - 2016-11-11 01:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 12:05 - 2016-11-11 01:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 12:05 - 2016-11-11 01:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 12:05 - 2016-11-11 01:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 12:05 - 2016-11-11 01:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 12:05 - 2016-11-11 01:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 12:05 - 2016-11-11 01:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-09 12:05 - 2016-11-11 01:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 12:05 - 2016-11-11 01:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 12:05 - 2016-11-11 01:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 12:05 - 2016-11-11 01:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 12:05 - 2016-11-11 01:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 12:05 - 2016-11-11 01:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 12:05 - 2016-11-11 01:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 12:05 - 2016-11-11 01:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 12:05 - 2016-11-11 01:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 12:05 - 2016-11-11 01:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 12:05 - 2016-11-11 01:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 12:05 - 2016-11-11 01:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 12:05 - 2016-11-11 01:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 12:05 - 2016-11-11 01:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 12:05 - 2016-11-11 01:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 12:05 - 2016-11-11 01:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 12:05 - 2016-11-11 01:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 12:05 - 2016-11-11 01:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 12:05 - 2016-11-11 01:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 12:05 - 2016-11-11 01:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 12:05 - 2016-11-11 01:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 12:05 - 2016-11-11 01:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 12:05 - 2016-11-11 01:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 12:05 - 2016-11-11 01:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 12:05 - 2016-11-11 01:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 12:05 - 2016-11-11 01:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 12:05 - 2016-11-11 01:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 12:05 - 2016-11-11 01:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 12:05 - 2016-11-11 01:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 12:05 - 2016-11-11 01:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 12:05 - 2016-11-11 01:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 12:05 - 2016-11-11 01:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 12:05 - 2016-11-11 01:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 12:05 - 2016-11-11 01:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 12:05 - 2016-11-11 01:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 12:05 - 2016-11-11 01:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 12:05 - 2016-11-11 01:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 12:05 - 2016-11-11 01:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 12:05 - 2016-11-11 01:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 12:05 - 2016-11-11 01:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 12:05 - 2016-11-11 00:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 12:05 - 2016-11-11 00:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 12:05 - 2016-11-10 23:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 12:05 - 2016-11-10 23:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 12:05 - 2016-11-10 23:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 12:05 - 2016-11-10 23:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 12:05 - 2016-11-10 23:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 12:05 - 2016-11-10 23:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 12:05 - 2016-11-10 23:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 12:05 - 2016-11-10 23:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 12:05 - 2016-11-10 23:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 12:05 - 2016-11-10 23:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 12:05 - 2016-11-10 23:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 12:05 - 2016-11-10 23:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 12:05 - 2016-11-10 23:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 12:05 - 2016-11-10 23:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 12:05 - 2016-11-10 23:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 12:05 - 2016-11-10 23:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 12:05 - 2016-11-10 23:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 12:05 - 2016-11-10 23:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 12:05 - 2016-11-10 23:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 12:05 - 2016-11-10 23:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 12:05 - 2016-11-10 23:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 12:05 - 2016-11-10 23:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 12:05 - 2016-11-10 23:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 12:05 - 2016-11-10 23:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 12:05 - 2016-11-10 23:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 12:05 - 2016-11-10 23:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 12:05 - 2016-11-10 23:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 12:05 - 2016-11-10 23:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 12:05 - 2016-11-10 23:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 12:05 - 2016-11-10 23:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 12:05 - 2016-11-10 23:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 12:05 - 2016-11-10 23:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 12:05 - 2016-11-10 23:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 12:05 - 2016-11-10 23:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 12:05 - 2016-11-10 23:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 12:05 - 2016-11-10 23:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 12:05 - 2016-11-10 23:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 12:05 - 2016-11-10 23:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 12:05 - 2016-11-10 23:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 12:05 - 2016-11-10 23:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 12:05 - 2016-11-10 23:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 12:05 - 2016-11-10 23:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 12:05 - 2016-11-10 23:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 12:05 - 2016-11-10 23:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 12:05 - 2016-11-10 23:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 12:05 - 2016-11-10 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 12:05 - 2016-11-10 23:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 12:05 - 2016-11-10 23:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 12:05 - 2016-11-10 23:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 12:05 - 2016-11-10 23:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 12:05 - 2016-11-10 23:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 12:05 - 2016-11-10 23:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 12:05 - 2016-11-10 23:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 12:05 - 2016-11-10 23:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 12:05 - 2016-11-10 23:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 12:05 - 2016-11-10 23:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 12:05 - 2016-11-10 23:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 12:05 - 2016-11-10 23:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 12:05 - 2016-11-10 23:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 12:05 - 2016-11-10 23:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 12:05 - 2016-11-10 23:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 12:05 - 2016-11-10 23:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 12:05 - 2016-11-10 23:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 12:05 - 2016-11-10 23:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 12:05 - 2016-11-10 23:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 12:05 - 2016-11-10 23:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 12:05 - 2016-11-10 23:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 12:05 - 2016-11-10 23:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 12:05 - 2016-11-10 23:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 12:05 - 2016-11-10 23:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 12:05 - 2016-11-10 23:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 12:05 - 2016-11-10 23:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 12:05 - 2016-11-10 23:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 12:05 - 2016-11-10 23:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 12:05 - 2016-11-10 23:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 12:04 - 2016-12-09 12:04 - 00001209 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-12-09 12:04 - 2016-11-11 02:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 12:04 - 2016-11-11 02:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 12:04 - 2016-11-11 01:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 12:04 - 2016-11-11 01:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 12:04 - 2016-11-11 01:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 12:04 - 2016-11-11 01:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 12:04 - 2016-11-11 01:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 12:04 - 2016-11-11 01:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 12:04 - 2016-11-11 01:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 12:04 - 2016-11-11 01:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 12:04 - 2016-11-11 01:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 12:04 - 2016-11-11 01:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 12:04 - 2016-11-11 01:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 12:04 - 2016-11-11 01:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 12:04 - 2016-11-11 01:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 12:04 - 2016-11-11 01:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 12:04 - 2016-11-11 01:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 12:04 - 2016-11-11 01:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 12:04 - 2016-11-11 01:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 12:04 - 2016-11-11 01:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 12:04 - 2016-11-11 01:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 12:04 - 2016-11-11 01:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 12:04 - 2016-11-11 01:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 12:04 - 2016-11-11 01:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 12:04 - 2016-11-11 01:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 12:04 - 2016-11-11 01:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 12:04 - 2016-11-11 01:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 12:04 - 2016-11-11 01:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 12:04 - 2016-11-11 01:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 12:04 - 2016-11-11 01:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 12:04 - 2016-11-11 01:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 12:04 - 2016-11-11 01:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 12:04 - 2016-11-11 01:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 12:04 - 2016-11-11 01:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 12:04 - 2016-11-11 01:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 12:04 - 2016-11-11 01:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 12:04 - 2016-11-11 01:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 12:04 - 2016-11-11 01:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 12:04 - 2016-11-11 01:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 12:04 - 2016-11-11 01:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 12:04 - 2016-11-11 01:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 12:04 - 2016-11-11 01:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 12:04 - 2016-11-11 01:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 12:04 - 2016-11-11 01:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 12:04 - 2016-11-11 01:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 12:04 - 2016-11-11 01:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 12:04 - 2016-11-11 01:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 12:04 - 2016-11-11 01:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 12:04 - 2016-11-11 01:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 12:04 - 2016-11-11 01:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 12:04 - 2016-11-11 01:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 12:04 - 2016-11-11 01:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 12:04 - 2016-11-11 01:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 12:04 - 2016-11-11 01:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 12:04 - 2016-11-11 01:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 12:04 - 2016-11-11 01:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 12:04 - 2016-11-11 00:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 12:04 - 2016-11-11 00:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 12:04 - 2016-11-11 00:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 12:04 - 2016-11-10 23:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 12:04 - 2016-11-10 23:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 12:04 - 2016-11-10 23:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 12:04 - 2016-11-10 23:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 12:04 - 2016-11-10 23:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 12:04 - 2016-11-10 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 12:04 - 2016-11-10 23:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 12:04 - 2016-11-10 23:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 12:04 - 2016-11-10 23:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 12:04 - 2016-11-10 23:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 12:04 - 2016-11-10 23:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 12:04 - 2016-11-10 23:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 12:04 - 2016-11-10 23:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 12:04 - 2016-11-10 23:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 12:04 - 2016-11-10 23:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 12:04 - 2016-11-10 23:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 12:04 - 2016-11-10 23:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-07 01:04 - 2016-12-07 01:04 - 02414544 _____ (Google Inc.) C:\WINDOWS\system32\GIMEJa.ime
2016-12-07 01:04 - 2016

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #17 on: December 27, 2016, 10:51:31 PM »
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 15:53 - 2016-09-22 09:34 - 05625234 _____ C:\WINDOWS\system32\perfh011.dat
2016-12-27 15:53 - 2016-09-22 09:34 - 01671300 _____ C:\WINDOWS\system32\perfc011.dat
2016-12-27 15:53 - 2016-04-02 20:36 - 15503378 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-27 15:45 - 2016-09-22 08:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-27 15:03 - 2016-11-18 15:38 - 00000000 ____D C:\Users\Katrina\AppData\LocalLow\Mozilla
2016-12-27 14:57 - 2016-05-05 09:32 - 00000000 ____D C:\Users\Katrina\AppData\Local\Battle.net
2016-12-27 11:37 - 2016-05-05 09:25 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-27 11:12 - 2016-04-02 20:48 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Skype
2016-12-27 11:08 - 2016-09-22 08:42 - 00000000 ____D C:\Users\Katrina
2016-12-27 11:08 - 2016-09-22 08:40 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-27 11:08 - 2016-09-22 08:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-27 11:08 - 2016-04-02 17:12 - 00000000 __SHD C:\Users\Katrina\IntelGraphicsProfiles
2016-12-27 02:52 - 2016-06-17 07:51 - 00000000 ____D C:\AdwCleaner
2016-12-26 20:30 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-26 19:14 - 2016-04-18 12:16 - 00000000 ____D C:\Users\Katrina\AppData\Local\ElevatedDiagnostics
2016-12-26 14:43 - 2016-04-04 12:20 - 00000000 ____D C:\Users\Katrina\AppData\Local\CrashDumps
2016-12-25 19:23 - 2016-09-22 08:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-25 19:23 - 2016-07-15 22:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-24 19:17 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 08:14 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-23 20:41 - 2016-04-15 10:21 - 00000000 ____D C:\Users\Katrina\AppData\LocalLow\Temp
2016-12-23 18:22 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-23 18:19 - 2016-10-27 05:37 - 00001117 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-12-23 18:19 - 2016-10-27 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-12-23 18:13 - 2016-04-02 17:12 - 00000000 ____D C:\Users\Katrina\AppData\Local\NVIDIA Corporation
2016-12-23 18:13 - 2016-04-02 17:12 - 00000000 ____D C:\Users\Katrina\AppData\Local\NVIDIA
2016-12-23 18:12 - 2016-11-04 11:58 - 00000000 ____D C:\Users\Katrina\Documents\Euro Truck Simulator 2
2016-12-23 18:12 - 2016-10-21 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-23 18:12 - 2016-09-22 08:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\CareCenter
2016-12-23 18:12 - 2016-09-22 08:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-23 18:12 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-23 18:12 - 2016-05-05 17:32 - 00000000 ____D C:\Users\Katrina\Documents\Overwatch
2016-12-23 18:12 - 2016-05-05 09:24 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Battle.net
2016-12-23 18:12 - 2015-01-29 11:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-23 18:11 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\registration
2016-12-23 18:10 - 2016-05-05 09:24 - 00000000 ____D C:\ProgramData\Battle.net
2016-12-20 10:59 - 2016-06-30 12:37 - 00000000 ____D C:\searchplugins
2016-12-20 00:43 - 2016-04-13 09:54 - 00000000 ____D C:\Users\Katrina\Documents\Anki
2016-12-19 11:48 - 2015-01-29 11:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-18 11:13 - 2016-04-15 16:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-17 16:04 - 2016-04-03 13:37 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001UA.job
2016-12-17 16:04 - 2016-04-03 13:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001Core.job
2016-12-17 15:59 - 2016-06-17 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-12-17 14:44 - 2016-09-10 09:08 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-17 14:44 - 2016-09-10 09:08 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-17 14:38 - 2016-09-22 08:51 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 14:38 - 2016-09-22 08:51 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 10:26 - 2014-07-13 19:18 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-15 07:26 - 2016-11-18 10:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-15 07:26 - 2016-08-20 14:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-15 07:26 - 2016-04-02 17:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 07:22 - 2016-10-27 05:36 - 00153904 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-12-15 07:22 - 2016-10-27 05:36 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-12-15 07:22 - 2016-10-27 05:36 - 00028272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2016-12-14 23:41 - 2016-09-22 08:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-14 23:41 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Help
2016-12-14 16:22 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 16:22 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 11:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-13 17:27 - 2016-09-22 08:39 - 00298544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-13 13:10 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-13 11:01 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 10:59 - 2016-04-02 22:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-13 10:56 - 2016-04-02 22:39 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 10:20 - 2016-09-22 08:51 - 00003582 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2016-12-13 10:20 - 2016-04-02 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-12-12 20:45 - 2016-11-03 21:11 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-12-12 20:45 - 2016-10-27 10:55 - 00001439 _____ C:\Users\Katrina\Desktop\ROBLOX Player.lnk
2016-12-12 20:45 - 2016-10-23 15:56 - 00001254 _____ C:\Users\Katrina\Desktop\ROBLOX Studio.lnk
2016-12-11 15:56 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:56 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:00 - 2016-04-02 21:14 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\com.sarahnorthway.rebuild3
2016-12-11 06:35 - 2016-07-16 06:14 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-12-10 14:10 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-10 14:10 - 2013-08-22 07:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-10 13:41 - 2016-05-17 20:59 - 13049800 _____ (MEGA Limited) C:\Users\Katrina\Downloads\MEGAsyncSetup.exe
2016-12-10 12:14 - 2016-05-17 21:41 - 00000000 ___RD C:\Users\Katrina\Documents\MEGAsync Downloads
2016-12-09 17:43 - 2016-02-13 05:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-09 17:34 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-09 17:34 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-09 17:34 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-09 17:34 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-09 17:34 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-09 17:34 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-09 17:34 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-09 17:34 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-09 17:34 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-09 11:23 - 2016-07-16 03:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-08 22:17 - 2016-10-26 09:42 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Audacity
2016-12-03 12:36 - 2016-05-05 09:23 - 03126768 _____ (Blizzard Entertainment) C:\Users\Katrina\Downloads\Battle.net-Setup.exe
2016-12-02 06:38 - 2016-04-02 20:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-02 06:38 - 2016-04-02 20:48 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-12-11 00:11 - 2016-12-12 06:08 - 0000102 _____ () C:\Users\Katrina\AppData\Roaming\WB.CFG
2016-05-09 08:52 - 2016-05-09 08:52 - 0007605 _____ () C:\Users\Katrina\AppData\Local\Resmon.ResmonCfg
2016-09-22 08:40 - 2016-09-22 08:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-21 20:27 - 2016-12-23 18:10 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-21 20:27 - 2016-12-23 17:48 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-23 18:44

==================== End of FRST.txt ============================

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #18 on: December 27, 2016, 11:01:02 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Katrina (27-12-2016 19:25:10)
Running from C:\Users\Katrina\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-22 16:55:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3486530618-2175211192-3325098576-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3486530618-2175211192-3325098576-503 - Limited - Disabled)
Guest (S-1-5-21-3486530618-2175211192-3325098576-501 - Limited - Disabled)
Katrina (S-1-5-21-3486530618-2175211192-3325098576-1001 - Administrator - Enabled) => C:\Users\Katrina
lizar (S-1-5-21-3486530618-2175211192-3325098576-1003 - Limited - Disabled)
Minib (S-1-5-21-3486530618-2175211192-3325098576-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 (HKLM\...\UDK-89b63289-98cf-45a3-a701-40f5fc4835de) (Version:  - RuneStorm
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Anki (HKLM-x32\...\Anki) (Version:  - )
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.1.20599 - Avira Operations GmbH & Co. KG)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Breakaway (HKLM-x32\...\600505cc-de2f-4b99-9960-c47ee5d23f04) (Version:  - AOFH7)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
Broforce (HKLM\...\Steam App 274190) (Version:  - Free Lives)
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Brother Product Research and Support Program (HKLM-x32\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.2.0001 - Brother Industries, Ltd.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.02 - CyberLink Corp.)
Democracy 3 (HKLM\...\Steam App 245470) (Version:  - Positech Games)
Discord (HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Everlasting Summer (HKLM\...\Steam App 331470) (Version:  - Soviet Games)
f.lux (HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\Flux) (Version:  - )
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
Free to Play (HKLM\...\Steam App 245550) (Version:  - Valve)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
Ghost in the Shell: Stand Alone Complex - First Assault Online (HKLM\...\Steam App 369200) (Version:  - Neople)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hero Siege (HKLM\...\Steam App 269210) (Version:  - Elias Viglione)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LibreOffice 5.1.1.3 (HKLM-x32\...\{2F9F0129-3D3D-4F77-8580-C910DD649645}) (Version: 5.1.1.3 - The Document Foundation)
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
MachineCraft (HKLM\...\Steam App 397100) (Version:  - G2CREW)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.206 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Moonbase Alpha (HKLM\...\Steam App 39000) (Version:  - Virtual Heroes)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Music Manager (HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\MusicManager) (Version:  - Google, Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Path of Exile (HKLM-x32\...\{8c29d45d-09c6-49f9-b6c2-ad777473baee}) (Version: 2.2.2.55121 - Grinding Gear Games)
Path of Exile (x32 Version: 2.2.2.55121 - Grinding Gear Games) Hidden
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Phantom Breaker: Battle Grounds (HKLM\...\Steam App 329490) (Version:  - MAGES.)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.619A - Qualcomm Atheros)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Katrina (HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RoboForm 7-9-25-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-25-5 - Siber Systems)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skyperious 3.5 (HKLM-x32\...\Skyperious) (Version: 3.5 - Erki Suurjaak)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TERA (HKLM\...\Steam App 323370) (Version:  - Bluehole Inc.)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viscera Cleanup Detail (HKLM\...\Steam App 246900) (Version:  - RuneStorm)
Viscera Cleanup Detail: alpha v0.25
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Word Search Creator 1.0 (HKLM-x32\...\Word Search Creator) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00425550-4D26-4B5E-828D-E51E16511878} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-06-24] ()
Task: {00760F0C-1A74-4A50-AD2A-809CC371BAF0} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-17] ()
Task: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => C:\Users\Katrina\AppData\Roaming\HAPOHO~1\SYNHEL~1.EXE <==== ATTENTION
Task: {2D2F409F-1D07-4778-93E6-8A33B9EC0F04} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {2EBD4220-732B-44B3-81C3-43C4898DD7DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {3416802F-055B-4551-8101-DFFC01F3AD0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001UA1d258b86a90d5ec => C:\Users\Katrina\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37D806F8-B515-431F-BA66-D8BD838F5A27} - System32\Tasks\CareCenter\RtHDVCpl_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-09-08] (Realtek Semiconductor)
Task: {3BC812B7-CDB1-47A2-B3AA-B453A2D600C4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {426D902C-0116-432D-8B8C-01E709ED5377} - System32\Tasks\CareCenter\Skype_Reg_HKCURun_S-1-5-21-3486530618-2175211192-3325098576-1001 => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
Task: {48BDEEE4-0AF8-42C8-94FA-E3D4750A22D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001Core1d258b86a8d049b => C:\Users\Katrina\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {59B3147D-F124-4A3E-A64A-24B5747B802A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {5C9A3EAA-F68F-42C4-99BA-735B4F81E243} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {640FC14B-A70E-468C-9B28-B0840F9CCADF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {71AFC26C-EAB6-45AE-8C48-EC671FEBA565} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {72FC1075-E479-4364-8481-7CD47FB50810} - System32\Tasks\CareCenter\Brother BPRSP.lnk_FolderCommonAppdata => C:\WINDOWS\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_6861D01CB00C428FAA7298BB572A9511.exe [2016-07-14] (Flexera Software LLC)
Task: {885259D7-E71E-45BF-A18B-430D124CE143} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {8DBED2BA-340C-43C4-9F09-B27B00CC8977} - System32\Tasks\CareCenter\f.lux_Reg_HKCURun_S-1-5-21-3486530618-2175211192-3325098576-1001 => C:\Users\Katrina\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-23] (Flux Software LLC)
Task: {9563DAF7-AFF3-4EA2-BFF8-7BA40DF60EE5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {A0CBE92D-F6B9-4D7C-9C82-F7A5162792B8} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
Task: {A67CE523-220B-43F6-B8E6-895F5E358C54} - System32\Tasks\Microsoft\Windows\MemDiag => C:\WINDOWS\system32\mdres.exe [2016-07-16] (Microsoft Corporation)
Task: {B4B83F5B-AFC2-490F-AA9A-1A2316CCD132} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {B5EE82F2-69AB-4A23-BDC0-0C17785F5D9D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001Core => C:\Users\Katrina\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {B81365B2-FF31-4B05-B7F2-EF385161CDF1} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.)
Task: {BD1029DC-2F38-4738-AAEA-D22C213B6BDE} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {BDAD6289-364F-4EEE-8B85-66CB66F3E58E} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-17] (Acer Incorporated)
Task: {C77A379A-28B8-42C7-874E-709FB44C434F} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {CD97FE0D-094B-48A0-A47B-CC360248D9F2} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {CF3382D0-5B28-4182-8FAB-964E3F495C8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {D0DC6265-69DF-46BE-81CD-C39EEFF7D987} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-12-13] (Siber Systems)
Task: {D415FE71-0255-4320-B544-FD07DD0696B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {DAE48142-82A2-4508-BC72-8B4C55BAA9FA} - System32\Tasks\CareCenter\SunJavaUpdateSched_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {DD54D6E6-3BFF-45D9-BF28-43F18ACC3447} - System32\Tasks\CareCenter\BrStsMon00_Reg_HKLMWow6432Run => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2014-05-22] (Brother Industries, Ltd.)
Task: {E59B3FAA-9FE2-426A-97CF-B91FD186AE16} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001UA => C:\Users\Katrina\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {E74FE2E4-EA96-43B0-9C91-11A2EDA6544F} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-17] (Acer Incorporated)
Task: {E96494A1-1854-43C8-A91B-1D08D39EB1FA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {F38B60B7-4454-4DF4-AFE6-9C6C0B2CC491} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {F3B25354-4D36-4FE1-8D1A-511731141620} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {F71194C1-CC2F-459C-BC8C-CA79D017CA70} - System32\Tasks\CareCenter\RtHDVBg_Dolby_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-09-08] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001Core.job => C:\Users\Katrina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3486530618-2175211192-3325098576-1001UA.job => C:\Users\Katrina\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Search Creator\Word Search Creator Website.lnk -> hxxp://wsc.sf.net/

ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download
ShortcutWithArgument: C:\Users\Public\Desktop\PRIVATE WiFi.lnk -> C:\Program Files\PRIVATE WiFi\StartURL.exe () -> hxxp://www.privatewifi.com/partner/clicks.php?pid=928649&bid=76&campaign=default

==================== Loaded Modules (Whitelisted) ==============

2016-07-14 16:44 - 2005-04-21 20:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-01-29 11:31 - 2012-04-24 02:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-10-21 09:42 - 2016-11-17 05:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-21 09:42 - 2016-11-17 05:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-21 09:42 - 2016-11-17 05:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 10:31 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-14 23:41 - 2016-12-11 10:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 10:31 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 10:31 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-31 11:45 - 2016-10-31 11:45 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2016-09-22 11:46 - 2016-09-22 11:46 - 01864384 _____ () C:\Users\Katrina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-11-06 03:48 - 2015-11-06 03:48 - 00392832 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-22 09:36 - 2016-09-22 09:36 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 10:31 - 2016-12-09 01:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-14 07:39 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-14 07:39 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-14 07:39 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-14 07:39 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-14 07:39 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-14 07:39 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 06:59 - 2016-12-14 07:00 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 06:59 - 2016-12-14 07:00 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 06:59 - 2016-12-14 07:00 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 06:59 - 2016-12-14 07:00 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-08-15 14:24 - 2016-08-15 14:24 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2016-06-24 17:54 - 2016-06-24 17:54 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2015-01-29 11:36 - 2014-07-01 14:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-11-16 06:15 - 2016-11-16 06:15 - 01079808 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.4.6.0_x64__8ptj331gd3tyt\Sqlite.dll
2016-09-09 17:11 - 2016-09-09 17:12 - 06078976 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.4.6.0_x64__8ptj331gd3tyt\BackEndWin10Univ.dll
2016-11-16 06:15 - 2016-11-16 06:15 - 00034304 _____ () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.4.6.0_x64__8ptj331gd3tyt\VoipHost.exe
2016-12-13 10:22 - 2016-12-13 10:24 - 04876288 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe
2016-12-13 10:22 - 2016-12-13 10:24 - 01093120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2015-07-06 19:36 - 2015-07-06 19:36 - 01243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-04-02 18:11 - 2016-11-17 05:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-21 09:42 - 2016-11-17 05:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-21 09:42 - 2016-11-17 05:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-21 09:42 - 2016-12-12 06:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-21 09:42 - 2016-12-12 06:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-21 09:42 - 2016-12-12 06:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-21 09:42 - 2016-12-12 06:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-21 09:42 - 2016-12-12 06:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-21 09:42 - 2016-12-12 06:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-21 09:42 - 2016-12-12 06:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-13 10:14 - 2016-12-08 07:13 - 00656160 _____ () D:\Steam\SDL2.dll
2016-11-23 22:54 - 2016-08-31 17:02 - 04969248 _____ () D:\Steam\v8.dll
2016-12-21 11:43 - 2016-12-19 18:25 - 02322720 _____ () D:\Steam\video.dll
2016-11-23 22:54 - 2016-01-26 23:49 - 02549760 _____ () D:\Steam\libavcodec-56.dll
2016-11-23 22:54 - 2016-01-26 23:49 - 00491008 _____ () D:\Steam\libavformat-56.dll
2016-11-23 22:54 - 2016-01-26 23:49 - 00332800 _____ () D:\Steam\libavresample-2.dll
2016-11-23 22:54 - 2016-01-26 23:49 - 00442880 _____ () D:\Steam\libavutil-54.dll
2016-11-23 22:54 - 2016-01-26 23:49 - 00485888 _____ () D:\Steam\libswscale-3.dll
2016-11-23 22:54 - 2016-08-31 17:02 - 01563936 _____ () D:\Steam\icui18n.dll
2016-11-23 22:54 - 2016-08-31 17:02 - 01195296 _____ () D:\Steam\icuuc.dll
2016-12-21 11:43 - 2016-12-19 18:25 - 00838944 _____ () D:\Steam\bin\chromehtml.DLL
2016-11-23 22:54 - 2016-07-04 14:17 - 00266560 _____ () D:\Steam\openvr_api.dll
2016-12-13 10:14 - 2016-12-05 08:21 - 67304736 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
2016-12-21 11:43 - 2016-12-19 18:25 - 00388384 _____ () D:\Steam\steam.dll
2016-11-23 22:54 - 2015-09-24 15:52 - 00119208 _____ () D:\Steam\winh264.dll
2016-08-15 17:03 - 2016-08-15 17:03 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 17:05 - 2016-08-15 17:05 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 17:05 - 2016-08-15 17:05 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 17:04 - 2016-08-15 17:04 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-09-22 08:43 - 2016-09-22 08:43 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 14:09 - 2016-08-30 14:09 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 14:05 - 2016-08-30 14:05 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 00202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 09:51 - 2016-09-09 09:51 - 00119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001\...\StartupApproved\Run: => "MusicManager"


Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #19 on: December 27, 2016, 11:02:22 PM »
==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{5EC691E8-E42E-41F9-9939-3E5C1AC1254C}] => LPort=54925
FirewallRules: [{BADE1748-26A2-4865-87D4-45116F0E7ADD}] => C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{A727C99A-060C-4E7E-9AE4-6036DEA9DFE6}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{69AFAD77-2C06-41B1-8E06-43CC3917169D}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{4187DCFF-9261-4B43-ACB2-6C8DA6EEE19A}] => D:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{0171A4BB-CE5B-4B35-B2BE-64CEBFB6DB0F}] => D:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{DD4BFC0D-E765-4573-B725-CDC369D22123}] => D:\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{D1E1DA3F-3E2C-495C-92FE-8BD2EFBDAC47}] => D:\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{6FB8B0E7-04AE-47BB-95A0-A8F66627D9DD}] => D:\japanese\anki\anki.exe
FirewallRules: [{788AAE89-037C-433E-9950-72F4FF474618}] => D:\japanese\anki\anki.exe
FirewallRules: [UDP Query User{A0A205DF-25CA-4F70-9646-23ACFF76BD25}D:\japanese\anki\anki.exe] => D:\japanese\anki\anki.exe
FirewallRules: [TCP Query User{CFFE368E-4182-434C-A640-0C03651B47EC}D:\japanese\anki\anki.exe] => D:\japanese\anki\anki.exe
FirewallRules: [{B7877D37-5A78-4D56-844C-7CD037868507}] => D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{46B87281-D39C-4374-A0C3-A0E3D1059E8A}] => D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{45DCC5EE-9EBD-4E17-99E3-798104260794}D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{B8D6FBFA-39DD-4163-AC7B-0C8CBB42C09B}D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => D:\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{EE40B719-7563-496E-90F4-03FFBFB7DD34}] => D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{51A552A6-BEB4-40CC-9ACF-26EE88EEF078}] => D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{6C629FD4-9EB5-4050-A021-038F7479880C}] => D:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{1263E7D7-3969-4CAC-9EF0-DF7684AC913A}] => D:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{6C136640-D4A2-4875-9683-2A4D1D6D1E68}] => D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{C2901D53-E0EA-423E-A5DE-244DEF9985F6}] => D:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{F65E5B40-2018-46A3-9B4F-E8B9C151E9D6}] => D:\games\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [{FD69D9AA-307A-4D63-83FB-CB37D5688458}] => D:\games\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C5A8096F-F01F-4771-A638-F67675355A8F}D:\games\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => D:\games\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D65CB947-487D-45CE-8A05-EBBEC3847E63}D:\games\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => D:\games\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [{7BC9E4E7-3105-4AC3-800C-215A05431F58}] => D:\games\overwatch\overwatch.exe
FirewallRules: [{77EE815B-6B36-47A2-8556-776A837D6573}] => D:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{103D2DA3-09B2-4868-8D4E-823C15CE714A}D:\games\overwatch\overwatch.exe] => D:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{605CD5B1-2374-47F9-B44D-AB1DA755BDB0}D:\games\overwatch\overwatch.exe] => D:\games\overwatch\overwatch.exe
FirewallRules: [{51C3DF9D-F79A-49FD-B796-606EF46CF1E1}] => D:\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{C5DB8D05-E0C5-41EA-92E0-2E48636B54F1}] => D:\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{383E2914-AE36-4296-9EA5-1099C7982ABA}D:\steam\steamapps\common\trine 2\trine2_32bit.exe] => D:\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [TCP Query User{BC3DE2F9-4E62-4C33-9D21-9F9CF61D8781}D:\steam\steamapps\common\trine 2\trine2_32bit.exe] => D:\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{5EA3074A-6007-4831-9677-90404A4EAF56}] => D:\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe
FirewallRules: [{0EBF5483-A971-425F-8CDC-C97E62DBA4A1}] => D:\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe
FirewallRules: [UDP Query User{B84F05E4-8C3D-4578-BFD3-04CBFC29A892}D:\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe] => D:\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe
FirewallRules: [TCP Query User{18DA43B3-C1B7-47D8-9238-C7253BB0188B}D:\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe] => D:\steam\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe
FirewallRules: [{9549E4FB-9A5B-4DA0-8738-4DED1D33682F}] => D:\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{A06EFFE3-F76A-49AF-83F5-BC8AAE2C0B4C}] => D:\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{D00BC1A9-2432-45C9-8962-7B4E6165CF94}] => D:\Steam\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{AB7517A3-8809-4229-8C7E-C67ADA172AB6}] => D:\Steam\steamapps\common\Ratz Instagib\RatzInstagib.exe
FirewallRules: [{B39ABC46-5716-41F2-B5C7-0A737F1B9F6F}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{C7DD2AA0-CDA1-496E-A0BB-9C3E60D19D81}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{F4C211A1-FFA9-4016-914A-0D7F909CB2A6}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{FF45E01F-E16E-4AC3-A4DA-6B81817FEA75}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{5A6B1E14-B96D-45F8-A321-A8699CEB04F9}] => D:\Steam\steamapps\common\Rebuild Gangs of Deadsville\game\Rebuild3.exe
FirewallRules: [{6C598EA6-E6A5-42E2-B401-15E57128BCE3}] => D:\Steam\steamapps\common\Rebuild Gangs of Deadsville\game\Rebuild3.exe
FirewallRules: [{2CA30333-48B6-4AC6-A7D8-426699F35690}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E3DFC0C6-DB2C-4614-BEA4-81F80C20E63E}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{97D9BC78-5318-4A5A-9AB6-59CD23A1D50D}] => C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{F40A84B9-5F3F-445F-A633-3F647586CFB7}] => C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{AB35D7FF-FA5B-40F9-B7EF-1CF8139A1050}] => C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{E4BC5ADE-307B-43D6-AA21-987B9E43EB48}] => C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{859450DD-FBE4-4838-9DB2-1EE625A84D4D}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{CC636B08-D087-4B00-AF7E-0ECBA2DA7F53}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C3810AF2-6BC2-4F16-BBDE-EEC5DB0C95DD}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{5B8669D1-B464-47FF-8FCD-2C2CA8CA5209}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{18EED226-758E-4552-8263-FFBD4B547CE1}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D2A0D8E0-6D12-41F9-B7C6-21D254082CBF}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E1502E1B-FBF9-4A98-A6AB-CF355A801711}] => D:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{977D5517-F8B0-426F-9046-33E879E03815}] => D:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0ADA717A-D98B-4FF3-A0D9-C59AB10DE566}] => D:\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{E4E71D64-98EC-423E-B224-2113052E6A83}] => D:\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{22BB41E5-6D16-4018-8623-C7CD128E716B}] => D:\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{6CD81290-DECF-4978-ADA3-4295DE6B9C22}] => D:\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{9BD9B247-47BF-4048-91BE-08186FD3C2C5}] => D:\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{21440769-2265-4D76-ADBC-C517DE446562}] => D:\Steam\steamapps\common\Everlasting Summer\Everlasting Summer.exe
FirewallRules: [{5A0290F3-9C2A-4988-916A-556793FC2F9C}] => D:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{1E1E181F-93B2-48B2-BD18-672EB30FC1E4}] => D:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{FE695E0A-BDA6-4284-B647-ED502CCA2A19}] => D:\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{FC343C84-15C4-4849-B87D-FD4F8CDE24D4}] => D:\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{C500BB15-B277-459A-B8E8-89B9FCDE25E9}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{49102125-BAD8-4FBF-84DC-56ED777D232C}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD94B50D-34DC-4BF6-B3D1-90F985D6258D}] => D:\Steam\Steam.exe
FirewallRules: [{66487F51-8EA3-4089-BA4E-03BCE4D099C8}] => D:\Steam\Steam.exe
FirewallRules: [{8028EA9A-ECE1-489C-A25D-FAA034EE5E45}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0AA5D0D2-BC33-4E8C-888D-1EED19D16990}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6C14714A-9969-4A0F-B6B7-70B6222B645F}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{20BF5318-BFD6-4337-A0DE-718B156DEB58}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9C45A4D9-B3B2-40D7-A654-25136FCD7F7A}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{53C37CA1-6B6E-41C8-80A3-304106F1BA11}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{E57813A8-1D36-4AA3-AF46-76DA9C25174C}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1B1D3EFC-6366-4A3A-BDB1-816277F7E9CE}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{032CBDB3-8480-44C8-BC79-F9D2C0E60397}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{2547741B-5469-4811-A28C-563E10A388B4}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{83C2DE93-4634-4ACE-911C-19329752A994}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0F388B46-EBC2-4A29-AA96-9AB50B9797FB}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{CE58362A-01A7-441C-9A85-4819DB873A05}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{76228ED4-D848-4501-9E66-B1595FE4AD90}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{59640838-5917-441B-959B-58E5A0C661F9}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7ACE8AB4-1E8B-4593-838A-B5AF65C917CD}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{73E301EC-BFE2-4AFB-913D-C06F217EB378}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{52DC0BD8-C6D2-4F1E-8126-07AF2C2B2843}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{811CB18F-3AA4-4434-A4DA-7D4D026E58E3}] => C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{074D2E4B-49E4-4865-AF22-F1D055532B54}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FAFAAB79-7FC9-4323-B947-78218549A85A}] => C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{47D81036-B12D-4B31-99F2-6C940C110AB8}] => C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A6E3D232-E26E-4F2C-AF8A-68AFB7EACFBE}] => C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B1288703-CC52-4CBD-82B8-02A1C277DA22}] => C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0B69C772-2A1A-488B-8FA1-BF9676A80355}] => C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8C0730C9-FEF6-48C6-B2A1-CEEA1F3E056D}] => C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E1219DFE-702F-4F1B-B5A4-D8BD9B58156D}] => C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F43DDD2F-6400-4E63-AF2F-6ECDE8E5FF1C}] => C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{737E8122-35D7-492E-BFB6-4C000337B511}] => C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0F46C1C1-2633-4236-B19B-DF8861C1E9A7}] => C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{73F2D761-56BF-4A01-817C-4286B194982B}] => C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{6FDC8A0A-AD1C-4B36-8707-682FC8BD7E1B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC5757FB-8D0F-49B8-AC3D-DF9C334573C5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DB49342-E776-4E61-9EC0-3184710B75E7}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{07A35630-59A8-4130-9BA5-B8B4B5847F31}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D54EE2AD-11DB-4AEB-B88B-EA0DE9784B90}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B30917CD-7F4D-42A4-AE49-CE5432B50C13}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0760C241-C733-4243-83E8-C3C303A21456}] => C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{978928FC-B14B-4A59-9FEC-3889554C6496}] => C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{FFCADBF2-4DF1-4F3E-94EF-C6757CB422A9}] => C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{80DD84F5-16F9-43E4-AB71-74A74B54CD5C}] => C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{C7242C6C-44E2-4B6F-9353-C34140EE61A2}] => C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{28014BDF-1BCA-4C6D-9807-D1B64B1EC218}] => C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{B6CDED80-0857-4536-8A04-D674D9763A68}] => C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{D494FB39-140D-4838-B815-ED48D2A288C4}] => C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{FD1CC3CB-707B-4B62-9B54-82A0CFD5261B}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{EFA86A1D-4485-458A-9E12-5BF6985F7AE1}] => D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{D68D97E1-EA52-4732-ADE2-4FABA5F861E1}] => D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{2417997F-D31B-4C93-A194-E9FD1BD2BADB}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{176DBF1A-AA23-433D-9E25-A80D548475EB}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{3770995B-B2B3-4D83-B3A6-F2525F931F47}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{14DFA183-F891-4124-B917-4B317A5E191D}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1ED96447-E29C-4893-8C02-AD1425370928}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{3784B7D1-C2CB-49F0-B26E-03B2228C462E}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{5DC2B1EE-C49C-4059-9554-9E33BE5AE08A}] => D:\Download\Downloads\Vuze\Azureus.exe
FirewallRules: [{42D69546-C315-4238-961E-F56D494A63BC}] => D:\Download\Downloads\Vuze\Azureus.exe
FirewallRules: [{280B4A72-C5A4-4DFA-A903-3CBA2A379FF0}] => C:\Program Files (x86)\Browny02\Brother\BrotherNetTool.exe
FirewallRules: [{28CAFC8E-5473-424D-A0A8-D1D2DD12D85D}] => C:\Program Files (x86)\Browny02\Brother\BrotherNetTool.exe
FirewallRules: [{00FD2D90-CCC0-497F-8DFD-EACF2AFC0FBA}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{3F2411F4-A6CD-4C6C-8B75-42B78F03A788}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{47D39BEB-3192-4AC4-B2CF-4765CEBC513E}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B698B10-DB84-480B-AB6E-3A8D7594A9AB}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A01C7D56-F989-4E4B-B466-9CDD6A243CB3}] => D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D7BB2B6B-5609-44F1-B42E-8FEE6E42E365}] => D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{AB0B028E-496C-4FC6-AEEA-AF003AD43FC9}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1F6DB2A-ED49-4426-9A69-E15D89BC8A33}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB5B4923-5E76-4F13-A084-F2891C3BC3AF}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A6EA20BC-9F83-4624-BA59-2A8AF2445619}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7FBEBBE3-B3BE-4148-9FBF-AE092648C564}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C8D5D6C-2799-4AA8-8B03-CD1F62859E29}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42E040F5-BB3B-4630-952C-CDF8D19D2868}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8735B6D1-1A37-49B9-94A2-446137C9D9AF}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E2C6DD53-5930-4C8B-98C2-B0D2C224AF10}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E28FD013-047F-4BC2-A99D-C512A6E1E4CF}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3D206B56-75EF-44E4-8322-4A595108CA88}] => D:\Steam\steamapps\common\Free to Play\FTP.exe
FirewallRules: [{E09B92A4-659A-4BCF-8A12-83B948E32DC7}] => D:\Steam\steamapps\common\Free to Play\FTP.exe
FirewallRules: [{4BF68236-1CA6-4FCB-87B0-D163A6A97033}] => D:\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{B5A25C55-8BF2-481B-9E18-4DF891EC41C7}] => D:\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{E452DF42-0161-4DE4-ABB4-CAB4CD501D59}] => D:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{B1ADE436-5787-43BC-8883-191AEAD2E0C5}] => D:\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{EC882DB0-5BD0-4181-98B9-8DFB991EBC3B}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{23F831A9-42F8-45FD-92AA-551373BE6FBA}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{78D785B7-A829-4C11-986D-42D816843BB8}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{122AFDB6-A868-4CB0-9206-6BD9697A8CA6}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D7BE25A6-BEDF-4FED-892C-CFE8764C7FE6}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6FB73323-E87C-4AC5-A827-916DF16E4EC5}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{01E0125A-C0D6-4391-A962-0D55D4094665}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{5A49C61B-206C-43CA-BE60-D56E2232071B}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{D051AD0B-2B66-442F-ABA9-28F38718D8FF}] => C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{40E935CB-39A1-44E0-8F0A-AF0E64DCB640}] => C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [TCP Query User{90632020-A434-45E6-B879-6303AAD2A26A}D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1BFF49AC-1CDD-4212-8F4D-63579680F64C}D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{6526F4D8-C1D3-47C0-ADCB-C9EADE1163F5}] => D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{7FB7B90D-678C-4D9B-B56D-A41513D99C06}] => D:\games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [{44FFC6CB-C40B-4DF3-9A29-3C89DFA84CF7}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5800CD1D-D07D-4240-A4AE-6594B8BCAAA1}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E34AD2FD-4B0A-4445-9DF7-4A3EED270CB9}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC843F8B-82A4-43BA-8279-2FE768A8086F}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{E286FE95-C7DE-4F17-95A1-201F10F082A2}D:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => D:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{FCE2CB01-BAA8-4A99-BB31-3729F7724B79}D:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => D:\games\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [{7AE2EF60-33A5-41E3-A49C-546F12373B74}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B75E1B2-EDDA-4D04-A607-A7C389475AD7}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{39CB3322-A228-4EE7-8481-309B69E471EF}] => D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{46C1C313-6FD4-419D-B6C8-0FCF3CA55F29}] => D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{513AE7D6-459C-4D6F-B6C1-138DF652DAC8}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7808860A-0056-4D4E-B778-0523D15CB02A}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{267BA4D9-BFE9-43CF-ACC4-E9831A77C99C}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30F517C7-CDC4-4B04-9A9A-3DE73D5FE86B}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B140DD35-48E4-49B3-875D-1D2D1FA7E251}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42648966-E2F0-4662-9FEA-ED7F6B1461DD}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F4F7345-4495-48D8-841F-22C04C204EDA}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84FC6CDC-0D45-4FC8-AB0E-41A2430AB76E}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{2D140562-98E5-407D-A960-8FB8B6EA9FEC}C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe
FirewallRules: [UDP Query User{8861930D-EF04-4D5E-B92D-E79EC14A7B82}C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_111\bin\jp2launcher.exe
FirewallRules: [{D20441B3-D40B-4E27-9852-6BC3C1D9092C}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0455B2CB-AA38-48BB-9859-300529DF7460}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1841DB16-E8A7-4103-A285-298C56BDB953}] => D:\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{CF6B9EA3-F103-40E3-87DF-10A14AFD1D59}] => D:\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{1BBBDB94-0874-40F6-8835-BA1A2EC8DFE2}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B3BF2989-9AC8-45E1-9DD8-9BA0574C5D8D}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4AD4DD20-C651-4274-A336-03E4ED34ED8C}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF208D33-EA1A-4235-B5CF-E2830A3B9D34}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7494B771-176A-441E-9444-23C8F1FEA5FC}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B29BAB05-04AF-4867-B78F-B8603DC98E4A}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60B0BD0F-ECF5-497C-AFD6-27AE89048722}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{316AA27B-5069-4950-80F4-2E60A36F7514}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EDBA97B2-76C5-47F2-B3DC-8D3D1CC8B8ED}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{016D0E17-D117-4474-A340-C96208FFB685}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BEE8E20D-1D98-4FF3-A11D-CFB59EA58332}] => D:\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{CB6F3E86-F51B-4C0C-A152-A79C57DF00CE}] => D:\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{0F066A89-E2C1-43C7-858B-130F76DC5AE9}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4A144750-2DE7-4E77-AA68-EB74FEAC6BE9}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7F1FBEE-0F7E-4B9E-9371-0EC234AA4C16}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E980AAB-96E7-42ED-AC6E-C4283744825D}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14D14F46-7D4C-4FB9-8BE9-1ACA11D74E98}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{57F9C76D-4D94-4C85-901C-AF908CBA5983}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{D97A5A76-F293-4C3F-8F84-6EB604A96D71}D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe] => D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe
FirewallRules: [UDP Query User{CD1167B8-1C0A-43E5-B6B5-20CA1DEF45F0}D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe] => D:\games\games library\600505cc-de2f-4b99-9960-c47ee5d23f04\bin64\relay_x64.exe
FirewallRules: [{99E32C27-00F5-4B79-87F5-1DFF25C8EE06}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DAC43359-B9DE-46C7-8B17-473186C5D0B6}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E3E9E6F-911D-402A-868F-85EDD3A418DB}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5178CD00-39EB-4FB3-B6F8-ACBE2817450F}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AD82D8DA-1BCA-4AF9-A10D-0D214A4E03E0}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{04BBF20D-BD62-4C5F-A69E-E7F4A77AFF57}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9AC91978-8BF9-4F44-B30E-5DFC69734EC1}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F764F1DE-7731-408C-816A-4FFCE0EF2EDF}] => D:\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{9F24ADBB-8E7B-4B23-9013-490F937169F4}] => D:\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{5687D3B7-9835-4AB8-85E0-9BFDE8FA9F17}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{482EBC04-F961-4C01-B8B8-25400F4337F1}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{55390FED-2541-47E1-BCBE-D85F67AAD15E}] => D:\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{9CEDE31C-04A0-49BE-A773-7A0AFD272522}] => D:\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{4DBC8E2A-46AD-4A2E-8255-0E57B8EEE499}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0531C449-5A99-436B-86C3-33A3C27E7F2C}] => D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C6D2358-0DA6-4C67-A86E-427BEC98CE57}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3BEC1DBE-BF4A-4EEB-B01A-A4C444280C5A}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3284E705-0A59-4076-9CFD-7395EFBBC3E4}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{12269A98-626C-45C4-9C85-A71124D9347B}] => D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{C2C80795-71BE-4D24-BB88-51D7AAAFF364}] => D:\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{506245B5-0361-4CF4-8FA0-3DD08493B78A}] => D:\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{21917702-EF12-4EF2-9A3C-4FBC7C87A959}] => D:\Steam\steamapps\common\MachineCraft\McnCraft.exe
FirewallRules: [{9364EAC3-C151-4709-A9B5-6BC91DC88DD6}] => D:\Steam\steamapps\common\MachineCraft\McnCraft.exe
FirewallRules: [{7C10D147-AC52-4DF1-81DE-B959822BB743}] => D:\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{41B045BF-3B1D-453F-B909-0F70100E8AF7}] => D:\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{EB289A9B-55CF-42DD-829E-C6DB738F21C3}] => D:\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{4E0F9CFF-0E99-43F3-B08C-F58A7068D122}] => D:\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{E1219FB4-5B16-48EA-B2D7-02C8F936E3F1}] => D:\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{E5BF649C-D840-46D9-9B26-78CD80E12990}] => D:\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe

==================== Restore Points =========================

23-12-2016 18:00:53 Restore Operation
23-12-2016 18:22:25 JRT Pre-Junkware Removal
26-12-2016 10:07:57 Installed DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2016 02:43:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TheMeanGreens-Win64-Shipping.exe, version: 4.12.5.0, time stamp: 0x582762bb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000014b559e2ae0
Faulting process id: 0x2b88
Faulting application start time: 0x01d25fc54cb9068a
Faulting application path: D:\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
Faulting module path: unknown
Report Id: 57f66b8e-922f-42b6-a1ea-e75d5fb7f842
Faulting package full name:
Faulting package-relative application ID:

Error: (12/26/2016 10:09:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\steam\steamapps\common\fsx\unsigned\Kiosk.exe".
Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/26/2016 10:09:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\steam\steamapps\common\fsx\Kiosk.exe".
Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/26/2016 10:07:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/25/2016 07:30:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/23/2016 08:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 15.0.24.143, time stamp: 0x58385be1
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc000000d
Fault offset: 0x000ecc94
Faulting process id: 0x9c0
Faulting application start time: 0x01d25d9b12b246df
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 11b24e1a-52d5-4110-8cf1-a75952a2c362
Faulting package full name:
Faulting package-relative application ID:

Error: (12/23/2016 08:06:19 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (12/23/2016 07:40:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBarPresenceWriter.exe, version: 10.0.14393.0, time stamp: 0x57899bd6
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x2750
Faulting application start time: 0x01d25d972767994f
Faulting application path: C:\Windows\System32\GameBarPresenceWriter.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 970184d8-eb73-4313-a987-c7befa9b7f0b
Faulting package full name:
Faulting package-relative application ID:

Error: (12/23/2016 06:22:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/23/2016 06:19:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 15.0.24.143, time stamp: 0x58385be1
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc000000d
Fault offset: 0x000ecc94
Faulting process id: 0x9ac
Faulting application start time: 0x01d25d8c302784b4
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 860024f7-a0ba-4cfa-afcc-fb2c6b172552
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/27/2016 03:45:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/27/2016 11:11:27 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/27/2016 11:08:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/26/2016 09:11:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/26/2016 09:46:42 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/26/2016 09:43:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2016 10:42:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2016 09:31:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2016 07:39:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (12/25/2016 07:30:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2016-12-25 17:38:30.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 17:38:30.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 17:38:30.849
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 17:38:30.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 17:38:30.600
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 16:44:08.184
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 16:44:08.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 16:44:08.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 16:44:04.543
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-25 16:44:04.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16307.27 MB
Available physical RAM: 12235.12 MB
Total Virtual: 18739.27 MB
Available Virtual: 14183.9 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:221.3 GB) (Free:112.33 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:551.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 0499D57F)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0499D567)

Partition: GPT.

==================== End of Addition.txt ============================

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #20 on: December 28, 2016, 06:23:11 AM »
 
Quote
The computer was running slow, and freezing very frequently.
Which browser was the freezing occurring please?

 Could you copy/paste the contents of C:\Users\Katrina\Desktop\ESET results.txt
 If you have more than one..just the latest please.
Platypuss

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #21 on: December 28, 2016, 12:12:33 PM »
 I'm sorry, I found out my niece tried to use Acer Care Center to get the computer to run faster which is what seemed to cause the freezing. I'm the only one using it now. It was freezing or becoming very slow almost immediately after startup. It also occurred on Firefox.

This is the only file I could find. I tried to look in the folders you directed me to, but I couldn't find an ESET folder. ESET said it removed this file.

C:\Windows\Installer\22d242.msi   a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application   

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #22 on: December 29, 2016, 03:21:34 PM »

 

I am still going through your logs.

  It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

Please download and install Revo Uninstaller Free
Since it is a more powerful tool, please be sure to follow the instructions carefully.
There is a very useful video[url=http://www.revouninstaller.com/revo_uninstaller_video.html]HERE

 I strongly recommend you watch it BEFORE following my instructions.

  • Double click Revo Uninstaller to run it.
       
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall this program, clickYes.
       
  • Be sure the Moderate option is selected then click Next
       
  • The program will run, If prompted again clickYes
       
  • When the built-in uninstaller is finished click on Next.
       
  • Once the program has searched for leftovers....(be patient here ! ) click Next.
       
  • Check /tick the Vuze Only, then click DELETE
       
  • When prompted click on Yes and then on Next.
       
  • Put a check on any folders that are found and select delete
       
  • When prompted select yes then on Next
       
  • Once done click Finish
       
  • Repeat the procedure for Azureus if necessary
If either Vuze or Azureus are not present in Revo please advise in your next post.
>>>>>>>>>>>>>>>>>>>>>>

The McAfee Site Advisor add-on is not very useful.
If you want to see how good it is, look at its ratings for some of the most infamous adware/junkware/tracking/hijacker distribution sites.
Go here: http://www.siteadvisor.com/sites/
Type in each of the following to check its "rating"
MyWebSearch.com
searchqu.com
ask.com
conduit.com
trovi.com
funmoods.com

Notice the "safety" ratings despite the customers observances in the pie charts.
(You may want to Uninstall it, please advise if you have.)
 
 Uninstall program in Windows 10
  • Open the Start menu.
  • Click Settings.
  • Click System on the Settings menu.
  • Select Apps & features from the left pane. ...
  • Select McAfee Site Advisor if you wish to uninstall.
  • Click the Uninstall button that appears.

Platypuss
>>>>>>>>>>>>>>>>>>>>>>>>>>

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #23 on: December 29, 2016, 07:06:24 PM »
Thank you for letting me know about McAfee. I've uninstalled it. Neither Vuze or Azureus are showing up in Revo. I also tried using the search feature at the top to find them on the list and couldn't find them. I have another program installed that I can't uninstall called "Tomighty" can I use the hunter mode to uninstall it? It's a timer program. Thank you again for your help.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #24 on: December 30, 2016, 12:04:10 PM »


 
 
  I suggest that we do a deeper search for Vuze/Azureos & include Tomighty:-

Run A Scan With SystemLook  http://downloads.malwareremoval.com/SystemLook/SystemLook_x64.exe
Please download SystemLook from the download mirror and save it to your Desktop.
Download Mirror #1 (64-bit) http://jpshortstuff.247fixes.com/SystemLook_x64.exe   
   
  • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
       
  • Copy the content of the following codebox into the main textfield (Not the word CODE):-
       
       
Code: [Select]
    :filefind
    *Vuze*
    *Azureus*
    *Tomighty*
    :folderfind
    *Vuze*
    *Azureus*
    *Tomighty*
    :regfind
     Vuze
     Azureus
     Tomighty
   
   
  • Click the Look button to start the scan.
       
  • Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop entitled SystemLook.txt

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  Carry out a Fix in FRST
  • Open notepad. Please copy the contents of the code box below.
  • To do this highlight the contents of the box and right click on it.
  • Then paste it into the open notepad.
  • Save it on the Desktop as fixlist.txt
    Note: It is important that Notepad is used. The fix will not work if Word or some other program is used.


    Code: [Select]
    CloseProcesses:
    CreateRestorePoint:
    C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe   
    ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (No File)
    GroupPolicy: Restriction <======= ATTENTION
    CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    Task: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => C:\Users\Katrina\AppData\Roaming\HAPOHO~1\SYNHEL~1.EXE <==== ATTENTION
    FF Extension: (uBlock Origin) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\uBlock0@raymondhill.net.xpi [2016-12-19]
    CHR HomePage: Default -> hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=875977&p={searchTerms}
    2016-12-27 15:53 - 2016-09-22 09:34 - 05625234 _____ C:\WINDOWS\system32\perfh011.dat
    2016-12-27 15:53 - 2016-09-22 09:34 - 01671300 _____ C:\WINDOWS\system32\perfc011.dat
    2016-12-27 15:53 - 2016-04-02 20:36 - 15503378 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-12-11 00:11 - 2016-12-12 06:08 - 0000102 _____ () C:\Users\Katrina\AppData\Roaming\WB.CFG
    CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    task: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => C:\Users\Katrina\AppData\Roaming\HAPOHO~1\SYNHEL~1.EXE <==== ATTENTION
    EmptyTemp:
    cmd: ipconfig /flushdns
    reboot:
    • NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.(Both on the Desktop is OK)
    • Now run your copy of FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally.
    • The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    • When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.
    I need Fixlist.txt & Fixlog.txt please.

    How is the computer running at present ?
    Platypuss

    >>>>>>>>>>>>>>>>>>>>>>>>>


























Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #25 on: December 30, 2016, 01:15:29 PM »
I tried playing a game to test the computer. It is still getting very warm and dropping the connection. It is also slow sometimes when using the browser. Here are the logs

SystemLook 30.07.11 by jpshortstuff
Log created at 10:33 on 30/12/2016 by Katrina
Administrator - Elevation successful

========== filefind ==========

Searching for "    *Vuze*"
No files found.

Searching for "    *Azureus*"
No files found.

Searching for "    *Tomighty*"
No files found.

Searching for "    :folderfind"
No files found.

Searching for "    *Vuze*"
No files found.

Searching for "    *Azureus*"
No files found.

Searching for "    *Tomighty*"
No files found.

Searching for "    :regfind"
No files found.

Searching for "     Vuze"
No files found.

Searching for "     Azureus"
No files found.

Searching for "     Tomighty"
No files found.

-= EOF =-




Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Katrina (30-12-2016 10:41:53) Run:2
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe   
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => C:\Users\Katrina\AppData\Roaming\HAPOHO~1\SYNHEL~1.EXE <==== ATTENTION
FF Extension: (uBlock Origin) - C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\uBlock0@raymondhill.net.xpi [2016-12-19]
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=875977&p={searchTerms}
2016-12-27 15:53 - 2016-09-22 09:34 - 05625234 _____ C:\WINDOWS\system32\perfh011.dat
2016-12-27 15:53 - 2016-09-22 09:34 - 01671300 _____ C:\WINDOWS\system32\perfc011.dat
2016-12-27 15:53 - 2016-04-02 20:36 - 15503378 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 00:11 - 2016-12-12 06:08 - 0000102 _____ () C:\Users\Katrina\AppData\Roaming\WB.CFG
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Katrina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
task: {1D69CABA-4DFC-4BE4-854F-405C7211EB27} - System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => C:\Users\Katrina\AppData\Roaming\HAPOHO~1\SYNHEL~1.EXE <==== ATTENTION
EmptyTemp:
cmd: ipconfig /flushdns
reboot:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe => moved successfully
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D69CABA-4DFC-4BE4-854F-405C7211EB27}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D69CABA-4DFC-4BE4-854F-405C7211EB27}" => key removed successfully
C:\WINDOWS\System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A27B7C3-0F46-397A-F326-20F828995527}" => key removed successfully
C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Extensions\uBlock0@raymondhill.net.xpi => moved successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\WINDOWS\system32\perfh011.dat => moved successfully
C:\WINDOWS\system32\perfc011.dat => moved successfully
C:\WINDOWS\system32\PerfStringBackup.INI => moved successfully
C:\Users\Katrina\AppData\Roaming\WB.CFG => moved successfully
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found.
HKU\S-1-5-21-3486530618-2175211192-3325098576-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D69CABA-4DFC-4BE4-854F-405C7211EB27} => key not found.
C:\WINDOWS\System32\Tasks\{0A27B7C3-0F46-397A-F326-20F828995527} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A27B7C3-0F46-397A-F326-20F828995527} => key not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1409968 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12894159 B
Java, Flash, Steam htmlcache => 347685978 B
Windows/system/drivers => 1518384 B
Edge => 1766889 B
Chrome => 0 B
Firefox => 379485085 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18472 B
NetworkService => 34944 B
Katrina => 89950709 B

RecycleBin => 9649313 B
EmptyTemp: => 805.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:42:16 ====

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: Avira suspicious files warning, slow internet
« Reply #26 on: December 31, 2016, 11:53:48 AM »


   Thank you for the Logs & report. Final checks for undesirable elements to follow.
 Advice & opinion on hot gaming laptops appended below.


  Download & run RogueKiller

   
  • Download RogueKiller and save it to your desktop
       
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
       
  • For Windows XP simply double click on the item
       
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 3 times
       
  • Click OK on and 64 bits versions (Recommended for Technicians), then click Next 3 times
       
  • Click Install
       
  • Click Finish then Accept
       
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
       
  • Click Start Scan twice
       
  • When completed click Open Report
       
  • Click Export Text and save the file on your Desktop as RK.txt
       
  • Close all open RogueKiller windows
       
  • Copy and paste the contents of the report in your reply
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

   Run AdwCleaner in cleaning mode

Please  run as Admin AdwCleaner   located on your desktop

  • Close your browser and double click the AdwCleaner icon on your desktop.
  • Click on the Scan in the Actions box
  • Please wait for the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
       
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot

    After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply....
   
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\
NOTE: If using Internet Explorer and you get an alert that stops the program downloading,
  • Click on Tools > Smartscreen Filter > Turn off Smartscreen Filter
  • Now click on OK in the box that opens. Then click on the link again.
  • Close your browser and double click the AdwCleaner icon on your desktop.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

   Download & run MiniToolbox


  Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Minidump Files[/color]
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    [color="#008000"] Note:
    When using "Reset FF Proxy Settings" option Firefox should be closed.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

        Laptops running hot.

    Some run hotter under load (Such as gaming) than others.
    Some users believe theirlaptop to be hot, when it is actually normal for the make & load incurred.
    You report that yours is abnormally hot, so:-
    • Check between the cooling fan and the exhaust fins to see if it is blocked by dust.
    • The easiest way to do this is at night or in a dark room.
    • Turn a flashlight on and put it against the intake grill where the fan is, and then look in the exhaust vent.
    • If the light is clearly visible, then there is no dust.
    • If it is diffused or blocked, then there is dust in the way.
    • Also dust buildup on the fan can reduce airflow.
    • If there is no dust & the fan is working:-
    Laptops do get hot when involved in heavy gaming even in moderate climates.
    Minimising its workload by limiting running programs etc will help.
    Some users find that cooling mats such as Cooler Master can moderate temperature successfully.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    I need the RogueKiller, AdwCleaner & MiniToolbox logs please.

    Platypuss
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>





    Offline Kat540

    • Bronze Member
    • Posts: 54
    Re: Avira suspicious files warning, slow internet
    « Reply #27 on: December 31, 2016, 07:41:32 PM »
    I tried looking in the vents with a flashlight. The light is partially obstructed. Which that also reminds me, Acer has a feature added called "Dust Defender" its suppose to reverse the airflow every few hours to prevent dust buildup. The last few times I tried running it, it said it couldn't run when the computer is experiencing a high load. I've tried restarting the computer and running it again with the same problem. I haven't tried running it since posting on this forum. AdwCleaner said it didn't find anything. MiniToolBox created a file called MTB.txt I couldn't find result.txt. Thank you again for all your help.

    RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.14393) 64 bits version
    Started in : Normal mode
    User : Katrina [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 12/31/2016 14:38:27 (Duration : 00:24:59)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 4 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB  -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB  -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18EED226-758E-4552-8263-FFBD4B547CE1} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D2A0D8E0-6D12-41F9-B7C6-21D254082CBF} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUM.HomePage][Firefox:Config] guklx149.default-1466234566196 : user_pref("browser.startup.homepage", "https://habitica.com/#/tasks"); -> Found
    [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com Search] -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: KINGSTON RBU-SNS8100S3256GD +++++
    --- User ---
    [MBR] 459598a81f06d68b9177237d5fa6f1e7
    [BSP] b7f7530a614f6d83c0f57779c109bbee : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2107392 | Size: 226612 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 466208768 | Size: 16557 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10JPVX-22JC3T0 +++++
    --- User ---
    [MBR] 04055154c02fb730d97a1b29484f7041
    [BSP] a6e32471d2321eadd36c1ef8622764ce : Empty|VT.Unknown MBR Code
    Partition table:
    0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
    User = LL1 ... OK
    User = LL2 ... OK


    MiniToolBox by Farbar  Version: 17-06-2016
    Ran by Katrina (administrator) on 31-12-2016 at 15:16:59
    Running from "C:\Users\Katrina\Desktop"
    Microsoft Windows 10 Home  (X64)
    Model: Aspire VN7-791 Manufacturer: Acer
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================


    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    ========================= Hosts content: =================================
    ========================= IP Configuration: ================================

    Broadcom NetLink (TM) Gigabit Ethernet = Ethernet (Disconnected)
    Qualcomm Atheros QCA61x4 Wireless Network Adapter = Wi-Fi (Connected)
    TAP-Windows Adapter V9 = Ethernet 2 (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled
    set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Trina-PC
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.

    Ethernet adapter Ethernet:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
       Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
       Physical Address. . . . . . . . . : 30-65-EC-69-AA-01
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Local Area Connection* 12:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
       Physical Address. . . . . . . . . : 5E-93-A2-9C-B6-C5
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Ethernet 2:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : TAP-Windows Adapter V9
       Physical Address. . . . . . . . . : 00-FF-3B-D9-38-21
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wi-Fi:

       Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
       Description . . . . . . . . . . . : Qualcomm Atheros QCA61x4 Wireless Network Adapter
       Physical Address. . . . . . . . . : 5C-93-A2-9C-B6-C5
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2601:646:203:51f0:2574:e40b:973d:4a58(Preferred)
       Temporary IPv6 Address. . . . . . : 2601:646:203:51f0:bd58:174b:18d6:f8f9(Deprecated)
       Link-local IPv6 Address . . . . . : fe80::2574:e40b:973d:4a58%6(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Friday, December 30, 2016 10:42:59 AM
       Lease Expires . . . . . . . . . . : Saturday, January 7, 2017 1:41:42 PM
       Default Gateway . . . . . . . . . : fe80::200:caff:fe11:2233%6
                                           10.0.0.1
       DHCP Server . . . . . . . . . . . : 10.0.0.1
       DHCPv6 IAID . . . . . . . . . . . : 291279778
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-5C-46-68-30-65-EC-69-AA-01
       DNS Servers . . . . . . . . . . . : 75.75.75.75
                                           75.75.76.76
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.hsd1.ca.comcast.net.:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 3:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1435:89d:9d15:6e32(Preferred)
       Link-local IPv6 Address . . . . . : fe80::1435:89d:9d15:6e32%8(Preferred)
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 134217728
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-5C-46-68-30-65-EC-69-AA-01
       NetBIOS over Tcpip. . . . . . . . : Disabled
    Server:  cdns01.comcast.net
    Address:  75.75.75.75

    Name:    google.com
    Addresses:  2607:f8b0:4005:806::200e
         216.58.194.174


    Pinging google.com [2607:f8b0:4005:804::200e] with 32 bytes of data:
    Reply from 2607:f8b0:4005:804::200e: time=15ms
    Reply from 2607:f8b0:4005:804::200e: time=20ms

    Ping statistics for 2607:f8b0:4005:804::200e:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 15ms, Maximum = 20ms, Average = 17ms
    Server:  cdns01.comcast.net
    Address:  75.75.75.75

    Name:    yahoo.com
    Addresses:  2001:4998:58:c02::a9
         2001:4998:c:a06::2:4008
         2001:4998:44:204::a7
         98.139.183.24
         98.138.253.109
         206.190.36.45


    Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
    Reply from 2001:4998:c:a06::2:4008: time=70ms
    Reply from 2001:4998:c:a06::2:4008: time=52ms

    Ping statistics for 2001:4998:c:a06::2:4008:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 52ms, Maximum = 70ms, Average = 61ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
      4...30 65 ec 69 aa 01 ......Broadcom NetLink (TM) Gigabit Ethernet
      5...5e 93 a2 9c b6 c5 ......Microsoft Wi-Fi Direct Virtual Adapter
      7...00 ff 3b d9 38 21 ......TAP-Windows Adapter V9
      6...5c 93 a2 9c b6 c5 ......Qualcomm Atheros QCA61x4 Wireless Network Adapter
      1...........................Software Loopback Interface 1
     18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
      8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.3     50
             10.0.0.0    255.255.255.0         On-link          10.0.0.3    306
             10.0.0.3  255.255.255.255         On-link          10.0.0.3    306
           10.0.0.255  255.255.255.255         On-link          10.0.0.3    306
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
            224.0.0.0        240.0.0.0         On-link          10.0.0.3    306
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      255.255.255.255  255.255.255.255         On-link          10.0.0.3    306
    ===========================================================================
    Persistent Routes:
      None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
      6    306 ::/0                     fe80::200:caff:fe11:2233
      1    331 ::1/128                  On-link
      8    331 2001::/32                On-link
      8    331 2001:0:9d38:6abd:1435:89d:9d15:6e32/128
                                        On-link
      6    306 2601:646:203:51f0::/64   On-link
      6    306 2601:646:203:51f0:2574:e40b:973d:4a58/128
                                        On-link
      6    306 2601:646:203:51f0:bd58:174b:18d6:f8f9/128
                                        On-link
      6    306 fe80::/64                On-link
      8    331 fe80::/64                On-link
      8    331 fe80::1435:89d:9d15:6e32/128
                                        On-link
      6    306 fe80::2574:e40b:973d:4a58/128
                                        On-link
      1    331 ff00::/8                 On-link
      6    306 ff00::/8                 On-link
      8    331 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
    Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
    Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
    Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
    Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
    x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (12/31/2016 03:09:04 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"1".
    Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (12/31/2016 03:09:03 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"1".
    Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (12/31/2016 03:02:03 PM) (Source: Application Error) (User: )
    Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
    Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
    Exception code: 0xc0000005
    Fault offset: 0x0000000000038edf
    Faulting process id: 0x12e8
    Faulting application start time: 0xwmiprvse.exe0
    Faulting application path: wmiprvse.exe1
    Faulting module path: wmiprvse.exe2
    Report Id: wmiprvse.exe3
    Faulting package full name: wmiprvse.exe4
    Faulting package-relative application ID: wmiprvse.exe5

    Error: (12/31/2016 02:34:34 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"1".
    Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (12/31/2016 02:34:33 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"1".
    Dependent Assembly Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (12/31/2016 01:45:10 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 011 language ID. The first DWORD in the Data section contains the Win32 error code.

    Error: (12/30/2016 07:14:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 011 language ID. The first DWORD in the Data section contains the Win32 error code.

    Error: (12/30/2016 06:52:01 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 011 language ID. The first DWORD in the Data section contains the Win32 error code.

    Error: (12/30/2016 05:32:47 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 011 language ID. The first DWORD in the Data section contains the Win32 error code.

    Error: (12/30/2016 04:13:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 011 language ID. The first DWORD in the Data section contains the Win32 error code.


    System errors:
    =============
    Error: (12/31/2016 01:45:15 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (12/31/2016 01:42:15 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (12/30/2016 11:37:01 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

    Error: (12/30/2016 06:25:39 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (12/30/2016 04:34:43 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (12/30/2016 04:05:44 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (12/30/2016 01:49:25 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (12/30/2016 12:58:55 PM) (Source: DCOM) (User: TRINA-PC)
    Description: "C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe" -ServerName:App.AppXq8avk61zazpy808ab5ppkf6taqp47km6.mca2AppUnavailableUnavailable

    Error: (12/30/2016 12:56:49 PM) (Source: DCOM) (User: TRINA-PC)
    Description: "C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe" -ServerName:App.AppXq8avk61zazpy808ab5ppkf6taqp47km6.mca2AppUnavailableUnavailable

    Error: (12/30/2016 10:46:24 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}


    Microsoft Office Sessions:
    =========================
    Error: (12/31/2016 03:09:04 PM) (Source: SideBySide)(User: )
    Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"d:\steam\steamapps\common\fsx\unsigned\Kiosk.exe

    Error: (12/31/2016 03:09:03 PM) (Source: SideBySide)(User: )
    Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"d:\steam\steamapps\common\fsx\Kiosk.exe

    Error: (12/31/2016 03:02:03 PM) (Source: Application Error)(User: )
    Description: wmiprvse.exe10.0.14393.057899ab2ntdll.dll10.0.14393.4795825887fc00000050000000000038edf12e801d262cc8be124deC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\SYSTEM32\ntdll.dllc3af0c95-9d2c-41e1-819b-fc29c34c8a11

    Error: (12/31/2016 02:34:34 PM) (Source: SideBySide)(User: )
    Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"d:\steam\steamapps\common\fsx\unsigned\Kiosk.exe

    Error: (12/31/2016 02:34:33 PM) (Source: SideBySide)(User: )
    Description: Microsoft.FlightSimulator.SimConnect,processorArchitecture="x86",publicKeyToken="1ed9da73c880e429",type="win32",version="10.0.62615.0"d:\steam\steamapps\common\fsx\Kiosk.exe

    Error: (12/31/2016 01:45:10 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: 01180200000007010000

    Error: (12/30/2016 07:14:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: 01180200000007010000

    Error: (12/30/2016 06:52:01 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: 01180200000007010000

    Error: (12/30/2016 05:32:47 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: 01180200000007010000

    Error: (12/30/2016 04:13:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
    Description: 01180200000007010000


    CodeIntegrity Errors:
    ===================================
      Date: 2016-12-31 15:12:15.983
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:12:15.981
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:12:15.976
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:12:15.785
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:12:15.781
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:12:00.292
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:12:00.291
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:12:00.289
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:11:59.906
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-12-31 15:11:59.896
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    =========================== Installed Programs ============================

     (HKLM\...\UDK-89b63289-98cf-45a3-a701-40f5fc4835de) (Version:  - RuneStorm
    7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
    abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
    abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    Aloha TriPeaks (HKLM-x32\...\WTA-51d654ce-86b5-4e36-8c52-c20c1d6ea8cb) (Version: 2.2.0.98 - WildTangent) Hidden
    Anki (HKLM-x32\...\Anki) (Version:  - )
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
    Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
    Avira Connect (HKLM-x32\...\{827F31DC-A307-4A62-B640-840D1A5D2698}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
    Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.1.20599 - Avira Operations GmbH & Co. KG)
    Bejeweled 2 Deluxe (HKLM-x32\...\WTA-48e4bb3d-b877-4e79-9786-85a9bb1f73ba) (Version: 2.2.0.95 - WildTangent) Hidden
    Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
    Breakaway (HKLM-x32\...\600505cc-de2f-4b99-9960-c47ee5d23f04) (Version:  - AOFH7)
    Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
    Broforce (HKLM\...\Steam App 274190) (Version:  - Free Lives)
    Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
    Brother Product Research and Support Program (HKLM-x32\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.2.0001 - Brother Industries, Ltd.)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.02 - CyberLink Corp.)
    Democracy 3 (HKLM\...\Steam App 245470) (Version:  - Positech Games)
    Discord (HKCU\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
    Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
    Everlasting Summer (HKLM\...\Steam App 331470) (Version:  - Soviet Games)
    f.lux (HKCU\...\Flux) (Version:  - )
    Farm to Fork Collector's Edition (HKLM-x32\...\WTA-dda23f36-97e5-49a7-878d-db5a6b48ea12) (Version: 3.0.2.59 - WildTangent) Hidden
    Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
    Free to Play (HKLM\...\Steam App 245550) (Version:  - Valve)
    Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
    Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
    Ghost in the Shell: Stand Alone Complex - First Assault Online (HKLM\...\Steam App 369200) (Version:  - Neople)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
    Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
    Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-04bb3ef1-5173-4db0-a304-90c03fa94838) (Version: 3.0.2.59 - WildTangent) Hidden
    Hero Siege (HKLM\...\Steam App 269210) (Version:  - Elias Viglione)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
    HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
    Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
    Jewel Match 3 (HKLM-x32\...\WTA-32777a5f-c848-4140-8531-9946e9257ebd) (Version: 3.0.2.59 - WildTangent) Hidden
    King Oddball (HKLM-x32\...\WTA-8b9fdf05-b225-42af-a476-00d448761502) (Version: 3.0.2.48 - WildTangent) Hidden
    League of Legends (HKLM-x32\...\{5B345EEE-351C-4BA7-B16B-559E6A2CD78D}) (Version: 3.0.1 - Riot Games) Hidden
    League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
    LibreOffice 5.1.1.3 (HKLM-x32\...\{2F9F0129-3D3D-4F77-8580-C910DD649645}) (Version: 5.1.1.3 - The Document Foundation)
    LUXOR Evolved (HKLM-x32\...\WTA-96158996-3daf-46ce-9592-3a8c5c122cb1) (Version: 2.2.0.98 - WildTangent) Hidden
    MachineCraft (HKLM\...\Steam App 397100) (Version:  - G2CREW)
    Magic Academy (HKLM-x32\...\WTA-f122fe7c-dabc-4cb5-a3ba-80c41272456d) (Version: 2.2.0.98 - WildTangent) Hidden
    MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Moonbase Alpha (HKLM\...\Steam App 39000) (Version:  - Virtual Heroes)
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
    Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
    NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
    NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
    NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
    Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
    Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
    Path of Exile (HKLM-x32\...\{8c29d45d-09c6-49f9-b6c2-ad777473baee}) (Version: 2.2.2.55121 - Grinding Gear Games)
    Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.2.2.55121 - Grinding Gear Games) Hidden
    PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
    Peggle Nights (HKLM-x32\...\WTA-9915c7cc-bd28-495f-8e9f-ccfd300bbc98) (Version: 2.2.0.98 - WildTangent) Hidden
    Phantom Breaker: Battle Grounds (HKLM\...\Steam App 329490) (Version:  - MAGES.)
    Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-99970807-eada-40ea-9f73-c0ed9efb07aa) (Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler 1st Frame (HKLM-x32\...\WTA-c9a6f2ba-ec40-424d-85e8-30c6cc441be1) (Version: 3.0.2.59 - WildTangent) Hidden
    Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.619A - Qualcomm Atheros)
    Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
    Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
    ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    ROBLOX Player for Katrina (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    RoboForm 7-9-26-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-26-6 - Siber Systems)
    RogueKiller version 12.9.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.0.0 - Adlice Software)
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0350 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
    Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
    Skyperious 3.5 (HKLM-x32\...\Skyperious) (Version: 3.5 - Erki Suurjaak)
    Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    TERA (HKLM\...\Steam App 323370) (Version:  - Bluehole Inc.)
    The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-7d461a66-f4ab-4f7a-930f-006a9ff0ba4b) (Version: 3.0.2.51 - WildTangent) Hidden
    Trinklit Supreme (HKLM-x32\...\WTA-bc2ac535-f710-43b9-a4d2-89c0150001c6) (Version: 2.2.0.98 - WildTangent) Hidden
    Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
    Viscera Cleanup Detail (HKLM\...\Steam App 246900) (Version:  - RuneStorm)
    Viscera Cleanup Detail: alpha v0.25
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) Hidden
    WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}) (Version: 21.0.12288 - WinZip Computing, S.L. )
    Word Search Creator 1.0 (HKLM-x32\...\Word Search Creator) (Version:  - )
    Zuma's Revenge (HKLM-x32\...\WTA-e26d557b-b5d2-49b7-a349-b057a47f1dad) (Version: 2.2.0.97 - WildTangent) Hidden

    ========================= Devices: ================================

    ========================= Minidump Files ==================================

    C:\WINDOWS\Minidump\100216-8328-01.dmp

    **** End of log ****

    Offline Foxfire

    • Malware Removal Staff
    • Bronze Member
    • Posts: 443
    Re: Avira suspicious files warning, slow internet
    « Reply #28 on: January 01, 2017, 10:33:59 AM »


     

      Please run your copy of AdwCleaner again, this time in the Clean/Delete mode:-
     

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Everything that was found will be deleted.
    • Follow the prompts to reboot the computer. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

     NEXT

    Download "Delfix by Xplode" and save it to your desktop.https://toolslib.net/downloads/viewdownload/2-delfix/

    Or use the following if first link is down:

    "Delfix link mirror"http://ccm.net/download/download-24087-delfix

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:


        Remove disinfection tools <----- this will remove tools we have used.
        Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       Reset system settings  <----this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. I don't need you to post this.


    Now post back & confirm that the above steps  have been taken please.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    Download & Run Eset Online Scanner

    Please follow these inscructions very carefully

     ESET Online Scanner
    NOTE: ESET Online Scanner can be run from Internet Explorer, Firefox, or Chrome.
       
    • First please disable any antivirus you have active, as shown in This Topic.
         
    • Close all open programs and windows.
    • Open your browser.
    • Go to the ESET Online Scanner site.
          Click on the green Run ESET Online Scanner button.
              If using Firefox or Chrome, you will need to download a small utility.
              Double-click esetsmartinstaller_enu.exe to run it.
         
    • Check the box to agree to the terms of use and click Start.
              If using Internet Explorer, click Install when prompted to install the add-on.
         
    • Check Enable detection of of potentially unwanted applications.
         
    • Click Advanced settings.
    • UNCHECK Remove found threats.
         
    • Ensure the following are checked:

            Scan archives
            Scan for potentially unsafe applications
            Enable Anti-Stealth technology

       
    • Click Start.
         
    • ESET Online Scanner will download its virus signature database then automatically start the scan.

        The scan will take a while. Please be patient and do not use your computer during the scan. Some people find it best to let the scan run overnight.
       
    • When the scan completes press the text: List of found threats
         
    • Press the text: Export to text file then save the file to your desktop as ESET Scan.txt.
         
    • Press the Back button then press the Finish button.
    • Copy and paste the contents of ESETScan.txt in your next reply.
    IMPORTANT: Do not forget to re-enable your antivirus software.
    >>>>>>>>>>>>>>>>>>>>>>

    Next

    Please run your computer (Not in the gaming mode) normally in each of your browsers for an hour or until it drops out of the internet.
    Then advise me which browser(s) actually failed please.

    I need AdwCleaner log, Delfix confirmation & browser details/advice.


    Offline Kat540

    • Bronze Member
    • Posts: 54
    Re: Avira suspicious files warning, slow internet
    « Reply #29 on: January 01, 2017, 07:05:49 PM »
    I tried to run AdwCleaner using Clean/Delete mode, but I couldn't find it. When I open it, it only gives the options scan and logfile with clean grayed out. I'm wondering if you meant to use RogueKiller? Also, I didn't remove the files RogueKiller found because I wanted to check and make sure it was ok too. Thank you for your help.