Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Paull (15-04-2017 17:06:57) Running from C:\Users\Paull\Desktop Windows 10 Pro Version 1607 (X64) (2016-10-02 15:02:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3267268650-2798118591-2097688958-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3267268650-2798118591-2097688958-503 - Limited - Disabled) Guest (S-1-5-21-3267268650-2798118591-2097688958-501 - Limited - Disabled) Paull (S-1-5-21-3267268650-2798118591-2097688958-1001 - Administrator - Enabled) => C:\Users\Paull ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) AION Free-to-Play (HKLM\...\Steam App 261430) (Version: - NCSOFT) AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge 4D GmbH) Application Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft) Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software) BEEP (HKLM\...\Steam App 104200) (Version: - Big Fat Alien) Beholder (HKLM\...\Steam App 475550) (Version: - Warm Lamp Games) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.14.0 - Bethesda Softworks) Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine) Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version: - Torn Banner Studios) Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: - ) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.52 - Conexant) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0221 - Disc Soft Ltd) DEFCON (HKLM\...\Steam App 1520) (Version: - Introversion Software) Discord (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) ELITE-M20 Gaming Mouse (HKLM-x32\...\{6B97CCC4-D493-442F-A9E2-EE092DCA25CE}) (Version: 1.0 - SPIRIT OF GAMER) Elsword 1.0 (HKLM-x32\...\Elsword_fr_is1) (Version: 1.0 - Gameforge4d) Empire: Total War (HKLM\...\Steam App 10500) (Version: - The Creative Assembly) Europa Universalis IV (HKLM\...\Steam App 236850) (Version: - Paradox Development Studio) Fraps (HKLM-x32\...\Fraps) (Version: - ) Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden Guild Quest (HKLM\...\Steam App 547680) (Version: - Hyper Hippo Games) Hearthstone Deck Tracker (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\HearthstoneDeckTracker) (Version: 1.1.7 - HearthSim) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.9.108.1 - Intel Security) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kerbal Space Program (HKLM\...\Steam App 220200) (Version: - Squad) League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games) League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.558 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.558 - LogMeIn, Inc.) Hidden Magic Duels (HKLM\...\Steam App 316010) (Version: - Stainless Games Ltd.) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.523.1 - McAfee, Inc.) Men of War: Assault Squad (HKLM\...\Steam App 64000) (Version: - Digitalmindsoft) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 53.0 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0 (x64 en-US)) (Version: 53.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla) Napoleon: Total War (HKLM\...\Steam App 34030) (Version: - The Creative Assembly) NetCut 2.1.4 (HKLM-x32\...\NetCut_is1) (Version: - arcai.com) NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation) NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NvNodejs (Version: 3.5.0.70 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.3 (HKLM-x32\...\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}) (Version: 4.13.9783 - Apache Software Foundation) osu! (HKLM-x32\...\{bdff8c6e-b2a3-417e-95a0-53f538138aab}) (Version: latest - ppy Pty Ltd) PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PianoFacile - Le clavier (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\PianoFacile - Le clavier) (Version: - ) PianoFacile - Les Jeux (Membre) (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\PianoFacile - Les Jeux (Membre)) (Version: - ) Prison Architect (HKLM\...\Steam App 233450) (Version: - Introversion Software) PS4 Remote Play (HKLM-x32\...\{7D35E02C-305D-4CBE-899F-E584CF2AA679}) (Version: 2.0.0.02211 - Sony Interactive Entertainment Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 7.3.26.13113 - Razer Inc.) Reigns (HKLM\...\Steam App 474750) (Version: - Nerial) Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version: - Tripwire Interactive) RUNNING WITH RIFLES Demo (HKLM\...\Steam App 288330) (Version: - Modulaatio Games) SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden SHIELD Streaming (Version: 7.1.0360 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.5.0.70 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Subnautica version b4075 (HKLM-x32\...\{B9508019-457A-4F84-9DA4-2EC2F944ECB3}_is1) (Version: b4075 - Trackerock.Ru) SurfEasy VPN 3.9.542 (HKLM-x32\...\SurfEasy VPN) (Version: 3.9.542 - SurfEasy Inc) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version: - Bethesda Softworks) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) The Guild 2 - Renaissance (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version: - JoWooD Entertainment AG) This Is the Police (HKLM\...\Steam App 443810) (Version: - Weappy Studio) This War of Mine - The Little Ones (HKLM-x32\...\This War of Mine - The Little Ones_is1) (Version: - ) Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version: - Ubisoft) Total War: ROME II - Emperor Edition (HKLM\...\Steam App 214950) (Version: - Creative Assembly) Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly) Uplay (HKLM-x32\...\Uplay) (Version: 21.0 - Ubisoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment) Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes) Wargame: European Escalation (HKLM\...\Steam App 58610) (Version: - Eugen Systems) Web Companion (HKLM-x32\...\{88525a23-39ab-458c-b8b0-47fbd9f9d21a}) (Version: 2.3.1479.2868 - Lavasoft) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS) Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) World of Warships (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) World of Warships (HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {005CB034-4AA0-4805-BC6F-7E5F2FE06AEB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-28] (NVIDIA Corporation) Task: {11261907-3191-4C7E-AB3E-FDEA3A336EE2} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 => C:\Windows\system32\UNP\UNPCampaignManager.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION Task: {1436D33C-9667-4B1D-9D89-F8D37A4B1358} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-01] (Google Inc.) Task: {148D26C1-DD91-478A-8B02-132D10D2EF3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-01] (Google Inc.) Task: {18C64546-E5FB-4DFF-AEB7-F2EAE7192887} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock => C:\WINDOWS\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION Task: {2009DA9B-3798-4157-BB58-BC566F6D99DA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-28] (NVIDIA Corporation) Task: {42742E19-1052-4177-813D-4C8AF119EB70} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-28] (NVIDIA Corporation) Task: {5CE1C152-BF67-4DDE-AA5D-450735373C96} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle => C:\WINDOWS\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION Task: {5D284F78-D9E5-48C0-AB72-227BC009EAA8} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon => C:\WINDOWS\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION Task: {5E39988C-D58F-4BEA-AF23-E8D750AFD7E4} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time => C:\WINDOWS\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION Task: {61988E20-C55F-4A31-BF97-C4901324E4AD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-28] (NVIDIA Corporation) Task: {63CBE6FC-4CC7-4C27-AF66-3FABFD64D6F8} - System32\Tasks\{777B61E9-9131-40E2-BA5C-B823E563C90D} => C:\Users\Paull\AppData\Roaming\{BDC58~1\updater.exe [2016-08-13] () <==== ATTENTION Task: {6AECE041-F8CC-494C-9BA4-815894170C49} - System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager => C:\WINDOWS\System32\UNP\UNPCampaignManager.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION Task: {736A51F4-70BF-4D3A-9CC6-7E26CB9312F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated) Task: {7BE67CEA-E50A-42B0-B03D-EBE8BCF40053} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-28] (NVIDIA Corporation) Task: {AC385814-5E5B-443F-A814-89C6E7F75776} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-05] (AVAST Software) Task: {AF7D67EC-1AB8-4CF8-978D-2C58E4D2C1CE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek) Task: {B62214AE-B782-4DFA-B858-7FE87EF7F1EE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-28] (NVIDIA Corporation) Task: {C61DD6DF-15B2-4F90-B3AF-8EF8C33317B8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-28] (NVIDIA Corporation) Task: {DA40D310-8395-4AE9-BD2D-1C1A7C0FFF9B} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle => C:\WINDOWS\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION Task: {DBCE3573-92B1-4E18-97D6-A022799F8224} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Paull\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {E5D6B0CC-9666-452B-855E-29D27285320A} - System32\Tasks\SafeZone scheduled Autoupdate 1467319998 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software) Task: {F6E1E33C-C469-4AF0-A895-0A91B740468D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK Task: {FB3C6BB9-C23C-46D4-9B37-CCAC310E11FF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\{777B61E9-9131-40E2-BA5C-B823E563C90D}.job => C:\Users\Paull\AppData\Roaming\{BDC58~1\updater.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-04-13 01:41 - 2017-03-28 08:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-10-02 16:27 - 2016-08-01 14:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-04-13 19:48 - 2017-03-28 05:33 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-04-14 19:28 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-18 16:12 - 2017-04-13 18:20 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2016-06-01 00:31 - 2016-06-01 00:31 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2017-04-05 16:48 - 2017-04-05 16:48 - 00522512 _____ () C:\Program Files\AVAST Software\Avast\x64\gaming_spy.dll 2017-04-13 01:41 - 2017-03-28 08:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2015-08-15 02:28 - 2016-11-30 22:57 - 00401888 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-10-03 02:10 - 2016-10-03 02:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-26 19:07 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-04-13 13:00 - 2017-04-13 13:00 - 03288704 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\LeagueClient.exe 2017-04-10 10:24 - 2017-04-14 09:51 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-04-10 10:24 - 2017-04-14 09:51 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-04-10 10:24 - 2017-04-14 09:51 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-04-10 10:24 - 2017-04-14 09:51 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll 2017-03-26 19:01 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-26 19:01 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-26 19:01 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-04-13 01:40 - 2017-03-28 07:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-04-13 01:40 - 2017-03-28 07:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-04-13 01:41 - 2017-03-28 07:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-04-13 13:00 - 2017-04-13 13:00 - 01723008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\LeagueClientUx.exe 2017-04-13 13:00 - 2017-04-13 13:00 - 01723008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\LeagueClientUxRender.exe 2017-04-13 19:48 - 2017-03-28 05:33 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-04-05 16:48 - 2017-04-05 16:48 - 00454424 _____ () C:\Program Files\AVAST Software\Avast\gaming_spy.dll 2017-04-05 16:49 - 2017-04-05 16:49 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-30 21:54 - 2016-06-30 21:54 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-04-05 16:50 - 2017-04-05 16:50 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-04-05 16:48 - 2017-04-05 16:48 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-04-05 16:50 - 2017-04-05 16:50 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-04-08 17:46 - 2016-11-01 15:20 - 00057344 _____ () C:\Program Files (x86)\SPIRIT OF GAMER\ELITE-M20\lan.dll 2017-04-08 17:46 - 2014-04-16 09:19 - 00049152 _____ () C:\Program Files (x86)\SPIRIT OF GAMER\ELITE-M20\hiddriver.dll 2017-04-13 13:02 - 2017-04-13 13:02 - 00108672 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\zlib.dll 2017-04-13 13:02 - 2017-04-13 13:02 - 00128640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\yaml.dll 2017-04-13 13:00 - 2017-04-13 13:00 - 00099456 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\libnghttp2.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 01438848 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00653816 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 01043448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00513016 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00677504 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00571384 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00494072 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll 2017-04-13 12:59 - 2017-04-06 11:05 - 00691840 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll 2017-04-13 12:59 - 2017-04-06 11:05 - 00797312 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00530560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00622584 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00571008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00566912 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00552440 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00537592 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00538104 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00491512 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 01041536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00488952 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll 2017-04-13 13:01 - 2017-04-13 13:01 - 00916608 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00585208 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 01121408 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll 2017-04-13 13:01 - 2017-04-13 13:01 - 00779904 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll 2017-04-13 12:59 - 2017-04-06 11:05 - 00584320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00509944 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll 2017-04-13 12:59 - 2017-04-06 11:05 - 02452608 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll 2017-04-13 13:00 - 2017-04-13 13:00 - 00180352 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\libexpat.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00489464 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00511992 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00862200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00465400 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-kickout\rcp-be-lol-kickout.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00481272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00706688 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00473080 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00483832 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00527864 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll 2017-04-13 12:59 - 2017-04-06 11:05 - 00728704 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00516600 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00542200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-kudos\rcp-be-lol-kudos.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00588792 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00800760 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00588280 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00617088 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00598520 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00521208 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00550392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00654464 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00700408 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll 2017-04-13 12:59 - 2017-04-06 11:05 - 00776320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00517112 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00574968 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00719488 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00633336 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00499192 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00477176 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00553088 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00538104 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll 2017-04-13 12:59 - 2017-04-06 11:06 - 00459392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-user-experience\rcp-be-lol-user-experience.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00539640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-simple-dialog-messages\rcp-be-lol-simple-dialog-messages.dll 2017-04-13 12:59 - 2017-04-06 11:05 - 00559232 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-lol-highlights\rcp-be-lol-highlights.dll 2017-04-13 12:59 - 2017-03-22 21:20 - 00482808 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll 2017-04-13 19:49 - 2017-03-21 06:27 - 02442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2017-04-13 19:49 - 2017-03-21 06:27 - 00363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2017-04-13 19:49 - 2017-03-21 06:27 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2017-04-13 19:49 - 2017-03-21 06:27 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2017-04-13 19:49 - 2017-03-21 06:27 - 00469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2017-04-13 19:49 - 2017-03-21 06:27 - 00571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2017-01-11 23:59 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Paull\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-12 14:24 - 2017-01-12 14:24 - 01082880 _____ () \\?\C:\Users\Paull\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-12 14:24 - 2017-01-12 14:24 - 03750400 _____ () \\?\C:\Users\Paull\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-12 14:24 - 2017-01-12 14:24 - 00914432 _____ () \\?\C:\Users\Paull\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-12 14:24 - 2017-01-12 14:24 - 01127424 _____ () \\?\C:\Users\Paull\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2017-01-11 23:59 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\Paull\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-11 23:59 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\Paull\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-04-15 16:06 - 2017-04-15 16:06 - 00148992 _____ () \\?\C:\Users\Paull\AppData\Local\Temp\9681.tmp.node 2017-01-12 14:24 - 2017-01-12 14:24 - 02658304 _____ () \\?\C:\Users\Paull\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-01-12 14:26 - 2017-03-22 20:26 - 02665976 _____ () \\?\C:\Users\Paull\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node 2017-04-13 13:00 - 2017-04-13 13:02 - 55775872 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\libcef.dll 2017-04-13 13:00 - 2017-04-13 13:00 - 01801344 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\libglesv2.dll 2017-04-13 13:00 - 2017-04-13 13:00 - 00022144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.63\deploy\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 09:24 - 2017-04-14 14:12 - 00000867 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paull\AppData\Local\osu!\Songs\547494 Araragi Tsukihi(Iguchi Yuka) - Platinum Disco\bg.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: esifsvc => 2 MSCONFIG\Services: RzKLService => 2 HKLM\...\StartupApproved\Run32: => "Arc" HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\StartupApproved\Run: => "World of Warships" HKU\S-1-5-21-3267268650-2798118591-2097688958-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8A2043C3-175A-4CFC-9DE4-F572A81B76DB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{74002D69-1CC0-49B4-9C8B-1D4652F17AF4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{002205F2-6AE1-4A9D-A554-9258F3783E10}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{E89B6D49-9009-483E-8556-CDE5534BA810}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{80A29C76-B461-4460-94F8-8CDF262EC586}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{B5BFF077-6D20-459E-9C1F-40662EBC0BB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [TCP Query User{0BE014A8-6552-4F62-B2AE-D21212E33A11}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe FirewallRules: [UDP Query User{CB543BC3-E5CA-4115-BFB2-66244EB209CF}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe FirewallRules: [TCP Query User{2157DD7C-7221-4B77-AC4E-E9B47EF1CE93}D:\program files (x86)\skype\phone\skype.exe] => (Block) D:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{B2F58CB5-D97A-4F6E-A06F-52B7070E4015}D:\program files (x86)\skype\phone\skype.exe] => (Block) D:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{718877BF-8A03-4AC0-92E1-A9C8DB24934F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{9BF75C23-45E1-487B-A83E-ADF9815EFF73}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{BE0F1FCF-A0B0-47D2-924A-C7E1D28854B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E0C26E3B-3D3D-49B8-9ADA-6B1136BFAC0A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{575FE369-1BA9-4F33-AD1A-BF0502D55D63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe FirewallRules: [{5D0A6A93-5920-41CE-B5E4-8516C38B27BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe FirewallRules: [TCP Query User{D18938E9-3EEC-4054-9FF9-26C110D48BF4}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe FirewallRules: [UDP Query User{C691FC05-FCBF-4598-8F49-B37A7CE4913E}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe FirewallRules: [{018FC0EF-185C-45B2-9CED-8186D8259C22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe FirewallRules: [{5B489083-1F6D-48CB-BABA-8536C7FC934F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe FirewallRules: [{341DBA98-2E54-48EB-A968-1AF85479DFA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{FA03C768-70BA-4626-B375-07BB3B16693F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{3600BF8E-B324-4B9B-9E68-2407A0B1BDE3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe FirewallRules: [{CA9064E4-DAED-4698-91D7-F18035F1E811}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe FirewallRules: [{13505B55-C4EB-4819-91FF-5CC7C0D17192}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe FirewallRules: [{46806622-2172-49F0-B538-E74DDF429307}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe FirewallRules: [{922E4880-C741-4DAD-8DB2-B76ACDE342F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{B0DD5E91-A10D-46EA-BF7F-E108C80E49F0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{B5BAFC65-2392-4D9C-B81D-EEE63254A312}] => (Allow) C:\Users\Paull\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{72CCA31B-AF4A-4C84-8401-F9DD43031285}] => (Allow) C:\Users\Paull\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2E2FB596-56CE-4771-900A-CCB34083D8AF}] => (Allow) C:\Users\Paull\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{96E75FF0-C21A-4BBB-B034-ED46965E8C6B}] => (Allow) C:\Users\Paull\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{44ED997A-C73C-4108-BE0B-8F901DA45D55}] => (Allow) C:\Users\Paull\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D62D5E25-F28A-4085-8DD6-EEC580A5AC51}] => (Allow) C:\Users\Paull\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B04616A0-72AC-408C-AEAE-3E4F851C3C55}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe FirewallRules: [{F531CA68-0542-4BC9-92C5-170787D7A365}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe FirewallRules: [{1F735287-7E25-44A2-B36B-0C3D392C20D2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe FirewallRules: [{0091D5F5-EC93-46D0-AC16-18AD3CF77DC3}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe FirewallRules: [{A7C40788-69CA-4B20-B8FE-DCE0BAF5845B}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe FirewallRules: [{6B45CE89-5060-4455-B7EB-212585F8AD80}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe FirewallRules: [{5F330ADC-8E2F-4698-95DB-582208EAAC7A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe FirewallRules: [{1514230F-4D24-498C-8251-3941A94234B9}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe FirewallRules: [{B316AA66-91E6-4140-B337-818FA5069426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{CBCAC4C4-9D22-431A-8995-1A923CE3D8C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{B6F9C483-93D0-4BB6-A1DD-DA14B7394105}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{BD53479B-4158-4105-B8B3-4E7FC71D6946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{0DF42BEE-3812-4AED-8E7A-E0C520825C53}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe FirewallRules: [{C4DDB84A-7807-4672-A768-EDB24A37D9A0}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\FRA_fra\Elsword\data\x2.exe FirewallRules: [{05DDB3CF-0DC3-410E-A644-0607026CFA15}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\FRA_fra\Elsword\data\x2.exe FirewallRules: [{1832092C-AFE5-4DC5-B8C7-0CA08A884EF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{337EE860-4641-4F94-914C-51E6A1E1F90F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{609F90DA-9BB6-415E-AF6A-0FA92DB26BCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe FirewallRules: [{2E2D53A9-8C14-436C-9C9B-C17476FBF3DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe FirewallRules: [{61B31E93-A98B-41B3-B591-DDDC070A7514}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe FirewallRules: [{1004F662-3812-4678-94B1-B8E07804B8D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe FirewallRules: [TCP Query User{D1B95F78-F170-4C07-B236-094CF38C2999}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{D6636FD3-97A4-4AF7-967B-D13541F3BBEB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{CE3CF934-0BC1-4E1D-B027-A61AC341B2CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{2DF884BC-26B0-4685-B0DB-A6E22C426C98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{FEE4B7AD-A0DF-43B2-9A44-F76DCE3BF6BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{EDB62749-D9C3-4791-A05A-304C2A180014}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{C70F123D-FED3-4545-AE8F-E293963C9398}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DE28FBA1-2A31-4147-923D-DD0B60E20B26}] => (Allow) LPort=2869 FirewallRules: [{59DF9D76-0A7D-4150-B25C-EB5DC8775474}] => (Allow) LPort=1900 FirewallRules: [{E7E02509-5BA9-4519-B267-81B6D03BD048}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{02D2A6A3-0595-4697-A2D4-6F063A614A81}] => (Allow) LPort=1688 FirewallRules: [{A8B7B9FA-B37E-4E66-BDD1-70A6B02B1283}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{DB72AF1E-9010-42B4-B826-20F6D601C63B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{98A95170-D455-4715-B626-2F15AF8409B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{FFC2F231-D4D3-4184-9789-E5E4BA832A17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{4265D0F3-990A-4E21-A4C7-2981BA25895A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{2FEFC538-738E-4D9E-AB3D-09D91E526DF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{68D35242-58AB-4AA7-AEAF-AE9D39AC68C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{C213DC6F-C4D8-4DB6-BD43-660401A481C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{AA12226A-2B48-474E-8516-1E0FA778B659}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{780E8112-CBD0-4664-A9F4-7313EA4BCA9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{ADA26F7A-DFD5-43C4-9D17-C37AC0053C4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{6C93FD5B-1D41-49D0-8CE1-D8F5801ACA88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{53D6F58E-47C4-49FE-981C-DF29F60DEB70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B5D181C3-21C4-4852-82B0-09BC04E88BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5E523F33-684A-4028-9805-E5F50C75E8B8}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe FirewallRules: [TCP Query User{8F868007-7054-4B54-8561-8CB98EDE1178}C:\users\paull\downloads\rimworld.alpha.14 by whicraft creation\rimworldwin.exe] => (Allow) C:\users\paull\downloads\rimworld.alpha.14 by whicraft creation\rimworldwin.exe FirewallRules: [UDP Query User{64ABA7EF-58A4-4AC1-82DF-BD2F292BF65A}C:\users\paull\downloads\rimworld.alpha.14 by whicraft creation\rimworldwin.exe] => (Allow) C:\users\paull\downloads\rimworld.alpha.14 by whicraft creation\rimworldwin.exe FirewallRules: [TCP Query User{54CAC386-ADFB-4CFF-B7DF-31FAD84D5B48}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{27B4DD67-891F-42CA-BCBC-120F5DF32F84}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{4C9CEF98-2F5D-41D8-ACD9-93F930283143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reigns\Reigns.exe FirewallRules: [{0394CAC9-F691-420D-8242-0A9B83A03AB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reigns\Reigns.exe FirewallRules: [TCP Query User{10C2271A-3B83-48C3-950D-E9E0D295C966}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{CA30487F-518E-4296-8356-84F11FF9D807}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{6F6842BC-1582-4C69-BB7E-9C7AD1017B35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe FirewallRules: [{0BC994F4-8CCB-420C-88F9-1D1564B26AA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe FirewallRules: [{F41A23B7-C0A6-4CB0-99F3-0DAFF188BFDE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe FirewallRules: [{4A69E6AD-C53E-4796-99C8-CE19BB19B741}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe FirewallRules: [{0DB7D975-2D0B-496B-B558-0B4DEB603526}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe FirewallRules: [TCP Query User{7BF0938E-A704-40D0-B92B-45AF22C8EEBF}C:\program files (x86)\neverwinter_fr\neverwinter\live\gameclient.exe] => (Block) C:\program files (x86)\neverwinter_fr\neverwinter\live\gameclient.exe FirewallRules: [UDP Query User{9292DA51-89D3-46EB-8C8E-204721D3219F}C:\program files (x86)\neverwinter_fr\neverwinter\live\gameclient.exe] => (Block) C:\program files (x86)\neverwinter_fr\neverwinter\live\gameclient.exe FirewallRules: [TCP Query User{1E28FD6C-5B08-4CEC-9CEB-EE6F396DEDE2}C:\program files (x86)\surfeasy vpn\client\surfeasyvpn.exe] => (Allow) C:\program files (x86)\surfeasy vpn\client\surfeasyvpn.exe FirewallRules: [UDP Query User{1ADF691E-824D-4BF8-9A73-80B9005BABD3}C:\program files (x86)\surfeasy vpn\client\surfeasyvpn.exe] => (Allow) C:\program files (x86)\surfeasy vpn\client\surfeasyvpn.exe FirewallRules: [{AF52C805-37A6-42BD-AFFB-A1E81F613C70}] => (Block) C:\program files (x86)\surfeasy vpn\client\surfeasyvpn.exe FirewallRules: [{A728ED70-8803-4135-834C-BB89F8EFF2FC}] => (Block) C:\program files (x86)\surfeasy vpn\client\surfeasyvpn.exe FirewallRules: [{B75F01F5-2E16-45AF-A57E-3F66F7F41AE9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe FirewallRules: [{D79AC5BF-06C3-4344-913E-12CDFBAEFD65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B01A1916-B810-4A88-8C4C-5305529E9638}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe FirewallRules: [{E411345C-3A8A-4DD5-AB85-0D7A1E92081C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe FirewallRules: [{6B4E321F-2E40-4C6C-9DBC-2CFD4AD27B03}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{1336DA7B-7224-4DE3-8A29-CB5EE255F2B2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{80CE9616-3A27-45EB-B732-D1DB0CBAEF37}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{FAA21A70-634B-4FF3-8BF4-E6009FB9E7BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{3AFDB24D-FA86-444E-B841-C6B9749D69BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{6B8CB84F-90C1-40B9-A8F8-2F0E5CD96901}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{98352F01-17EB-45AE-B428-9041A5034994}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C3A93E3D-44A9-4366-BB5C-165EC16C760E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A20B6A08-9DA7-49E6-A871-81E61D137FB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{DFBEDA6C-229C-4957-B728-AB2ABADAB125}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe FirewallRules: [UDP Query User{F63A083F-1B60-43B5-B00B-036A0241E634}C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8657\battle.net.exe FirewallRules: [{C0583A0B-0098-4418-8502-0B226DB78846}] => (Allow) C:\Users\Paull\Desktop\Steam.exe FirewallRules: [{84F22F75-EDE5-4E5E-A025-E9C472A227CD}] => (Allow) C:\Users\Paull\Desktop\Steam.exe FirewallRules: [{7E589CE4-7954-464D-880B-F9B58E8D5E37}] => (Allow) C:\Users\Paull\Desktop\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{C3F0EFC1-4763-43EA-A703-1E6EB596A0B4}] => (Allow) C:\Users\Paull\Desktop\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A7C202C8-3FC5-41B7-B907-E5F9FBA5491C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{9EFE1C40-4806-4AC6-9EBE-94F819A0815F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{504700CC-CC33-4D1A-861F-795FD4E31911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{5B1C1D29-C0C5-42C0-B9C4-539440620FB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe ==================== Restore Points ========================= 13-04-2017 23:59:28 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2017 04:05:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Discord.exe version 0.0.41.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 18a0 Start Time: 01d2b5f0b4490b97 Termination Time: 26 Application Path: C:\Users\Paull\AppData\Local\Discord\app-0.0.297\Discord.exe Report Id: 6a45adad-21e4-11e7-ab0f-acb57d31b11e Faulting package full name: Faulting package-relative application ID: Error: (04/15/2017 04:00:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/15/2017 03:59:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/15/2017 03:59:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/15/2017 03:59:45 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (04/15/2017 03:03:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Discord.exe version 0.0.41.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1a70 Start Time: 01d2b5e7e10cb5e2 Termination Time: 4294967295 Application Path: C:\Users\Paull\AppData\Local\Discord\app-0.0.297\Discord.exe Report Id: dfcbea10-21db-11e7-ab0e-acb57d31b11e Faulting package full name: Faulting package-relative application ID: Error: (04/15/2017 03:00:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.0.0.912, time stamp: 0x58811df5 Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a177 Exception code: 0xc0000005 Fault offset: 0x001948c7 Faulting process id: 0x1d58 Faulting application start time: 0x01d2b5e8369db5b7 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 487e2797-968d-43a7-b132-4f16aede2f2a Faulting package full name: Faulting package-relative application ID: Error: (04/15/2017 02:58:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/15/2017 02:58:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/15/2017 02:58:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (04/15/2017 04:03:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/15/2017 04:03:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the gupdate service to connect. Error: (04/15/2017 03:59:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/15/2017 03:59:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (04/15/2017 03:59:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2017 03:59:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2017 03:59:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2017 03:59:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Hamachi2Svc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/15/2017 03:59:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Hamachi2Svc service to connect. Error: (04/15/2017 03:58:33 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:35:01 PM on ‎4/‎15/‎2017 was unexpected. CodeIntegrity: =================================== Date: 2016-12-29 11:41:19.992 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz Percentage of memory in use: 54% Total physical RAM: 3978.91 MB Available physical RAM: 1801.98 MB Total Virtual: 6282.91 MB Available Virtual: 3542.62 MB ==================== Drives ================================ Drive c: (Data) (Fixed) (Total:542.03 GB) (Free:125.4 GB) NTFS Drive d: (OS) (Fixed) (Total:372.6 GB) (Free:191.37 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 07709914) Partition: GPT. ==================== End of Addition.txt ============================