Solved Computer infected. Don't know how it started but wont stop.

L

LightIceFury

Posts: 6   +0
Hi, I only just recently started getting hit by a load of viruses (VBS Malware-Gen) as of approximately 6 hours ago. I've never had this problem before. I'm a complete novice when it comes to in-depth knowledge about computer software and whatnot so I need a lot of help.
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by LightIceFury (administrator) on MASARO (22-02-2017 22:09:15)
Running from C:\Users\LightIceFury\Desktop
Loaded Profiles: LightIceFury (Available Profiles: LightIceFury)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.0.136.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Dropbox, Inc.) C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Razer, Inc.) C:\Users\LightIceFury\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.15.2140.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-07] (AVAST Software)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-09-11] (Razer Inc.)
HKLM-x32\...\RunOnce: [CleanUp RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzInstallerDeletion.vbs
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [Dropbox Update] => C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [World of Tanks] => "F:\World of Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [World of Warships] => "F:\World of Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Run: [Zoom] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-07] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-07] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2014-11-05]
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-09-13] ()
Startup: C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:67433491dbd /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1cc355f8-87d7-4a42-980d-af4b921ad0a3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-653751863-3756375118-3146897500-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> F:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> F:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> F:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-653751863-3756375118-3146897500-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\LightIceFury\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-11-21] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-653751863-3756375118-3146897500-1001: SkypePlugin -> C:\Users\LightIceFury\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi.dll [2016-01-15] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-653751863-3756375118-3146897500-1001: SkypePlugin64 -> C:\Users\LightIceFury\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi-x64.dll [2016-01-15] (Skype Technologies S.A.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=odc019
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=odc019"
CHR Profile: C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Skype Calling) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-01-19]
CHR Extension: (YouTube) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-21]
CHR Extension: (Google Search) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-30]
CHR Extension: (Gmail) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\LightIceFury\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-07] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-07] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-08-12] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2015-08-12] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-07] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-07] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-14] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-08-22] (AhnLab, Inc.)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [136312 2016-06-27] (Razer, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37416 2015-08-13] (Wellbia.com Co., Ltd.)
S3 X6va062; \??\C:\WINDOWS\SysWoW64\Drivers\X6va062 [X]
S3 X6va063; \??\C:\WINDOWS\SysWoW64\Drivers\X6va063 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 22:09 - 2017-02-22 22:09 - 00024723 _____ C:\Users\LightIceFury\Desktop\FRST.txt
2017-02-22 22:08 - 2017-02-22 22:09 - 00000000 ____D C:\FRST
2017-02-22 22:06 - 2017-02-22 22:07 - 02423296 _____ (Farbar) C:\Users\LightIceFury\Desktop\FRST64.exe
2017-02-20 19:31 - 2017-02-20 19:31 - 00284324 _____ C:\Users\LightIceFury\Downloads\Maritime Offshore Safety Culture Ch 4(2).pptx
2017-02-12 17:55 - 2017-02-14 14:14 - 00000000 ____D C:\Users\LightIceFury\Desktop\ENGR 3410
2017-02-08 23:52 - 2017-02-08 23:52 - 00000000 ___HD C:\OneDriveTemp
2017-02-08 23:50 - 2017-02-08 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 23:49 - 2017-02-08 23:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 23:49 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 23:49 - 2017-01-04 15:24 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-08 23:49 - 2016-12-29 07:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 23:49 - 2016-12-29 06:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 23:49 - 2016-09-09 12:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 23:49 - 2016-09-09 12:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 23:49 - 2016-09-09 12:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 23:49 - 2016-09-09 12:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-07 20:59 - 2017-02-07 20:59 - 00000999 _____ C:\Users\LightIceFury\Desktop\Pokémon Trading Card Game Online.lnk
2017-02-07 20:59 - 2017-02-07 20:59 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2017-02-07 20:59 - 2017-02-07 20:59 - 00000000 ____D C:\Users\LightIceFury\AppData\LocalLow\Unity
2017-02-07 20:59 - 2017-02-07 20:59 - 00000000 ____D C:\Users\LightIceFury\AppData\LocalLow\The Pokémon Company International
2017-02-07 20:52 - 2017-02-07 20:58 - 281178624 _____ C:\Users\LightIceFury\Downloads\PokemonInstaller.msi
2017-02-07 18:20 - 2017-02-07 18:20 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 16:45 - 2017-02-22 21:02 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-07 16:45 - 2017-02-07 16:45 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-07 16:45 - 2017-02-07 16:45 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-07 16:45 - 2017-02-07 16:45 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-07 16:45 - 2017-02-07 16:45 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-07 16:45 - 2017-02-07 16:45 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-06 23:05 - 2017-02-08 00:14 - 00017117 _____ C:\Users\LightIceFury\Downloads\Chapter 3 Homework.xlsx
2017-02-01 07:48 - 2017-02-01 07:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-01 07:48 - 2017-02-01 07:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-31 21:03 - 2017-01-31 21:03 - 00094299 _____ C:\Users\LightIceFury\Downloads\PROB06.pdf
2017-01-31 20:56 - 2017-01-31 20:56 - 38219475 _____ C:\Users\LightIceFury\Downloads\Paper Chemical Process Principlesby Felder Ed3.pdf
2017-01-31 00:28 - 2017-01-31 00:28 - 00089600 _____ C:\Users\LightIceFury\Downloads\Linest-poly.xls
2017-01-30 23:53 - 2017-01-30 23:53 - 00032579 _____ C:\Users\LightIceFury\Downloads\In Class Examples - Chapter 2.xlsx
2017-01-30 23:47 - 2017-02-01 09:44 - 00012312 _____ C:\Users\LightIceFury\Downloads\Homework 2.xlsx
2017-01-30 21:32 - 2017-01-30 21:32 - 00094796 _____ C:\Users\LightIceFury\Downloads\ENGR_3410_Lecture_2_LAB_1.xlsx
2017-01-30 21:31 - 2017-01-30 21:31 - 00012800 _____ C:\Users\LightIceFury\Downloads\ENGR_3410_Lecture_2_LAB_2(1).xlsx
2017-01-24 19:09 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 19:09 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 22:04 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 22:04 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 22:00 - 2016-09-26 16:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 01:46 - 2014-06-30 06:42 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\Packages
2017-02-22 01:45 - 2014-07-05 11:29 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Skype
2017-02-22 01:45 - 2014-07-01 17:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-22 01:33 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-22 01:31 - 2015-08-02 17:38 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-22 00:43 - 2014-08-30 23:24 - 00000000 ____D C:\Program Files (x86)\ClearThink
2017-02-21 22:55 - 2016-04-20 14:32 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\CrashDumps
2017-02-21 21:07 - 2017-01-19 17:37 - 00000000 ____D C:\Users\LightIceFury\Desktop\ENGR 1400
2017-02-21 17:01 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-19 14:31 - 2016-09-26 16:43 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1465018426
2017-02-19 14:31 - 2016-06-03 23:33 - 00001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-16 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-16 18:05 - 2014-07-14 05:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 13:42 - 2016-09-26 16:46 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\Deployment
2017-02-14 04:46 - 2014-07-05 11:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-13 19:53 - 2014-07-05 11:29 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-12 17:42 - 2016-12-19 22:20 - 00000000 ____D C:\Users\LightIceFury\Documents\My Kindle Content
2017-02-12 17:19 - 2016-09-26 16:35 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-09 23:54 - 2014-09-29 10:03 - 00388396 _____ C:\Users\LightIceFury\Downloads\DnD_5E_CharacterSheet - Form Fillable.pdf
2017-02-08 23:57 - 2016-09-26 19:29 - 00468370 _____ C:\WINDOWS\system32\perfh012.dat
2017-02-08 23:57 - 2016-09-26 19:29 - 00132568 _____ C:\WINDOWS\system32\perfc012.dat
2017-02-08 23:57 - 2015-08-08 10:50 - 01853274 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-08 23:52 - 2014-08-26 20:41 - 00000000 __RDO C:\Users\LightIceFury\OneDrive
2017-02-08 23:52 - 2014-07-05 11:40 - 00000000 ___RD C:\Users\LightIceFury\Dropbox
2017-02-08 23:51 - 2016-09-26 16:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-08 23:51 - 2016-09-26 16:36 - 00000000 ____D C:\Users\LightIceFury
2017-02-08 23:51 - 2016-09-26 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 23:51 - 2016-07-16 00:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-08 23:50 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 23:49 - 2016-09-26 16:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 23:49 - 2016-09-26 16:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 23:49 - 2016-09-26 16:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 18:20 - 2014-07-05 11:34 - 00000000 ____D C:\Users\LightIceFury\AppData\Roaming\Dropbox
2017-02-07 16:45 - 2016-06-03 23:32 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148706916159303
2017-02-07 16:45 - 2014-07-05 11:32 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-07 16:45 - 2014-07-05 11:32 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 13:06 - 2014-06-29 16:46 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 17:45 - 2016-01-28 00:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-02 17:45 - 2014-07-05 11:29 - 00000000 ____D C:\ProgramData\Skype
2017-01-31 22:49 - 2016-12-19 22:20 - 00002330 _____ C:\Users\LightIceFury\Desktop\Kindle.lnk
2017-01-31 22:49 - 2016-12-19 22:20 - 00000000 ____D C:\Users\LightIceFury\AppData\Local\Amazon
2017-01-30 23:14 - 2016-03-22 19:50 - 00000000 ____D C:\Users\LightIceFury\Documents\Resumes

==================== Files in the root of some directories =======

2016-09-26 16:35 - 2016-09-26 16:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-07-23 22:20 - 2016-07-23 22:20 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 00:54

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by LightIceFury (22-02-2017 22:09:44)
Running from C:\Users\LightIceFury\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-26 22:44:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-653751863-3756375118-3146897500-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-653751863-3756375118-3146897500-503 - Limited - Disabled)
Guest (S-1-5-21-653751863-3756375118-3146897500-501 - Limited - Disabled)
LightIceFury (S-1-5-21-653751863-3756375118-3146897500-1001 - Administrator - Enabled) => C:\Users\LightIceFury

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Amazon Kindle) (Version: 1.19.2.46095 - Amazon)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{E6EB4571-5ADB-4557-8F95-0E0EF5D0F833}) (Version: 3.30.7824.86 - Sony Computer Entertainment Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Discord (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.0 - Grey Box)
Dropbox (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Expstudio Audio Editor FREE (HKLM\...\Expstudio Audio Editor FREE) (Version: 4.31 - Expstudio.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{6EB4AC9E-01E9-4B8C-96C8-281ECAF3A687}) (Version: 5.0.10.2793 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
La Tale (HKLM\...\Steam App 264360) (Version: - Actoz Soft)
MegaStat (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\{CD9BD2CD-828D-5C44-D13E-28BBAD1D51EC}) (Version: 10.3 Release 3.2 - McGraw-Hill Education)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mumble 1.2.9 (HKLM-x32\...\{49FF1E6E-E0F9-4CB3-8B3C-D4E8E1D32C1F}) (Version: 1.2.9 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.1 - OBS Project)
OF Dragon Rising (HKLM-x32\...\{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}) (Version: 1.00.0000 - Codemasters)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Daybreak Games)
PlanetSide 2 (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
Pokémon Trading Card Game Online (HKLM-x32\...\{ABFA17D4-CEB0-49B2-A096-30CA128A3D1E}) (Version: 2.42.3 - The Pokémon Company International)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.1.31.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Shadowverse (HKLM\...\Steam App 453480) (Version: - Cygames, Inc.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{34E6C3B4-9354-41C2-9484-25B17F48E7E9}) (Version: 7.13.0.71 - Skype Technologies S.A.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.14.201510090937 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version: - Nomad Games Limited)
TeamSpeak 3 Client (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
UE4 Prerequisites (HKLM\...\{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 - Epic Games, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zoom (HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{34BEB704-B055-4D67-9AC1-C852E0E3DFA4}\localserver32 -> C:\Users\LightIceFury\AppData\Local\SkypePlugin\7.13.0.71\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{79DF62FC-32CA-4F29-A0C2-FBD17AB15D63}\InprocServer32 -> C:\Users\LightIceFury\AppData\Local\SkypePlugin\7.13.0.71\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\LightIceFury\AppData\Local\SkypePlugin\7.13.0.71\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{f8261a3d-1fde-43b1-8f72-b1254c07de10}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-653751863-3756375118-3146897500-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E875ED-DE46-4D89-BF5A-2D09BBDB634A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {158F2F81-670B-442C-AF60-6F7341DB89E1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-13] (Microsoft Corporation)
Task: {22069DC0-EA63-4180-A805-9E2374EAA446} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-03] (Microsoft Corporation)
Task: {31A17169-D344-46C9-8E89-81C3706FEB13} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {3FF2DAB7-BFB9-4F38-9E71-EFF862B9AFCD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {4D95D62C-8E3D-4085-8282-F979B30C0FE5} - System32\Tasks\SafeZone scheduled Autoupdate 1465018426 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {559BA52A-C173-421D-894D-50D1A00F7043} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-653751863-3756375118-3146897500-1001Core1d238665eaf25e7 => C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {5A15BCEC-BF87-4E52-AF10-D85FBD75A246} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6343251E-DD19-4DE3-A05C-45AB9229BC9A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {65978C07-E93C-41C3-B754-2AA42252A0B5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6F8E76C1-C145-4DB2-844E-3D0DFD110E9C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\LightIceFury\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {80037BF6-646D-44A3-9A43-251F317A548A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {80616D77-47E1-4D18-825A-98F2D596E17A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {80B22D61-D951-42A3-ABDB-820C103FD660} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {88851047-4BDE-4597-9A1A-353038CEB7FB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {8E11D139-F5E4-4B39-8BB8-C0A280193ACB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9ADA8F9B-545D-42C8-BABD-30A50441591D} - System32\Tasks\{F5BA39B5-3857-4779-877D-D85E113C1EFD} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.0.105&amp;LastError=404
Task: {A056404E-A8D8-4933-B8BF-E733E17AA6D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {ABB373E2-0C3D-44E6-9225-DA263EFD3770} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B249CC3F-1C1D-4A7F-8D19-50D8AEAB413E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {B32700DA-A181-4374-B6EB-44CED46B0CA1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-653751863-3756375118-3146897500-1001UA1d238665eb52cae => C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {B90B5CEE-9B54-436A-9931-3AEED61A6F29} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CDBD3075-CBBF-4B9B-BE08-499875566B10} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-01] (AVAST Software)
Task: {D849BE58-64FD-4DE2-A7C3-72CF7D372C78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E17E5044-263A-4D91-8A08-2BF7A8124942} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EBBB0F6A-2C08-42F2-A305-CEA939C6CF1A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {EF82C446-6DE7-4B18-8AFB-F92F6B85E384} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-07] (AVAST Software)
Task: {F586D7F0-F8DA-4E67-8AC5-5F86242260FD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FDA6DABB-960E-4749-A393-890925FA8587} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-653751863-3756375118-3146897500-1001Core1d238665eaf25e7.job => C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-653751863-3756375118-3146897500-1001UA1d238665eb52cae.job => C:\Users\LightIceFury\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:14 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-26 16:36 - 2016-12-29 06:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-12 23:16 - 2015-08-12 23:16 - 00076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2015-08-12 23:16 - 2015-08-12 23:16 - 00189248 _____ () C:\WINDOWS\SysWoW64\PnkBstrB.exe
2016-07-19 18:10 - 2016-07-19 18:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-04-24 00:07 - 2016-06-14 19:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-08 22:23 - 2016-06-14 19:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-24 00:07 - 2016-06-14 19:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-24 00:07 - 2016-06-14 19:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-24 00:07 - 2016-06-14 19:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-24 00:07 - 2016-06-14 19:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-24 00:07 - 2016-06-14 19:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-08 22:23 - 2016-06-14 19:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-02-07 16:45 - 2017-02-07 16:45 - 00512096 _____ () C:\Program Files\AVAST Software\Avast\x64\gaming_spy.dll
2016-12-13 19:14 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-08 03:43 - 2016-12-25 14:43 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-26 19:32 - 2016-09-26 19:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-13 08:43 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-13 08:43 - 2016-12-21 01:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-07-16 08:34 - 2016-07-16 08:34 - 01315328 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.0.136.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2016-07-16 08:34 - 2016-07-16 08:34 - 00441344 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.0.136.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.Upgrade.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-08-07 21:37 - 2016-08-07 21:37 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2017-02-15 22:10 - 2017-02-15 22:10 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-04-24 00:07 - 2016-06-14 19:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-24 00:07 - 2016-06-14 19:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-01-13 08:43 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-13 08:43 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-13 08:43 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-13 08:43 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-13 08:43 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-13 08:43 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 22:02 - 2017-02-22 22:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 22:02 - 2017-02-22 22:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2015-05-18 20:23 - 2016-06-14 19:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-07 16:45 - 2017-02-07 16:45 - 00445600 _____ () C:\Program Files\AVAST Software\Avast\gaming_spy.dll
2016-08-29 02:09 - 2016-08-29 02:09 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-08 10:55 - 2014-11-25 20:12 - 40622592 _____ () C:\Users\LightIceFury\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2017-02-07 18:20 - 2017-02-06 22:48 - 00801600 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2015-12-12 23:07 - 2017-01-13 17:53 - 00035792 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 23:07 - 2017-01-13 17:53 - 00100296 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 23:07 - 2017-01-13 17:53 - 00018888 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 23:07 - 2017-02-06 22:50 - 00019776 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 23:07 - 2017-01-13 17:53 - 00694224 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00020824 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 23:07 - 2017-01-13 17:54 - 00123856 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 01682768 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00020816 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-02-07 18:20 - 2017-01-13 17:53 - 00145864 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-02-07 18:20 - 2017-01-13 17:54 - 00019408 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-02-07 18:20 - 2017-01-13 17:53 - 00116688 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 23:07 - 2017-01-13 17:56 - 00105928 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 12:17 - 2017-02-06 22:50 - 00022864 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00052544 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00038712 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-02-07 18:20 - 2017-01-13 17:53 - 00392144 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-02-07 18:20 - 2017-01-13 17:56 - 00020936 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 23:07 - 2017-01-13 17:56 - 00024528 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00116176 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 23:07 - 2017-02-06 22:50 - 00381760 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 23:07 - 2017-01-13 17:56 - 00124880 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 12:17 - 2017-02-06 22:50 - 00026456 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 23:07 - 2017-01-13 17:56 - 00024016 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 23:07 - 2017-01-13 17:56 - 00175560 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00030160 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00043472 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00048592 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 23:07 - 2017-01-13 17:56 - 00057808 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00024016 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00246608 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00027488 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 12:17 - 2017-01-13 17:55 - 00241104 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00022336 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00028616 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 01826104 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 23:07 - 2017-01-13 17:54 - 00083912 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\sip.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 01972536 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 03928896 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00531264 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 23:07 - 2017-02-06 22:50 - 00025432 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00133432 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00224064 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00207680 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-23 19:12 - 2017-02-06 22:50 - 00021840 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2016-04-17 13:20 - 2017-02-06 22:50 - 00069968 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 19:12 - 2017-02-06 22:50 - 00022872 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:12 - 2017-02-06 22:50 - 00021848 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:12 - 2017-02-06 22:50 - 00022872 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00350152 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00103232 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2016-02-19 01:33 - 2017-02-06 22:50 - 00023896 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00025936 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-02-07 18:20 - 2017-01-13 17:51 - 00036296 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\librsync.dll
2017-02-07 18:20 - 2017-02-06 22:50 - 00033112 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-02-07 18:20 - 2016-12-22 00:58 - 00293392 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-02-07 18:20 - 2017-02-06 22:50 - 00084288 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-02-07 18:20 - 2017-01-13 18:02 - 00017864 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-02-07 18:20 - 2017-01-13 18:02 - 01631184 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-02-07 18:20 - 2017-02-06 22:50 - 00042816 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00171336 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00357688 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-12 23:07 - 2017-01-13 17:57 - 00060880 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 12:17 - 2017-02-06 22:50 - 00026456 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-07 18:20 - 2017-02-06 22:50 - 00546104 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-02-07 18:20 - 2017-01-13 18:04 - 00697304 _____ () C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-26 16:46 - 2016-06-27 15:57 - 50663704 _____ () C:\Users\LightIceFury\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2017-02-07 16:45 - 2017-02-07 16:45 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-29 22:14 - 2016-06-29 22:14 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-07 16:45 - 2017-02-07 16:45 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-07 16:45 - 2017-02-07 16:45 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-26 16:46 - 2016-06-27 15:58 - 01881880 _____ () C:\Users\LightIceFury\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-09-26 16:46 - 2016-06-27 15:58 - 00082200 _____ () C:\Users\LightIceFury\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-08-08 10:55 - 2014-11-25 20:12 - 00911360 _____ () C:\Users\LightIceFury\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-08-08 10:55 - 2014-11-25 20:12 - 00134144 _____ () C:\Users\LightIceFury\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
2014-06-30 20:40 - 2012-07-18 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-05-08 03:43 - 2016-12-25 13:59 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-02-06 13:06 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 13:06 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\sharepoint.com -> hxxps://uhdowntown.sharepoint.com
IE trusted site: HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-653751863-3756375118-3146897500-1001\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-653751863-3756375118-3146897500-1001\Control Panel\Desktop\\Wallpaper -> c:\users\lighticefury\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{6bf644d6-0363-4f61-adb3-ff5262560ce0}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{9EF3FC40-0016-4894-85BB-8AFF3849B121}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{E959D911-25B7-48F6-9C38-2A51575A58C6}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{63740D5D-E1CA-4642-BD0F-73EBE9C0CE8B}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{5ACC8B8F-AD8C-44D2-B9C8-5654FAEE0838}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{9629C786-DAD8-49DF-9B18-4986536D94D5}C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [TCP Query User{DB9BC4C7-9A8A-40BC-95F4-D7C8AE6BBE0F}C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [UDP Query User{9E56DEF6-DBE9-4CFE-9620-95B660755ECD}C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [TCP Query User{83368F60-FACC-4914-941D-E95261399E93}C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [UDP Query User{A4DAA6A0-B8D8-409A-819B-A8CA675CDFCE}C:\dreadnought\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\dreadnought\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{6187A059-2948-46A7-B630-CCC0ACE7ABDA}C:\dreadnought\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\dreadnought\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{4118128E-A21A-4EFC-9012-9EE365E8D411}C:\new folder\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\new folder\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [TCP Query User{4407492A-3AA0-4D65-A56A-E94FCB202178}C:\new folder\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe] => (Allow) C:\new folder\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgame-win64-shipping.exe
FirewallRules: [UDP Query User{B29124E9-A9B4-49E9-8AF7-0F3271D69F56}C:\new folder\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\new folder\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [TCP Query User{5F646598-D655-4547-A32D-7991B83DB08E}C:\new folder\dreadnought\dreadnoughtlauncher.exe] => (Allow) C:\new folder\dreadnought\dreadnoughtlauncher.exe
FirewallRules: [UDP Query User{6D7623F9-D34E-4FC3-8D2D-90B3CE2CDEF9}C:\users\lighticefury\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe] => (Allow) C:\users\lighticefury\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe
FirewallRules: [TCP Query User{0DA549D8-3611-4E5F-8A14-97F6CFD959F0}C:\users\lighticefury\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe] => (Allow) C:\users\lighticefury\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe
FirewallRules: [UDP Query User{02E74598-2543-4CFF-B509-0FB87885E3D0}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{A288DD57-42F0-4D85-9568-C2228B1C120B}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{601DE6BE-2F6F-4BAC-9CB4-FADB2A8BC905}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0A0084E6-B0B6-46E2-9347-6B406942F074}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{AC71CB8F-1C79-459F-BF27-48AC700A6A94}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{174539A4-3A24-49DB-9361-703CAC61D61E}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D3C708B4-B2E2-411F-B388-89580222222F}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{96D8B300-428D-4FFC-9BF6-2A18AC27C335}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4196584A-6ADB-4E3A-9779-C90AA3A22987}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{C5DE9372-9B50-45BD-8126-B787428CFFC7}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{19215AC3-09BB-40C4-B523-05083058FE42}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8A72872D-1D3C-4D24-9575-17D0BF84A586}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C884049E-6113-426C-811E-C875CE6D3CA5}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{120E4FDB-EE8A-417C-9345-777DFB003DD2}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [UDP Query User{1C89C5A5-B369-4E60-A24B-DF7522513651}F:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) F:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{5F94744B-B601-46DD-A295-7B9B66EE4FE5}F:\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) F:\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{ECE91108-41E4-4D3C-B513-B600FE3D3DAF}] => (Allow) F:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{75F99B2C-CCA5-4A04-BE7C-82EB9297212B}] => (Allow) F:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [UDP Query User{4E4A2DB5-C0F5-4DD9-A192-340EBFE00D90}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{8566874E-DA28-4E2F-9D12-F13071E9E330}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{EFF32983-387D-4D0F-A3DB-648030103D74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{ED1AFE38-0C8D-469F-B79C-FBAC27EE3645}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [UDP Query User{82960D27-A760-47EC-8FC0-FD7A920EB770}C:\cs source mod v5.0\counter strike source 2010\hl2.exe] => (Allow) C:\cs source mod v5.0\counter strike source 2010\hl2.exe
FirewallRules: [TCP Query User{F5303466-78F9-48F4-94FA-AF0D8224B6BD}C:\cs source mod v5.0\counter strike source 2010\hl2.exe] => (Allow) C:\cs source mod v5.0\counter strike source 2010\hl2.exe
FirewallRules: [UDP Query User{601043AD-DECF-41E9-83F6-4BB2BC6D462A}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F4D75E69-0DE2-4DCD-8CF3-571EB9512544}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{F46E91DA-8A1E-4B18-906B-56249DC97170}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [{CF5E66F1-E3B7-4184-B679-9DDB87129360}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [UDP Query User{F1DC5E79-B277-4CA6-BB53-C2C5DC1347CC}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [TCP Query User{DEF959A7-2E81-43BB-B552-84F176C8F2D5}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [{D94ED0B6-9BA4-48BE-B6DC-BD6DDAC92487}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{B412395D-BAF7-49A1-8664-84830D01384F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\NMService.exe
FirewallRules: [UDP Query User{DAE799AB-6C3F-43B1-ADD6-9899F81AF7BB}C:\users\lighticefury\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lighticefury\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{CC6DF42D-0207-4352-A184-01AFB129489F}C:\users\lighticefury\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lighticefury\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0E2D2173-0389-443B-83AB-9EBA639CDF8F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{76A03619-E25E-4D66-A72D-49490D95ABA2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{FF13AB19-18BA-438C-B810-71A5243BE10F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{E8DDB141-B922-4BE3-97B5-E9B2BD1497FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{4BC0833B-ACE8-46E2-8D56-D820816A2CB2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{1A11A8F2-5734-4F35-AA4F-96196CB518BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{0924D6F5-5D83-4A15-B456-252EF81A6872}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{5AD80F44-7519-46A9-9B47-A48314FA257B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [UDP Query User{3F6E3A50-4F62-4AB5-90C7-D07222B984CC}C:\users\lighticefury\documents\diablo iii\diablo iii.exe] => (Allow) C:\users\lighticefury\documents\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{BD97F3A3-D7AE-4EB0-A5CA-0B83631293AA}C:\users\lighticefury\documents\diablo iii\diablo iii.exe] => (Allow) C:\users\lighticefury\documents\diablo iii\diablo iii.exe
FirewallRules: [{A2DF6FBE-FE58-480F-8E82-1087692B1821}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{FFD18EB0-49EA-4665-B0ED-D9BDF6445F0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{2D67DE02-1505-418E-98C2-FBA1DE73F0EC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{115F1481-C1A9-4665-897A-6BD2ED5B99E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [UDP Query User{804272C7-643B-47FD-9BB0-F324265FCEBC}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{B56BC89E-B749-43BC-8161-D49D8EB7088B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{51F19E85-3322-413C-8EA1-6240A4FDDE90}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{D0E8ADD9-1D4B-4384-8C6E-A51DA12F6C1F}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{C81F9856-1747-473D-BE80-A539A1665AF6}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{3314B25E-8F2C-47DA-8BDE-2373F71B3E20}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{8B3EFF81-AA4B-4F34-8875-4E28D459AEFD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{9DAB3C2C-3C11-41F4-80C8-529D48913F19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{D31D34D1-99AB-463D-B087-3C26CCB6DE3B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0B85A5D5-6779-4667-A9D4-3141672A48A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{2453638C-A131-4B22-968A-393422A1B3D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{DA107380-B3D8-477A-AE27-CBE8E2796BD3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [UDP Query User{08763045-E698-447F-A0A5-BE0B4B1BDA8A}C:\planetside 2\planetside2_x64.exe] => (Allow) C:\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{9BCF11F7-9E55-435F-9ADE-B0773591A534}C:\planetside 2\planetside2_x64.exe] => (Allow) C:\planetside 2\planetside2_x64.exe
FirewallRules: [{02FBC0F6-C890-45A7-8235-5206290AC598}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{58C4C058-122F-41E8-B0E5-6A49EDAE1C5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [UDP Query User{28E2A6C3-D4C8-461D-88E9-4F64D268B0AF}C:\planetside 2\planetside2_x64.exe] => (Block) C:\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{27C41784-A782-4691-86E4-4CAD66103F7A}C:\planetside 2\planetside2_x64.exe] => (Block) C:\planetside 2\planetside2_x64.exe
FirewallRules: [{A1647810-2497-4FFA-908B-3402CCCDE7C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{980338F7-D9BE-47E1-A6C0-EA996F9335C6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [UDP Query User{9CBD39DA-451E-4B2E-8F1D-481A7178A9B3}C:\users\lighticefury\documents\diablo iii\diablo iii.exe] => (Allow) C:\users\lighticefury\documents\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{DA30D429-B946-4442-A352-A42659542EDE}C:\users\lighticefury\documents\diablo iii\diablo iii.exe] => (Allow) C:\users\lighticefury\documents\diablo iii\diablo iii.exe
FirewallRules: [{DF9C0826-E9DA-4D71-B3D7-50016F479273}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{CF77E26F-792C-4176-8223-1C64EF796628}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{14F0EA1C-C23E-45AE-B1D8-2990A5A13D5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C7A56C30-10D5-462F-9980-305A21D30C31}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [UDP Query User{508504C8-1267-495E-B0C6-F2066536C92C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8F8813FC-E38D-491D-87D3-1118D149CCF2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{372E39CE-FB2E-4F99-B4FE-D974E17F51E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\vslauncher.exe
FirewallRules: [{4E337094-E89D-4B66-85BC-4653D399FC8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\vslauncher.exe
FirewallRules: [{FFDFF7F2-7ED2-43A0-B17F-00610F1E1DFB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F1F0C2CC-275E-459C-852B-8BDC802D5033}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1791EC2D-4D77-4B4A-AE77-61F0F638B078}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{A10A13BE-1EA2-4ED0-98F4-ACED798BB272}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [UDP Query User{C3E2831B-F6A5-4150-B955-D37BD416AC0C}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [TCP Query User{934C0E0D-206D-4A98-B815-AE4C6E9E254B}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{40D33CEA-8746-4C2A-AAA0-CAEC83188F16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{5F64D529-9531-4B3F-8B3B-DDD65477FD8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{D8F292B0-4F01-4392-9C15-376E2692E361}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{41BF96E8-2A21-4D90-BCEA-9F6A6C9E987E}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{811044FC-373E-4B99-8654-8B036DC12F31}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{6978BF73-7178-4BE2-B0CF-79EDC7A356E8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [UDP Query User{090AA0B6-A5A8-4172-A23E-3BE50D3C3DC1}C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe] => (Allow) C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe
FirewallRules: [TCP Query User{7A64D3C2-0CF6-4FB1-8BA1-FCC6AB8F8B75}C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe] => (Allow) C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe
FirewallRules: [{45EE8999-5571-445D-BDAD-E6E786CF7DBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{6F390950-8DD1-472E-97D9-EE5FB074D9F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [UDP Query User{DE7244F1-38B4-47D3-B62C-BCCF39674FB1}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{6C3FBE1B-C31C-4522-B888-8F765076FCA6}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{8701C711-AC00-41FA-91E0-B56921856758}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{2037B3A7-1CF1-44E1-80C4-E595F221AB05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{31BF56D1-6855-4235-BC79-AE48F450B884}] => (Allow) C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ACF00E56-7CBA-427E-A9C0-5C735EB29A8A}] => (Allow) C:\Users\LightIceFury\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{734176B0-30F9-4A53-8834-EDDCD22AA4C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CF54E9A4-731C-4518-92CC-254D7B8E5480}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D5C848FB-C9CE-4566-AC06-C7ED8309D6BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{CFACCFB0-AA57-42E3-8FCD-CD489064E8AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{7C41FAC7-B2AE-441B-8687-F997510119BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{344D408F-DC07-46FF-8D38-2E5CF688F90B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F352A7F8-5B8E-4ADF-BE67-8F8EDFCBF4CA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2113C85B-AC7B-423E-AA7A-70241FBBED4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{656E1926-544D-409C-88F7-9F55C550BA06}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0D0DCDDA-2DAD-4C4C-8F93-A5A724D52E9A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{64A15148-838C-4B40-9F84-A7F5987A0F0C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{A0163055-57C1-4265-AB30-DAE8A58CAA83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [UDP Query User{5590044A-28D0-4A32-8AC1-E08914E42DEE}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{78151789-5B5E-48C4-884B-8743C3DFB22A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0974FB78-C4F5-4F9B-B641-5917D2CD658D}C:\users\lighticefury\appdata\local\temp\gw2.exe] => (Allow) C:\users\lighticefury\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{187AE7DA-B41C-460A-B0CD-22307DF550BA}C:\users\lighticefury\appdata\local\temp\gw2.exe] => (Allow) C:\users\lighticefury\appdata\local\temp\gw2.exe
FirewallRules: [{C423B3BF-8E5B-4FF0-A16A-17AC187903BD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1723E6A2-12FE-4875-9D53-7818AEF1067F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{83E81075-9483-49C0-9BF7-EF528599D574}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3AE5EAB6-8E37-4835-9620-3B24ECA71C62}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{C596FF6A-0B8B-4762-A000-67A7FE76F8BC}F:\steamlibrary\steamapps\common\ava\binaries\ava.exe] => (Allow) F:\steamlibrary\steamapps\common\ava\binaries\ava.exe
FirewallRules: [UDP Query User{74E0369D-BD2C-4380-B36C-D3E92D269D84}F:\steamlibrary\steamapps\common\ava\binaries\ava.exe] => (Allow) F:\steamlibrary\steamapps\common\ava\binaries\ava.exe
FirewallRules: [{37F43300-D3A2-446C-BD88-8D3EEE1911B3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B314C0F4-0E05-4EBA-862A-5C382F20CCE0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3FE5DEDE-A66D-4EFD-9DF3-2ACF75C7D751}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E89F13DC-5FBC-40D1-A496-B9055A0F01AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{20E182F7-A18E-461E-9CF5-938DDB0157BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2CDD3006-614C-451E-BEDE-A8B3783F40D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{688B52AB-1D4E-43B0-8461-390A341B5782}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{952FE7E7-0A89-4F88-88A3-876353ACA794}C:\users\lighticefury\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\lighticefury\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{4CAE6231-D81A-4721-850A-F3B88C83B4E9}C:\users\lighticefury\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\lighticefury\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{04DD5DB8-C115-48BB-81B3-8A61DAA73129}] => (Allow) F:\Operation Flashpoint\OFDR.exe
FirewallRules: [{AD05F827-828B-4534-B895-010AFDC8E70A}] => (Allow) F:\Operation Flashpoint\OFDR.exe
FirewallRules: [{93DCCD00-4171-4718-9725-9A8F3F649BF8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{D485E023-0E19-44F9-BD09-F356614BBFC6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [TCP Query User{0F209550-E9E2-4326-A3D8-92335D3D060E}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{F6BD38C4-AAE4-46C0-842B-C48B0D210FBF}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [{AE6C86EB-FD31-4107-A413-8100FC1B5E53}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9D2495B0-0B32-4176-BE84-35C2CDB54A03}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{BC41EFE9-9058-4D8B-B263-A5624242BBB3}F:\overwatch\overwatch.exe] => (Allow) F:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{BEE3297B-0195-4987-AB54-92390E23D50A}F:\overwatch\overwatch.exe] => (Allow) F:\overwatch\overwatch.exe
FirewallRules: [{428B09B6-16EB-474E-B288-45CD69A38C7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{A467B146-4508-474E-A7D5-560A7680FA7E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [TCP Query User{E5C086C5-AB76-4B93-B798-EFDDEC511094}F:\world of tanks\wotlauncher.exe] => (Allow) F:\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{2FE4074F-8305-4280-B71C-5F57EC147D50}F:\world of tanks\wotlauncher.exe] => (Allow) F:\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{2AD44647-808F-45EA-A3BB-E84CD48E8ECD}F:\world of warships\wowslauncher.exe] => (Allow) F:\world of warships\wowslauncher.exe
FirewallRules: [UDP Query User{39F76E47-676C-4D73-8E6C-57998CF352D1}F:\world of warships\wowslauncher.exe] => (Allow) F:\world of warships\wowslauncher.exe
FirewallRules: [TCP Query User{0902F45F-55F3-4523-9A4D-35BAB6C73F6E}F:\world of tanks\worldoftanks.exe] => (Allow) F:\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{AB23217A-0029-4725-942D-FB9278EED2D2}F:\world of tanks\worldoftanks.exe] => (Allow) F:\world of tanks\worldoftanks.exe
FirewallRules: [{184C5153-EFC0-4610-97AA-EFD0BD3B0AA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\La Tale\ogpsteam.exe
FirewallRules: [{C89D8C5A-4DA1-4F09-BC03-17D94E3DA4A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\La Tale\ogpsteam.exe
FirewallRules: [TCP Query User{DC02A2D9-EB1E-4054-B4A2-908AFD19A163}F:\world of tanks\worldoftanks.exe] => (Allow) F:\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{557D6248-9FC2-4B3A-A970-E10073054E95}F:\world of tanks\worldoftanks.exe] => (Allow) F:\world of tanks\worldoftanks.exe
FirewallRules: [TCP Query User{11395A72-88EA-4340-BF9A-3894BC1DF873}F:\world of tanks\wotlauncher.exe] => (Allow) F:\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{5F3D58CB-42F5-46E2-BE41-6E885BF16AEE}F:\world of tanks\wotlauncher.exe] => (Allow) F:\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{D7138820-EFC1-4EBB-B59E-4C3CA48C23DC}F:\overwatch\overwatch.exe] => (Block) F:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5DC4D972-688A-44C6-ACC8-AEFAEB4ACEFE}F:\overwatch\overwatch.exe] => (Block) F:\overwatch\overwatch.exe
FirewallRules: [{7D3F2EED-84F3-486F-9A40-53B4478E1D9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{73D142C7-43D4-41F9-A5E5-33257B4C6CC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{84B4B0F3-6CBC-41D5-B638-4DFA720C8542}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{6C066FA7-80C7-4152-8BF1-BE8EEF6F3156}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowverse\Shadowverse.exe
FirewallRules: [{C04ED8BA-821A-4F1A-BA85-E94B245E4D27}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1D48088D-06C1-41AF-BD6C-70CAEEFF3272}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{766B5FCF-0113-4465-9070-D4FD239A1A20}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{03A49CA8-7BC9-4144-8D81-AE84AED433C4}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{CB001274-BCD9-445A-8BAA-3126712F186C}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{896496E5-FDA0-4962-BE79-46D0C9EA1E58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{C93A37FD-E649-438F-8544-B709668F49BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [TCP Query User{CBE55810-DE8A-4505-B5C9-C929C0A2B079}C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [UDP Query User{AF92A76C-9350-4ACA-A45C-95C5C3E8570B}C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe] => (Allow) C:\dreadnought\dreadnought\dreadgame\dreadgame\binaries\win64\dreadgamesrvlocal-win64-shipping.exe
FirewallRules: [{0E93C53A-BEF2-4442-8167-2747AAC2B609}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{50ADCAEE-01BE-488E-994B-8AB574D5D6D2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{73207193-05D3-4FEA-8725-39BD8DAD5BD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A203B2E8-6AB8-4E07-8E40-2BCA6E2BE2E2}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{0E022A44-3800-4611-A7A7-EB632045EF26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Black Ice\Black Ice.exe
FirewallRules: [{B204F506-0F64-462A-A9DE-ADD3177B4A78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Black Ice\Black Ice.exe

==================== Restore Points =========================

05-02-2017 17:34:26 Scheduled Checkpoint
08-02-2017 23:48:33 Windows Update
19-02-2017 14:53:44 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2017 10:55:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x10134
Faulting application start time: 0x01d28cc7e46aff2f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: d8dde356-f0de-472c-88b6-331001902711
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/21/2017 10:55:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x10134
Faulting application start time: 0x01d28cc7e46aff2f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: f99457c5-82c9-476a-b039-9accc51ef8bf
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/19/2017 02:53:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/09/2017 12:52:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/09/2017 12:52:16 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/09/2017 12:52:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/09/2017 12:52:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/09/2017 12:52:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/09/2017 12:52:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/08/2017 11:48:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (02/22/2017 10:02:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (02/22/2017 01:10:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 02:57:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (02/21/2017 01:41:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:54:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (02/20/2017 05:50:59 PM) (Source: DCOM) (EventID: 10016) (User: MASARO)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Masaro\LightIceFury SID (S-1-5-21-653751863-3756375118-3146897500-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:50:59 PM) (Source: DCOM) (EventID: 10016) (User: MASARO)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Masaro\LightIceFury SID (S-1-5-21-653751863-3756375118-3146897500-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:50:53 PM) (Source: DCOM) (EventID: 10016) (User: MASARO)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Masaro\LightIceFury SID (S-1-5-21-653751863-3756375118-3146897500-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:50:53 PM) (Source: DCOM) (EventID: 10016) (User: MASARO)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Masaro\LightIceFury SID (S-1-5-21-653751863-3756375118-3146897500-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 05:50:53 PM) (Source: DCOM) (EventID: 10016) (User: MASARO)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Masaro\LightIceFury SID (S-1-5-21-653751863-3756375118-3146897500-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8073.37 MB
Available physical RAM: 3279.93 MB
Total Virtual: 16729.73 MB
Available Virtual: 8271.96 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:465.22 GB) (Free:222.58 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:931.17 GB) (Free:829.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: EDE02B74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7190D1D2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
To be honest, I don't know the version of Avast I had when the virus notifications began. I also took the liberty of unplugging my computer's ethernet cable while I slept and went to work. I just plugged the net back in and clicked update under "virus definitions" and Avast told me it is up to date and is showing version 170223-0 (released 2/23/2017 8:38:25AM). I've taken the liberty of opening a few web pages (same as the ones from that day and other different ones) to see if I got more virus notifications. To my current delight, I am not getting any.
 
That was probably it.
I don't see anything suspicious in your logs, so if there are no other problems you should be good to go :)
 
You're very welcome
p22002759.gif
 
You must log in or register to reply here.

Similar threads

A
3D DRAM is coming, but we don't know how to build it - yet
Replies
2
Views
375
scavengerspc
scavengerspc
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz
N
What is TPM and why does Windows 11 require it?
3 4 5
Replies
106
Views
18K
Gastec
Gastec

Latest posts

Back