Inactive-A Ran what I thought was a safe executable

[Dale Ferrier]

Everything was fine I thought but then a few minutes later I get the dreaded "A virus has been found, click here for help..." And it could not be ended. I finally found it running in memory and killed it that way but my system has been a little funny since.

Pretty sure I have some kind of malware installed.

 

[Dale Ferrier]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by dferrier (administrator) on LT3 (25-01-2017 21:22:09)
Running from C:\Users\dferrier\Desktop\malware removal
Loaded Profiles: dferrier (Available Profiles: dferrier)
Platform: Windows 8.1 Pro (Update 1) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_wmc_service.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Tordex) C:\Program Files\TrueLaunchBar\tlbHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(RedFox) C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
() C:\Program Files (x86)\RedFox\AnyDVD\ADvdDiscHlp64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(JRT Studio LLC) C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [HDHRFling] => C:\Program Files (x86)\HDHRFling\HDHRFling.exe [5553664 2015-07-16] (HDHRFling.com)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CBSpoolDaemon] => "C:\Program Files (x86)\ImagePrint\spool\mux\muxd.exe"
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [tlbHost] => C:\Program Files\TrueLaunchBar\tlbHost.exe [560312 2015-10-03] (Tordex)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Reasonable NoClone] => [X]
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe [10737184 2016-12-26] (RedFox)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Outlook Google Calendar Sync] => C:\Users\dferrier\AppData\Local\Apps\2.0\L8RQ2D3X.G1A\7GRZB6CY.0DV\outl..tion_a30846ba3587a523_0002.0003_798f7cdb1f1b13cb\OutlookGoogleCalendarSync.exe [802816 2017-01-02] (Paul Woolcock)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\RunOnce: [Uninstall C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\MountPoints2: {e21ce5d1-97ae-11e6-827a-c03896838b48} - "I:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [Reasonable NoClone] => "C:\Program Files (x86)\Reasonable NoClone 2011 Enterprise\NoClone.exe" null /startup
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk [2016-02-20]
ShortcutTarget: ColorMunki Gamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Gamma\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunkiPhotoTray.exe.lnk [2016-02-20]
ShortcutTarget: ColorMunkiPhotoTray.exe.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-11-17]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{71ACF663-CC95-429F-8C5C-0A1DC4EE8E78}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-12-28]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cheetah Sync.lnk [2015-12-19]
ShortcutTarget: Cheetah Sync.lnk -> C:\Users\dferrier\AppData\Roaming\Microsoft\Installer\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\_57396F6D95A618E977BED0.exe ()
Startup: C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2016-05-03]
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09CBD398-74E7-49A5-A567-432F6F45A3AD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{736478E9-51BE-4D47-993A-F99B5F526DCB}: [NameServer] 8.8.8.8,8.8.4.4,192.168.25.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-09] (LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-09] (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-09] (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-09] (LastPass)
DPF: HKLM-x32 {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://192.168.25.250/web.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\gs7v3iqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-09] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-09] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Extension: Free Download Manager extension - C:\Users\dferrier\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\fdm_ffext@freedownloadmanager.org [2016-12-13]
FF Extension: DownThemAll! - C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\gs7v3iqm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-13]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-05-30]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-01-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-11-26] (Qualcomm Atheros) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4621632 2015-04-14] (SafeNet Inc.)
S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [255936 2016-11-19] ()
R2 HDHomeRun WMC Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_wmc_service.exe [33216 2016-11-19] (Silicondust USA Inc)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-03-28] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1932272 2016-12-07] (Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [24064 2014-12-05] (CLEVO CO.) [File not signed]
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-11] (Qualcomm Atheros) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-26] (Insyde Corporation)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2015-04-14] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [304296 2016-11-05] (Alcohol Soft Development Team)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-11-19] (Qualcomm Atheros, Inc.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-25] ()
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2286080 2014-11-25] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [502488 2014-05-07] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-09] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-09-29] (Duplex Secure Ltd.)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows (R) Win 7 DDK provider)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2015-05-24] (Seiko Epson Corporation)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [121424 2010-10-14] (High Criteria inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 akshasp; \SystemRoot\system32\DRIVERS\akshasp.sys [X]
S3 aksusb; \SystemRoot\System32\drivers\aksusb.sys [X]
U4 npcap_wifi; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[Dale Ferrier]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 21:20 - 2017-01-25 21:22 - 00000000 ____D C:\Users\dferrier\Desktop\malware removal
2017-01-25 18:07 - 2017-01-25 18:07 - 00321864 _____ C:\Windows\Minidump\012517-277250-01.dmp
2017-01-25 16:22 - 2017-01-25 18:02 - 1139139000 ____N C:\Windows\MEMORY.DMP
2017-01-25 16:20 - 2017-01-25 18:01 - 00098048 _____ C:\Windows\system32\Drivers\fwdump_ar6320v2_axi.log
2017-01-25 16:20 - 2017-01-25 18:01 - 00003914 _____ C:\Windows\system32\Drivers\fwdump_ce_reg.log
2017-01-24 21:45 - 2017-01-24 21:45 - 00000000 ____D C:\Users\dferrier\Downloads\FW_RT_AC88U_30043804180
2017-01-24 21:44 - 2017-01-24 21:45 - 42590418 _____ C:\Users\dferrier\Downloads\FW_RT_AC88U_30043804180.ZIP
2017-01-23 19:21 - 2017-01-23 19:21 - 777682944 _____ C:\Users\dferrier\Ghost Rider (2007) - [PG-13].mp4
2017-01-23 19:21 - 2017-01-23 19:21 - 720044032 _____ C:\Users\dferrier\From Russia With Love (1963) - [pg].mp4
2017-01-20 22:08 - 2017-01-20 22:08 - 06975096 _____ (Tim Kosse) C:\Users\dferrier\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-01-20 15:33 - 2017-01-20 15:33 - 00000428 _____ C:\Users\dferrier\AppData\Roaming\apachesrvin.vbs
2017-01-20 15:33 - 2017-01-20 15:33 - 00000095 _____ C:\Users\dferrier\AppData\Roaming\die.bat
2017-01-20 14:02 - 2017-01-24 18:20 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\CDisplayEx
2017-01-20 14:02 - 2017-01-20 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2017-01-20 14:02 - 2017-01-20 14:02 - 00000000 ____D C:\Program Files\CDisplayEx
2017-01-20 07:32 - 2017-01-25 11:43 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\HDHRFling
2017-01-19 21:50 - 2017-01-19 21:50 - 00000000 ___HT C:\Windows\wusa.lock
2017-01-19 21:50 - 2017-01-19 21:50 - 00000000 ____D C:\e5a66c5659522a07546c33094743
2017-01-19 16:14 - 2017-01-19 16:14 - 00002248 _____ C:\Users\dferrier\Desktop\FileBot.lnk
2017-01-19 16:14 - 2017-01-19 16:14 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileBot
2017-01-19 16:14 - 2017-01-19 16:14 - 00000000 ____D C:\Program Files\FileBot
2017-01-18 12:51 - 2017-01-22 15:23 - 00000000 ____D C:\Users\dferrier\Documents\Optical Disk Ripping Menu
2017-01-17 16:05 - 2017-01-17 16:05 - 00000146 _____ C:\Users\dferrier\Desktop\belva address.txt
2017-01-16 20:17 - 2017-01-16 20:17 - 00000939 _____ C:\Users\Public\Desktop\Agent.lnk
2017-01-16 20:17 - 2017-01-16 20:17 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Forte
2017-01-16 20:17 - 2017-01-16 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forte Agent
2017-01-16 20:17 - 2017-01-16 20:17 - 00000000 ____D C:\Program Files (x86)\Agent
2017-01-15 14:29 - 2017-01-15 14:28 - 00001191 _____ C:\Users\dferrier\Desktop\CloneBD - Copy.lnk
2017-01-15 14:29 - 2016-12-06 10:41 - 00001138 _____ C:\Users\dferrier\Desktop\AnyDVD - Copy.lnk
2017-01-15 14:28 - 2017-01-15 14:28 - 00001191 _____ C:\Users\dferrier\Desktop\CloneBD.lnk
2017-01-14 21:11 - 2017-01-14 21:11 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\21926
2017-01-14 20:30 - 2017-01-14 20:30 - 00001480 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2017-01-14 20:30 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2017-01-14 20:30 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll
2017-01-14 09:53 - 2017-01-14 09:53 - 00000000 ____D C:\ProgramData\vsosdk
2017-01-14 05:28 - 2017-01-14 05:28 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\973
2017-01-13 22:04 - 2017-01-13 22:04 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\BDREBUILDER
2017-01-13 21:56 - 2017-01-13 21:56 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth
2017-01-13 21:56 - 2017-01-13 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth
2017-01-13 21:56 - 2017-01-13 21:56 - 00000000 ____D C:\Program Files (x86)\AviSynth
2017-01-13 21:55 - 2017-01-13 21:55 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-01-13 21:55 - 2017-01-13 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-01-13 21:55 - 2017-01-13 21:55 - 00000000 ____D C:\Program Files (x86)\Haali
2017-01-13 21:54 - 2017-01-13 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2017-01-13 21:54 - 2017-01-13 21:54 - 00000000 ____D C:\Program Files (x86)\ffdshow
2017-01-13 21:54 - 2014-09-29 12:23 - 00112640 _____ C:\Windows\SysWOW64\ff_vfw.dll
2017-01-13 21:54 - 2014-09-29 12:22 - 00047616 _____ C:\Windows\SysWOW64\ff_acm.acm
2017-01-13 21:51 - 2017-01-13 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-01-13 15:43 - 2017-01-13 15:43 - 00000000 ____D C:\ProgramData\xml_param
2017-01-13 15:26 - 2017-01-13 15:26 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2017-01-13 15:25 - 2017-01-13 15:25 - 00000000 ____D C:\Users\dferrier\Documents\Wondershare MediaServer
2017-01-13 15:23 - 2017-01-14 20:30 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-01-13 15:23 - 2017-01-14 20:29 - 00000000 ____D C:\ProgramData\Wondershare
2017-01-13 15:19 - 2017-01-13 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-01-13 15:19 - 2017-01-13 15:32 - 00000000 ____D C:\Users\dferrier\Documents\Wondershare Video Converter Ultimate
2017-01-13 15:19 - 2017-01-13 15:19 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Wondershare Video Converter Ultimate
2017-01-13 15:19 - 2017-01-13 15:19 - 00000000 ____D C:\Users\dferrier\AppData\Local\Wondershare
2017-01-13 15:19 - 2012-03-31 11:25 - 00892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2017-01-13 15:19 - 2012-03-31 11:25 - 00496640 _____ C:\Windows\SysWOW64\xvid.ax
2017-01-13 15:18 - 2017-01-13 15:37 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-01-13 15:18 - 2012-03-31 11:25 - 00675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2017-01-12 10:09 - 2017-01-12 10:10 - 00000000 ____D C:\Program Files\HandBrake 5
2017-01-11 13:57 - 2017-01-11 13:58 - 00000000 ____D C:\Program Files (x86)\DVDInfoPro
2017-01-11 13:57 - 2017-01-11 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDInfoPro
2017-01-11 07:39 - 2017-01-11 07:42 - 00000000 ____D C:\Users\dferrier\Documents\optical drives info
2017-01-11 07:38 - 2017-01-11 07:38 - 00000000 ____D C:\Users\dferrier\Documents\MATSHITA_BD-MLT_UJ260AF
2017-01-11 07:20 - 2017-01-11 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opti Drive Control
2017-01-11 07:20 - 2017-01-11 07:20 - 00000000 ____D C:\Program Files (x86)\Opti Drive Control
2017-01-09 14:58 - 2017-01-09 15:03 - 00000000 ____D C:\Program Files\HandBrake 4
2017-01-09 14:58 - 2017-01-09 15:02 - 00000000 ____D C:\Program Files\HandBrake 3
2017-01-09 14:58 - 2017-01-09 15:01 - 00000000 ____D C:\Program Files\HandBrake 2
2017-01-05 20:11 - 2017-01-07 09:20 - 00044336 _____ C:\Users\dferrier\Documents\You are bidding on a Vectronix model PLRF15 handheld laser range finder which is accurate out to 3.htm
2017-01-05 20:11 - 2017-01-07 09:20 - 00000000 ____D C:\Users\dferrier\Documents\You are bidding on a Vectronix model PLRF15 handheld laser range finder which is accurate out to 3_files
2017-01-05 20:11 - 2017-01-05 20:15 - 00042879 ____H C:\Users\dferrier\Documents\~WRL0005.tmp
2017-01-05 20:11 - 2017-01-05 20:11 - 00000162 ____H C:\Users\dferrier\Documents\~$u are bidding on a Vectronix model PLRF15 handheld laser range finder which is accurate out to 3.htm
2017-01-05 20:01 - 2017-01-05 20:01 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsigne1c653f55a025fbb
2017-01-05 20:00 - 2017-01-05 20:00 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign59909f20af1f7877
2017-01-05 19:46 - 2017-01-05 19:46 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignf6288ca7eed2cfb2
2017-01-05 19:45 - 2017-01-05 19:45 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign924e96ff0690ae59
2017-01-03 18:18 - 2017-01-03 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignddf0b7fd7d1bd493
2017-01-03 18:18 - 2017-01-03 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignbed4f41b538fab6b
2017-01-03 18:18 - 2017-01-03 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign44a0be367ef3e09d
2017-01-02 20:51 - 2017-01-02 20:51 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignaad0271a2ab12086
2017-01-02 20:51 - 2017-01-02 20:51 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign35c7ea0a2b969c86
2017-01-02 20:51 - 2017-01-02 20:51 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign06e8d7bd70219d02
2017-01-02 12:09 - 2017-01-02 12:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\bunkus.org
2017-01-02 12:08 - 2017-01-02 12:08 - 00001750 _____ C:\Users\Public\Desktop\MKVToolNix GUI.lnk
2017-01-02 12:08 - 2017-01-02 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2017-01-02 12:07 - 2017-01-15 22:38 - 00000000 ____D C:\Program Files\MKVToolNix
2017-01-02 11:51 - 2017-01-02 11:51 - 00000000 ____D C:\ProgramData\Movie Studio
2017-01-02 11:50 - 2017-01-02 12:56 - 00000000 ____D C:\Users\dferrier\Documents\Movie Studio 13.0 Projects
2017-01-02 11:50 - 2017-01-02 11:50 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Movie Studio
2017-01-02 11:50 - 2017-01-02 11:50 - 00000000 ____D C:\Users\dferrier\AppData\Local\Movie Studio
2017-01-02 11:49 - 2017-01-02 12:01 - 00000000 ____D C:\Program Files\VEGAS
2017-01-02 11:41 - 2017-01-14 06:03 - 00000000 ____D C:\ProgramData\MAGIX
2017-01-02 11:41 - 2017-01-02 11:51 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\VEGAS
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MAGIX Computer Products Intl. Co
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\DVD Architect
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\Users\dferrier\AppData\Local\DVD Architect
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\ProgramData\DVD Architect
2017-01-02 11:34 - 2017-01-02 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2017-01-02 11:33 - 2017-01-02 12:01 - 00000000 ____D C:\ProgramData\VEGAS
2017-01-02 11:33 - 2017-01-02 11:33 - 00000000 ____D C:\Users\dferrier\AppData\Local\VEGAS
2017-01-02 11:33 - 2017-01-02 11:33 - 00000000 ____D C:\Program Files (x86)\VEGAS
2017-01-02 11:32 - 2017-01-14 06:03 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MAGIX
2017-01-02 10:38 - 2017-01-02 10:39 - 00000000 ____D C:\Program Files (x86)\Ultra Video Splitter
2017-01-02 10:38 - 2017-01-02 10:38 - 00001167 _____ C:\Users\Public\Desktop\Ultra Video Splitter.lnk
2017-01-02 10:38 - 2017-01-02 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Splitter
2017-01-02 10:38 - 2007-04-12 14:19 - 00129024 _____ C:\Windows\SysWOW64\AVERM.dll
2017-01-02 10:38 - 2006-09-26 13:57 - 00028672 _____ C:\Windows\SysWOW64\AVEQT.dll
2017-01-02 06:18 - 2017-01-02 06:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\IsolatedStorage
2017-01-02 06:16 - 2017-01-05 08:16 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Outlook Google Calendar Sync
2017-01-02 06:16 - 2017-01-02 06:16 - 00000436 _____ C:\Users\dferrier\Desktop\Outlook Google Calendar Sync.appref-ms
2017-01-02 06:16 - 2017-01-02 06:16 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paul Woolcock
2017-01-01 16:05 - 2017-01-01 21:45 - 00000000 ____D C:\Users\dferrier\Documents\Star Wars despecialized
2017-01-01 16:05 - 2017-01-01 18:59 - 12470889 _____ C:\Users\dferrier\Documents\Star Wars despecialized.ncor
2017-01-01 15:09 - 2017-01-01 15:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign669e5b7b79bfc690
2017-01-01 15:09 - 2017-01-01 15:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign37410f9733eeddc3
2017-01-01 15:09 - 2017-01-01 15:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign01a8f77ea7f580d4
2016-12-31 01:01 - 2016-12-31 01:01 - 00000000 ____D C:\Users\dferrier\Documents\linux scirpt
2016-12-30 21:19 - 2017-01-03 15:09 - 00000000 ____D C:\Users\dferrier\Downloads\Newshosting
2016-12-30 21:19 - 2016-12-30 21:19 - 00001912 _____ C:\Users\Public\Desktop\Newshosting Downloads.lnk
2016-12-30 21:19 - 2016-12-30 21:19 - 00000943 _____ C:\Users\Public\Desktop\Newshosting.lnk
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\Users\dferrier\AppData\Local\Newshosting
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\Users\dferrier\AppData\Local\CrashRpt
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newshosting
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\ProgramData\Caphyon
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\Program Files\Newshosting
2016-12-30 21:18 - 2016-12-30 21:18 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Newshosting
2016-12-30 12:03 - 2017-01-20 22:28 - 00000000 ____D C:\Users\dferrier\AppData\Local\FileZilla
2016-12-30 12:02 - 2016-12-30 12:02 - 06880664 _____ (Tim Kosse) C:\Users\dferrier\Downloads\FileZilla_3.23.0.2_win64-setup.exe
2016-12-29 13:33 - 2017-01-24 20:52 - 00000000 ____D C:\Users\dferrier\.zenmap
2016-12-29 13:33 - 2017-01-02 20:55 - 00000143 _____ C:\Users\dferrier\AppData\Local\zenmap.exe.log
2016-12-29 13:33 - 2016-12-29 13:33 - 00000979 _____ C:\Users\dferrier\Desktop\Nmap - Zenmap GUI.lnk
2016-12-29 13:33 - 2016-12-29 13:33 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2016-12-29 13:30 - 2016-12-29 13:30 - 00000000 ____D C:\Windows\SysWOW64\Npcap
2016-12-29 13:30 - 2016-12-29 13:30 - 00000000 ____D C:\Windows\system32\Npcap
2016-12-29 13:30 - 2016-12-29 13:30 - 00000000 ____D C:\Program Files\Npcap
2016-12-29 13:28 - 2016-12-29 13:33 - 00000000 ____D C:\Program Files (x86)\Nmap
2016-12-27 23:09 - 2016-12-27 23:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Microsoft_Corporation
2016-12-27 15:04 - 2017-01-09 15:00 - 00000000 ____D C:\Program Files\HandBrake
2016-12-27 15:04 - 2016-12-27 15:04 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2016-12-26 17:16 - 2016-12-26 17:16 - 00000000 ____D C:\ProgramData\Silicondust
2016-12-26 17:16 - 2016-12-26 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDHomeRun
2016-12-26 17:16 - 2016-12-26 17:16 - 00000000 ____D C:\Program Files\Silicondust
2016-12-26 17:07 - 2017-01-20 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDHRFling
2016-12-26 17:07 - 2017-01-20 07:32 - 00000000 ____D C:\Program Files (x86)\HDHRFling

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 21:22 - 2016-05-26 19:05 - 00000000 ____D C:\FRST
2017-01-25 21:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2017-01-25 20:56 - 2015-11-17 12:49 - 00000000 ____D C:\Users\dferrier\Documents\email
2017-01-25 20:54 - 2015-11-17 11:37 - 01467357 _____ C:\Windows\WindowsUpdate.log
2017-01-25 20:47 - 2015-11-17 11:52 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1717685655-2789524432-2867823966-1001
2017-01-25 20:45 - 2015-11-26 21:55 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-25 20:41 - 2016-11-20 19:09 - 00000000 ____D C:\Users\dferrier\AppData\LocalLow\Mozilla
2017-01-25 20:40 - 2016-03-13 18:58 - 00000000 ___RD C:\Users\dferrier\Creative Cloud Files
2017-01-25 20:40 - 2015-12-23 05:31 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-25 20:40 - 2015-11-21 08:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Adobe
2017-01-25 20:37 - 2015-12-19 13:49 - 00000000 ____D C:\Users\dferrier\Documents\JRT Studio
2017-01-25 20:32 - 2015-12-04 00:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-25 18:14 - 2013-09-10 07:49 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-25 18:09 - 2015-11-17 12:34 - 00006464 _____ C:\Windows\SysWOW64\Gms.log
2017-01-25 18:07 - 2016-04-02 16:44 - 00000000 ____D C:\Windows\Minidump
2017-01-25 18:04 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-25 16:31 - 2015-11-20 11:02 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\HandBrake
2017-01-25 16:22 - 2013-09-10 07:43 - 00229884 _____ C:\Windows\PFRO.log
2017-01-25 16:14 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2017-01-25 12:49 - 2016-12-13 20:29 - 00000000 ____D C:\Users\dferrier\AppData\Local\Free Download Manager
2017-01-25 12:11 - 2016-09-18 18:04 - 00000600 _____ C:\Users\dferrier\AppData\Local\PUTTY.RND
2017-01-25 10:05 - 2016-11-30 22:12 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\FileZilla
2017-01-24 16:05 - 2015-12-04 07:54 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\vlc
2017-01-23 19:21 - 2015-11-17 11:39 - 00000000 ____D C:\Users\dferrier
2017-01-23 13:22 - 2016-11-30 16:30 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\.dvdcss
2017-01-22 19:02 - 2016-12-08 07:50 - 00000085 ___SH C:\ProgramData\.zreglib
2017-01-22 01:10 - 2016-03-07 10:29 - 00002387 _____ C:\Users\dferrier\Documents\ax_files.xml
2017-01-22 01:08 - 2016-03-07 16:12 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\dvdcss
2017-01-22 00:26 - 2016-12-08 07:37 - 00001191 _____ C:\Users\Public\Desktop\CloneBD.lnk
2017-01-21 21:49 - 2015-12-26 16:06 - 00000000 ____D C:\Users\dferrier\Documents\photography
2017-01-21 21:49 - 2015-11-17 14:50 - 00023552 _____ C:\Users\dferrier\Documents\Joebob.xlsx
2017-01-20 22:09 - 2016-11-30 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-01-20 22:09 - 2016-11-30 22:12 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-01-20 14:23 - 2015-12-28 08:13 - 00000000 ____D C:\Users\dferrier\AppData\Local\CrashDumps
2017-01-19 21:50 - 2015-11-17 12:53 - 00000000 ____D C:\Users\dferrier\Documents\Guns
2017-01-19 21:46 - 2015-11-17 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-19 21:44 - 2016-03-01 14:43 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-19 21:35 - 2015-11-17 11:39 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Adobe
2017-01-19 21:29 - 2013-08-22 08:44 - 05316784 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-19 13:07 - 2015-12-11 16:27 - 00000000 ____D C:\ProgramData\Oracle
2017-01-19 12:49 - 2016-12-14 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-19 12:48 - 2016-12-14 15:32 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-19 12:48 - 2016-12-14 15:31 - 00000000 ____D C:\Program Files\Java
2017-01-19 00:32 - 2016-03-24 10:55 - 00033245 _____ C:\Windows\setupact.log
2017-01-16 07:57 - 2015-11-17 12:46 - 00000000 ____D C:\Users\dferrier\Documents\Bible
2017-01-15 06:53 - 2016-12-16 06:50 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\DVDFab10
2017-01-14 05:58 - 2015-11-17 13:45 - 00000000 ____D C:\Users\dferrier\AppData\Local\Pinnacle
2017-01-14 05:57 - 2015-11-17 20:20 - 00002111 _____ C:\Users\dferrier\AppData\Roaming\LT3.MTBF.txt
2017-01-14 05:57 - 2015-11-17 13:41 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2017-01-14 05:30 - 2016-12-16 06:50 - 00001130 _____ C:\Users\Public\Desktop\DVDFab Mini.lnk
2017-01-14 05:30 - 2016-12-16 06:50 - 00001018 _____ C:\Users\Public\Desktop\DVDFab 10.lnk
2017-01-14 05:30 - 2016-12-16 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-01-14 05:30 - 2016-12-16 06:49 - 00000000 ____D C:\Program Files (x86)\DVDFab 10
2017-01-13 21:51 - 2016-03-07 10:31 - 00001893 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-01-13 21:51 - 2016-03-07 10:31 - 00001881 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2017-01-12 07:50 - 2016-03-01 14:43 - 00002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-12 07:48 - 2016-03-01 14:46 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 06:32 - 2015-12-04 00:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 06:32 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 06:32 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-05 08:16 - 2016-08-10 22:25 - 00000000 ____D C:\Users\dferrier\AppData\Local\Deployment
2017-01-02 17:29 - 2016-02-27 11:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Logos
2017-01-02 12:00 - 2015-11-20 14:33 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Sony
2017-01-02 11:51 - 2015-11-20 14:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Sony
2017-01-01 13:22 - 2016-02-27 12:24 - 00002291 _____ C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2017-01-01 13:22 - 2016-02-27 12:24 - 00002283 _____ C:\Users\dferrier\Desktop\Logos Bible Software.lnk
2016-12-31 14:25 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-30 11:10 - 2015-11-17 21:04 - 00007168 _____ C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-28 23:36 - 2015-12-31 10:36 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MusicBee
2016-12-27 19:32 - 2016-05-30 21:40 - 00012393 _____ C:\Windows\LkmdfCoInst.log
2016-12-27 19:31 - 2016-05-30 21:40 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-12-27 15:04 - 2015-11-17 16:06 - 00000836 _____ C:\Users\dferrier\Desktop\HandBrake.lnk
2016-12-27 15:02 - 2016-03-02 23:35 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Mp3tag
2016-12-26 17:15 - 2015-11-17 22:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-26 16:29 - 2016-12-06 10:41 - 00001114 _____ C:\Users\Public\Desktop\AnyDVD.lnk

==================== Files in the root of some directories =======

2016-12-03 12:46 - 2016-12-03 12:47 - 0009272 _____ () C:\Program Files (x86)\DeviceManage Setup Log.txt
2016-03-09 17:50 - 2016-03-09 17:51 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-21 21:12 - 2008-03-19 17:50 - 0097280 _____ () C:\Program Files (x86)\Common Files\pcsbClean.exe
2015-11-21 21:12 - 2008-03-06 21:31 - 0134656 _____ () C:\Program Files (x86)\Common Files\PCSBoff.exe
2016-03-01 14:53 - 2016-09-30 07:51 - 0000033 _____ () C:\Users\dferrier\AppData\Roaming\AdobeWLCMCache.dat
2017-01-20 15:33 - 2017-01-20 15:33 - 0000428 _____ () C:\Users\dferrier\AppData\Roaming\apachesrvin.vbs
2015-08-05 09:51 - 2015-08-05 09:51 - 0000000 _____ () C:\Users\dferrier\AppData\Roaming\bdopatchtime.txt
2017-01-20 15:33 - 2017-01-20 15:33 - 0000095 _____ () C:\Users\dferrier\AppData\Roaming\die.bat
2015-11-17 20:20 - 2017-01-14 05:57 - 0002111 _____ () C:\Users\dferrier\AppData\Roaming\LT3.MTBF.txt
2015-11-17 21:04 - 2016-12-30 11:10 - 0007168 _____ () C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 14:08 - 2015-11-17 14:08 - 0000000 _____ () C:\Users\dferrier\AppData\Local\Driver_11ACPresent.flag
2016-09-18 18:04 - 2017-01-25 12:11 - 0000600 _____ () C:\Users\dferrier\AppData\Local\PUTTY.RND
2015-12-26 18:07 - 2015-09-25 03:21 - 0016800 _____ () C:\Users\dferrier\AppData\Local\Z@!-5946ba91-ed5f-41a8-8801-12c6dbd9f3de.tmp
2015-12-26 18:07 - 2015-09-25 03:21 - 0015776 _____ () C:\Users\dferrier\AppData\Local\Z@S!-83152ba7-24c1-4572-9f40-f7b7dcf1c59d.tmp
2016-12-29 13:33 - 2017-01-02 20:55 - 0000143 _____ () C:\Users\dferrier\AppData\Local\zenmap.exe.log
2016-12-08 07:50 - 2017-01-22 19:02 - 0000085 ___SH () C:\ProgramData\.zreglib
2015-11-21 13:48 - 2015-11-21 13:48 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-11-21 13:06 - 2015-11-21 13:37 - 0000238 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-06-26 23:41 - 2016-06-26 23:41 - 0000090 _____ () C:\ProgramData\Temp.log

Some files in TEMP:
====================
C:\Users\dferrier\AppData\Local\Temp\7za.exe
C:\Users\dferrier\AppData\Local\Temp\aa.exe
C:\Users\dferrier\AppData\Local\Temp\clicky.exe
C:\Users\dferrier\AppData\Local\Temp\handbrake-setup.exe
C:\Users\dferrier\AppData\Local\Temp\jre-8u121-windows-au.exe
C:\Users\dferrier\AppData\Local\Temp\utt2804.tmp.exe
C:\Users\dferrier\AppData\Local\Temp\utt3CF5.tmp.exe
C:\Users\dferrier\AppData\Local\Temp\VV.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-01-19 07:16

==================== End of FRST.txt ============================

 

[Dale Ferrier]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by dferrier (2017-01-25 21:24:57)
Running from C:\Users\dferrier\Desktop\malware removal
Windows 8.1 Pro (Update 1) (X64) (2015-11-17 17:39:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1717685655-2789524432-2867823966-500 - Administrator - Disabled)
dferrier (S-1-5-21-1717685655-2789524432-2867823966-1001 - Administrator - Enabled) => C:\Users\dferrier
Guest (S-1-5-21-1717685655-2789524432-2867823966-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
4nec2 full version 5.8.16 (HKLM-x32\...\4nec2_is1) (Version: - 4nec2@gmx.net (Use "4nec2 modeller" as the subject))
64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_1) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Encore CS6 Library (HKLM-x32\...\{07E80932-FFB1-402D-9198-18C58EBAF216}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 Functional Content (HKLM-x32\...\{614020C8-2E16-4E16-A5F0-04DE2AB96097}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2015 (HKLM-x32\...\{8FD7F1DB-7355-469E-A3F2-2118148D8477}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.0.9.0 - RedFox)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BDOTomePatcher (HKLM-x32\...\BDOTomePatcher) (Version: - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cheetah Sync (HKLM-x32\...\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}) (Version: 1.5.1 - JRT Studio)
CHIRP (HKLM-x32\...\CHIRP) (Version: - )
CLANNAD (HKLM\...\Steam App 324160) (Version: - VisualArts/Key)
CloneBD (HKLM-x32\...\CloneBD) (Version: 1.1.2.0 - Elaborate Bytes)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
ColorChecker Passport 1.1.0 (HKLM-x32\...\ColorChecker Passport_is1) (Version: 1.1.0 - X-Rite)
ColorMunki Photo 1.1.1 (HKLM-x32\...\ColorMunki Photo_is1) (Version: - X-Rite)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 3 - Your Mom)
Creative Pack Volume 1 (HKLM\...\{3D1688AB-3440-4C7A-8CBB-5D77CD3C02D7}) (Version: 3.1.1 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.07 (HKLM-x32\...\{631D71FD-237F-4D74-B090-88E66FBC5A10}) (Version: 1.07.0000 - Pinnacle)
DDC Driver 1.5 (HKLM-x32\...\DDC Driver_is1) (Version: - )
DeviceManage (HKLM-x32\...\DeviceManage) (Version: - )
DVD Architect (HKLM-x32\...\{F3B2BFC0-76F2-11E6-B231-BB95F5A309BD}) (Version: 7.0.38 - VEGAS)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 10.0.1.9 (13/01/2017) (HKLM-x32\...\DVDFab 10_is1) (Version: - Fengtao Software Inc.)
DVDInfoPro 7.6.0.5 (HKLM-x32\...\DVDInfoPro_is1) (Version: - DVDInfoPro Elite)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.6.0 - Seiko Epson Corporation)
EZNEC Demo v. 6.0 (HKLM-x32\...\EZNEC_-6000_is1) (Version: 6.0 - EZNEC)
Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios)
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FileBot (HKLM\...\{36A3AA3A-1849-418B-A07D-1ABB5C909179}) (Version: 4.7.7 - Reinhard Pointner)
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Forté Agent (HKLM-x32\...\{9B867430-CF67-4989-A414-68DF625D5D15}) (Version: 8.00.1272 - Forté Internet Software, Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
FT-857 Programmer (HKLM-x32\...\{7B67EE40-5362-11E2-390C-10AB7E3B7E87}) (Version: 4.50.0.0 - RT Systems. Inc)
G4FON Koch Method Morse Trainer (HKLM-x32\...\G4FON Koch Method Morse Trainer) (Version: - )
Gear Watch Designer 1.1.1 (HKLM-x32\...\Gear Watch Designer) (Version: 1.1.1 - Samsung Electronics)
GT3_W64_VIP (HKLM-x32\...\ST6UNST #1) (Version: - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 1.0.0 (HKLM-x32\...\HandBrake) (Version: 1.0.0 - )
HDHomeRun (HKLM\...\{54F9A4D2-83CC-4169-BC4E-24F341E6AA8D}) (Version: 1.0.23228.0 - Silicondust)
HDHRFling (HKLM-x32\...\{4FBE6121-3BDF-49CC-B95D-E6EB83AF2CEA}_is1) (Version: 1.2.8.2 - HDHRFling.com)
Helicon Focus 6.6.1.0 (HKLM\...\Helicon Focus 6_is1) (Version: - Helicon Soft Ltd.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hollywood FX Volumes 1-3 (HKLM\...\{94F26E3B-100E-4C7B-B1F1-2F395128E848}) (Version: 2.1 - Corel Corporation)
Hotkey 3.16.29 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 3.16.29 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3995 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iSpy (64 bit) (HKLM\...\{23D18C2E-0A91-43C5-ADDE-42D4B5A4B6F9}) (Version: 6.5.8.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{62646e38-1498-4ba5-81ef-5f8edc95db78}) (Version: 6.5.8.0 - DeveloperInABox)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Just Learn Morse Code (HKLM-x32\...\{CBE3B17D-C988-4AF7-B84E-BEFF6F60BCC9}) (Version: 1.0.0.0 - Sigurd Stenersen)
Koi-Koi Japan [Hanafuda playing cards] (HKLM\...\Steam App 364930) (Version: - Zoo Corporation)
Kolor Autopano Pro 4.2 (HKLM\...\AutopanoPro4.2) (Version: V4.2.3 - Kolor)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lightroom Duplicate Finder 2 (HKLM-x32\...\{366C1420-AF2B-45BC-B1E9-09D2F7201E71}) (Version: 2.0.4317 - Jim Keir)
LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version: - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logos Bible Software (HKLM-x32\...\{248A5699-936A-4651-824F-5221EDEF5CB9}) (Version: 7.48.41 - Faithlife Corporation)
LOOT version 0.9.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.1 - LOOT Team)
LRTimelapse 4.5.1 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.5.1 - Gunther Wegner)
MediaInfo 0.7.65 (HKLM\...\MediaInfo) (Version: 0.7.65 - MediaArea.net)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
MKVToolNix 9.7.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.7.1 - Moritz Bunkus)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Movie Studio 13.0 (64-bit) (HKLM\...\{15C608B0-B5A5-11E6-858D-EF6B4CB4F8F1}) (Version: 13.0.208 - VEGAS)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
NewBlue Effects (HKLM\...\{C0C7CFFB-C0EF-4CB5-A83D-33626D67BAA7}) (Version: 1.0.1 - Corel Corporation)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
Newshosting (HKLM\...\{649F577B-BCA1-4EB1-B17F-6157F351E528}) (Version: 2.2.1 - Newshosting)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.1 - Black Tree Gaming)
Nmap 7.40 (HKLM-x32\...\Nmap) (Version: 7.40 - )
Npcap 0.78 r5 (HKLM-x32\...\NpcapInst) (Version: 0.78 r5 - Nmap Project)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NZBGet (HKLM-x32\...\NZBGet) (Version: - Andrey Prygunkov)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.0.2 - ON1)
ON1 Resize 10 (HKLM\...\ON1 Resize 10 PE) (Version: 10.5.1 - ON1)
Open 3D Model Viewer (HKLM-x32\...\{EBDFEC36-5277-454F-875B-F0AA2CDC3C92}) (Version: 1.10.0000 - Alexander Gessler)
Opti Drive Control 1.70 (HKLM-x32\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version: - Erik Deppe)
Outlook Google Calendar Sync (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\ae7ab5abd52d9711) (Version: 2.3.0.0 - Paul Woolcock)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Pavtube BDMagic Ver 4.8.6.8 (HKLM-x32\...\{322AED85-69CD-49E5-AA61-123707D9A80B}_is1) (Version: - )
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photomatix Pro version 5.1.2 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.1.2 - HDRsoft Ltd)
Pinnacle Studio 18 - Install Manager (HKLM\...\{39B53CC2-EE72-44E6-800D-C61A6465BF1A}) (Version: 18.0.234 - Corel Corporation)
Pinnacle Studio 18 - Standard Content Pack (HKLM\...\{DDBFA6BC-5756-465F-902A-5659F4EFBC6F}) (Version: 18.0 - Corel Corporation)
Pinnacle Studio 18 (HKLM\...\{11FB47FB-B341-4FD8-A505-E4C0CC0536C1}) (Version: 18.5.1.827 - Corel Corporation)
Pinnacle Studio 18 Add-Ons (x32 Version: 18.0 - Corel) Hidden
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Plex Media Server (HKLM-x32\...\{b17cb6c8-2d2a-4174-81d4-9583917706fc}) (Version: 1.2.0.3114 - Plex, Inc.)
Plex Media Server (x32 Version: 1.2.3114 - Plex, Inc.) Hidden
Qualcomm Atheros 11AC Drivers (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.451 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{FE6786D7-4CAD-47D9-9221-3782B0052992}) (Version: 1.1.49.1393 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
QuickLOAD (HKLM-x32\...\ST5UNST #2) (Version: - )
QuickLOAD-QuickTARGET Demo (HKLM-x32\...\ST5UNST #1) (Version: - )
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21255 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7363 - Realtek Semiconductor Corp.)
Reasonable NoClone 2014 (HKLM-x32\...\{A677B60C-9707-4D9C-AB9C-BF856A0832AC}) (Version: 6.1.45 - REASONABLE SOFTWARE HOUSE)
SABnzbd 1.1.1 (HKLM-x32\...\SABnzbd) (Version: 1.1.1 - The SABnzbd Team)
ScoreFitter Volumes 1-2 (HKLM\...\{DAD8BCAC-30E7-4D1A-91F2-F3712F0E2555}) (Version: 2.1 - Corel Corporation)
SDK (x32 Version: 1.40.002 - Portrait Displays, Inc.) Hidden
Sentinel Runtime (HKLM-x32\...\{F3B75675-67AC-4349-8673-3AC0C29165C0}) (Version: 7.32.1.52786 - SafeNet Inc.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shroud of the Avatar: Forsaken Virtues (HKLM\...\Steam App 326160) (Version: - Portalarium)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Snagit 12 (HKLM-x32\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.4.1 - TechSmith Corporation) Hidden
Spam Reader 3.7 (HKLM-x32\...\{488AD2A7-1158-45D0-BDBD-B82AB6B6EDD3}}_is1) (Version: - LuxContinent LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (x32 Version: 1.2.3114 - Plex, Inc.) Hidden
Subnautica (HKLM\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.0 - Synaptics Incorporated)
Teekesselchen version 1.8 (HKLM-x32\...\{E20A5744-5ECD-49C5-8102-10CB0027DFCB}_is1) (Version: 1.8 - Michael Bungenstock)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
Title Extreme (HKLM\...\{C202FA8F-552B-4F7A-AB57-0B5B888E6BB5}) (Version: 2.1 - Corel Corporation)
Total Recorder 8.2 (HKLM-x32\...\TotalRecorder) (Version: - )
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 7.3.0.0 - Tordex)
Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software)
UltraEdit (HKLM-x32\...\{3EFB776D-32C0-4895-8D45-184C3F8BA337}) (Version: 23.00.0.59 - IDM Computer Solutions, Inc.)
UninstallDeviceDll 1.1 (HKLM-x32\...\UninstallDeviceDll_is1) (Version: - X-Rite)
UV-3R+ 1.11 (HKLM-x32\...\UV-3R+) (Version: - )
VEGAS Pro 14.0 (64-bit) (HKLM\...\{995C928F-BE54-11E6-B066-BE9B4130C4C9}) (Version: 14.0.211 - VEGAS)
VidCoder 1.5.34 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.34 - RandomEngy)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
Windows Driver Package - RT Systems RT CDM Driver Package (01/30/2016 2.12.08) (HKLM\...\44F74E9BE605C75BBD33EC4CA829BECAFE4B8630) (Version: 01/30/2016 2.12.08 - RT Systems)
Windows Driver Package - RT Systems RT CDM Driver Package (01/30/2016 2.12.08) (HKLM\...\AD6D814F58FF742D1ABBBDFC9760CF33549296C8) (Version: 01/30/2016 2.12.08 - RT Systems)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Winsome File Renamer version 8.0 (HKLM-x32\...\{C84B0B73-760A-4604-B723-28F46A34F924}_is1) (Version: 8.0 - Winsome Technologies)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Converter Ultimate(Build 9.0.0.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.0.4 - Wondershare Software)
X-Rite Device ColorMunki Service (HKLM-x32\...\{EAEFA1B2-64E3-4B8E-942F-F57A73BC1CAE}_is1) (Version: 1.0 - X-Rite Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

22-01-2017 00:26:00 Installed DirectX

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04AF43E1-5992-46E1-A421-CAEB78D602FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {07859E64-F64C-47AE-BC80-C7F8B244F9D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {08E25909-D143-4D1E-9679-BB7E229FD1F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {23DEC8A0-F76B-40B7-870B-273F49335C6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {513B8820-0932-4FB0-8C49-E2890EC86E13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {6269FCDD-320E-4972-BADB-ED22EDD1A4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {635BB1DD-080C-42C4-8B31-A630AEBBAB83} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2016-11-25] (FreeDownloadManager.org)
Task: {8C94544D-D3C2-487F-A90C-C972EE756221} - System32\Tasks\{11F1210D-889E-45D1-A067-4DEE800F4341} => Firefox.exe http://ui.skype.com/ui/0/7.23.0.105/en/eula?source=lightinstaller
Task: {9B463CFB-B6CF-4460-BA25-7E1E59643ACD} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {A79935BF-6FC8-424C-9758-8EC034CB6B88} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1717685655-2789524432-2867823966-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {BE1A16CE-869A-4FD8-9B7A-AA901575CFDB} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {D0E97515-001A-43E8-A2D5-E34C114E32FD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-09] (Synaptics Incorporated)
Task: {EEFC7926-55D9-412B-80C7-CB79A17D4F9C} - System32\Tasks\AdobeAAMUpdater-1.0-lt3-dferrier => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-11-17 12:11 - 2015-02-05 13:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 20:29 - 2016-11-25 18:36 - 00029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2017-01-13 13:10 - 2017-01-13 13:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-10-25 08:57 - 2016-10-25 08:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-18 21:00 - 2016-12-18 21:00 - 01678560 _____ () C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-09-16 06:41 - 2016-12-28 11:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-14 20:30 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-03-30 06:27 - 2016-03-30 21:00 - 00147968 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2016-02-20 12:32 - 2009-10-23 09:26 - 01921024 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
2014-09-29 18:51 - 2014-09-29 18:51 - 00074664 _____ () C:\Program Files (x86)\RedFox\AnyDVD\ADvdDiscHlp64.exe
2014-12-11 00:53 - 2014-12-11 00:53 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-12-07 19:53 - 2016-12-07 19:53 - 00083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-12-07 19:52 - 2016-12-07 19:52 - 00203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-02-20 12:31 - 2008-09-03 16:12 - 02592768 _____ () C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\colormunki.dll
2014-03-20 13:43 - 2014-03-20 13:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-11-26 21:58 - 2016-12-23 12:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-26 21:58 - 2016-08-31 19:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-26 21:58 - 2017-01-18 19:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-26 21:58 - 2016-08-31 19:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-26 21:58 - 2016-08-31 19:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-26 21:58 - 2017-01-18 19:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-15 14:03 - 2016-07-04 16:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-25 09:51 - 2016-10-25 09:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-14 20:30 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-01-14 20:30 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-02-20 12:32 - 2009-10-22 14:33 - 07053312 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtGui4.dll
2016-02-20 12:32 - 2009-10-22 14:33 - 01970176 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtCore4.dll
2016-02-20 12:32 - 2009-10-22 14:29 - 00131072 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qjpeg4.dll
2016-02-20 12:32 - 2009-10-22 14:29 - 00278528 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qtiff4.dll
2015-08-14 10:57 - 2015-08-14 10:57 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2015-08-14 10:57 - 2015-08-14 10:57 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2017-01-13 13:10 - 2017-01-13 13:10 - 00048304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2016-10-12 00:08 - 2016-10-12 00:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 09:49 - 2016-10-25 09:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 00:08 - 2016-10-12 00:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-14 09:22 - 2017-01-04 21:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-11-26 21:58 - 2017-01-18 19:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-10-10 22:15 - 2016-10-10 22:15 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-10 22:15 - 2016-10-10 22:15 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-10-10 22:15 - 2016-10-10 22:15 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-10 22:17 - 2016-10-10 22:17 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-25 09:41 - 2016-10-25 09:41 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-10 22:14 - 2016-10-10 22:14 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2016-10-10 22:14 - 2016-10-10 22:14 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-18 21:00 - 2016-12-18 21:00 - 01244376 _____ () C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-09-16 06:41 - 2016-12-28 05:41 - 08924872 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\dferrier\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:FCd64RTDrYFRI1Z2H
AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:ZQlWOHOCr4RpyJvmfbdcOEoqh5jNv

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

 

[Dale Ferrier]

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "CBSpoolDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16D2996D-1DBD-4BE7-94B6-D230F911936B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48CA8B7E-98FB-4018-845B-978FC99E3E3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{09DB9EE8-6775-4CE2-BDBD-AC92E3D8DD90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BFECA2F3-7C77-4FD4-BA55-E0A96A15B403}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A298252D-BD4B-4B53-B388-5E08F9D4A095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FA271D0-4AE6-4457-B867-6F83E7851308}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6A799B31-3D83-4823-B0C4-5765C4B1CF36}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{5FC55606-97F1-4B96-B3C7-1DCD54608DA2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{B0A1B7B3-C8B6-4490-B905-5B46AD4B1A86}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{6CA20B68-7AF4-46F6-85E8-2C569196254B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{A2CAE719-B1E4-4381-BF33-B69B09EA71F8}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{153B5C29-9162-4A82-96DC-14930B828294}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{63085810-2923-4460-B9BB-52C50E34E025}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{1A5FDCF6-6901-4E80-B5B3-0EDDE1E4E233}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{1896014D-DD6B-45AF-B985-60FE45093616}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{6109A1BD-121B-45AF-928D-D2F0AB51141E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{56D5CD78-765B-46F4-8B6F-35275E539744}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{98B4702E-5142-4891-8E54-1E6E846187B9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{426B5EEC-50F9-4338-9832-9160A8A76FCE}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{7EC486D3-ABD2-4D8D-A087-E20813F228E3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{6BDBA6EA-8C26-4265-BB45-D7040063BC0C}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{CCE590DF-4F57-4361-8EA8-1802B2754155}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{DA90B094-F089-4ED4-BC60-2A42BFE4596E}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{E7F65E1F-1D28-4FF7-87E3-313846D42BB3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{B34630D5-CF48-4DFC-99B3-09E360A7C91B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{938FCA39-C276-4671-8927-9E48B070C60F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E93DEC02-89BC-4215-A333-F3617A375629}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75420B98-3A0D-4C40-B6B1-F4480A6BD0D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F86A86D-5B00-48F7-91CD-B5F496BA5343}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{39ACF385-492B-407E-BA05-1C9F4EE3C4C7}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{42D586D0-72F4-4EF6-8795-6FAB128718E4}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{E6C08C26-6090-45F2-A634-00339D25F9DB}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{0D19A34E-F638-4A8E-8FEC-0E9972272437}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{42ABCFB2-F6D3-4DD4-AB3C-9C57C701B99A}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{1980903B-EAE0-42EF-80AA-2E5184E569C7}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{DA8EF29B-55FD-4A31-9460-977EF94EDB5A}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [UDP Query User{693A5210-1F24-410B-AF4B-68FA0FC1F9D0}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [{84432AA8-5321-4F87-AAC4-B791119FDDDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe
FirewallRules: [{DA4962ED-1BA0-4F96-903D-FC9EC2CF5CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe
FirewallRules: [{0E0661C7-6A8E-4AB3-A547-100A4423A7ED}] => (Allow) LPort=8298
FirewallRules: [TCP Query User{DA6E4BCF-3802-43C1-9F72-9BB2251DD2D8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B3E721A0-BC6F-4096-9699-BFA31223864D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{9C31F3C2-BD9B-4CE7-9C8B-A5DD292B919D}C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe] => (Allow) C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe
FirewallRules: [UDP Query User{9E9C6D6C-3355-48DB-B910-3F9A94C115A8}C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe] => (Allow) C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe
FirewallRules: [TCP Query User{4DC8ECBB-C79A-481B-96F0-CF2FAF40107B}C:\program files\onone software\perfect resize 9\perfect resize 9.exe] => (Allow) C:\program files\onone software\perfect resize 9\perfect resize 9.exe
FirewallRules: [UDP Query User{9D8A3AF9-616D-451C-9F4D-6A2B471B188F}C:\program files\onone software\perfect resize 9\perfect resize 9.exe] => (Allow) C:\program files\onone software\perfect resize 9\perfect resize 9.exe
FirewallRules: [TCP Query User{F219A285-7DEF-43BE-B441-65DC3B3E5000}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [UDP Query User{224254F8-DC22-4CA3-B4D8-92C78AD52685}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [{904EA697-DF81-42D7-B40A-98ADD4ECF003}] => (Allow) LPort=5454
FirewallRules: [{8553CAF3-5AE6-4014-9561-4E09FA7D16B4}] => (Allow) LPort=5454
FirewallRules: [TCP Query User{88AAEA31-DA24-4E43-9606-DA4FAAAF50EA}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [UDP Query User{EB071DDC-B06F-4AD6-828E-48A8C39A9826}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [TCP Query User{1ECB6B45-BD7F-49A2-B93F-33167E20443D}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{26048747-0F61-4C75-B113-BB537A79819E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{9C57C1E1-86E0-4D50-9F37-08AA0B0366A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D0597EDE-F70A-48E5-9FD1-D022EF189658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{373BC15B-7B8E-4504-AB0A-3A189B84BD33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{95DF81D5-E675-4C55-BD21-6814C721ABF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [TCP Query User{ECC9E33E-31B8-499C-ABF4-089320047E51}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{23581F29-6D34-41A6-AAB0-76FEF35EF0E3}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [TCP Query User{873723AF-1950-4F79-A3D7-DBFE4C7949AF}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{9E7BA8F0-7F50-4012-8966-C729913A13B9}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{32BF37FC-EC1E-4EDB-984E-72C25B25D522}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\bin\BlackDesert32.exe
FirewallRules: [{9E246989-B8FC-4A18-BAE9-85632C609C76}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\bin64\BlackDesert64.exe
FirewallRules: [{6F34F171-547E-4C5F-B2AB-CE8F8614EDBF}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\BlackDesert_Launcher.exe
FirewallRules: [{5C9090BB-8FEF-4FB0-A7AD-B63991611C39}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\BlackDesert_Downloader.exe
FirewallRules: [TCP Query User{D811B7D8-49AB-4F16-B4E1-2F98B724B172}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{09CC7A38-FD61-48F1-9BC9-F2AC3B649CE1}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{4218852E-C488-486B-867B-07C05EF91461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{4E19223F-94B5-450A-8CED-5BCAEF29F167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{F48ECE11-D2D3-4C69-A5DB-7930FC30490B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CLANNAD\RealLiveEn.exe
FirewallRules: [{088D6C6A-2A57-4086-9C41-7A338010E125}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CLANNAD\RealLiveEn.exe
FirewallRules: [TCP Query User{BF34EFEA-8DBA-4D0B-9BA7-26EF154C2388}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E7D64A9B-BE9B-4997-8470-E8C313087C72}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{E60A090C-6355-4484-A9DC-6C7FFEC74F3F}C:\users\dferrier\desktop\ab analytics\app\abm_win.exe] => (Allow) C:\users\dferrier\desktop\ab analytics\app\abm_win.exe
FirewallRules: [UDP Query User{A8749EF5-387E-4A33-BE63-D130EABB6F5F}C:\users\dferrier\desktop\ab analytics\app\abm_win.exe] => (Allow) C:\users\dferrier\desktop\ab analytics\app\abm_win.exe
FirewallRules: [TCP Query User{90727535-0C3C-40F3-BB76-9CC07EF2FC90}C:\program files (x86)\ab analytics\app\abm_win.exe] => (Allow) C:\program files (x86)\ab analytics\app\abm_win.exe
FirewallRules: [UDP Query User{6853FBBE-BB65-42AD-BAA3-78882938C813}C:\program files (x86)\ab analytics\app\abm_win.exe] => (Allow) C:\program files (x86)\ab analytics\app\abm_win.exe
FirewallRules: [{3504DD83-009E-4784-B6F3-2EC10DB263CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A09FA166-0EB1-4392-BA66-148EFC163813}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{37EA56F0-525E-43EA-B70D-CAB90B8C7399}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe
FirewallRules: [UDP Query User{0CC49148-60AD-471F-B781-A0BB0FF14B21}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe
FirewallRules: [TCP Query User{E270C79B-0A0F-4D15-929C-E453B72B7095}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [UDP Query User{EC25287C-562D-4B45-83DF-AA7FD1043364}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [TCP Query User{8A03314C-9B4A-42B8-9176-D65465A9F544}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [UDP Query User{5DE374D0-B9BC-47D4-8348-9DB714C8B327}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [{CDE0FDA7-FDFD-4977-8E9D-467CCECA8A0C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{FDFB6F1C-84A0-4107-9030-82AFCB69D8F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{70B4C7F8-55DD-49C4-A1D6-CA84E6245AE5}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{3482E17F-5E10-438A-86AD-9228B55D5751}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{FDDA3A4B-C648-4774-A60B-B6AAB8741533}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{FE56C383-289D-4CD2-A000-68EDD2F78102}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{F8AF5C7C-223C-4FB8-A240-5516607C0CE7}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{5B8B60C9-50E5-4A55-A3A1-07499530FC25}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [TCP Query User{C5A3841E-1C92-4626-9DB9-54C2058C58C5}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [UDP Query User{FE50F1BD-9F31-4E60-866E-91A25DA3F538}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [TCP Query User{5367F2C6-CC2A-404A-B10B-6F707BF4EAA8}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [UDP Query User{CADE46A5-27C3-412A-A0C8-B64B5F1C1175}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [TCP Query User{04330347-CF6B-43AC-85E1-A4A096DCBF61}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{1545A64E-70B7-482F-9602-02E64498FA21}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{8209AA52-7FAD-4160-A602-7DC71036B15D}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{4F030ABC-5ADE-4062-9B63-38909E2955D8}C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe] => (Allow) C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe
FirewallRules: [UDP Query User{83FC594C-4479-4854-B813-6F4A5D667BC2}C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe] => (Allow) C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe
FirewallRules: [{9A70AE86-59BF-415F-9173-3EF07CDF3457}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3AF5E882-9B1A-4C7B-80A9-7E1DD56EC6C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{8D2DD1F4-C138-458A-9FAD-B8CD1E0070E2}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{20CB1257-3144-4157-B8D2-CD71E56EE48A}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{B84E0CD0-F26F-44F4-9813-CC03653475F1}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{DD2910B1-6358-4FA8-A132-E5CCE94D19C8}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7593C432-C542-4FE7-9B5F-8FEFA6FD112B}] => (Allow) D:\SteamLibrary\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [{4EC32183-37B3-4C40-B0B9-730ADF483CBE}] => (Allow) D:\SteamLibrary\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [TCP Query User{310A6EA1-00D4-46DA-8057-613BCA0252E2}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [UDP Query User{0BDDC79B-4494-45D5-B3E7-8DC76DDDD782}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [{53672316-BF56-4C8D-9F1C-84F583A06C28}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{2B4B8406-0BD6-47B6-B0BC-D21839E9AE6F}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{3C2BD30A-B611-4D0C-8BD8-A5F5C672390A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A4E703A6-2670-4C7E-A8D4-523E9ACCFE4F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{B9A86027-466C-47E6-BE93-D3542865F499}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E64BE649-256B-4126-A97B-E18730BE43B0}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{BA606B12-DBE0-4ECF-A120-4608489C4039}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{17CC1584-608E-4DF5-9CCF-84EF213C12D4}C:\program files (x86)\devicemanage\devicemanage.exe] => (Allow) C:\program files (x86)\devicemanage\devicemanage.exe
FirewallRules: [UDP Query User{1C9702D8-B1CA-4B22-B95A-C668C1F1B90D}C:\program files (x86)\devicemanage\devicemanage.exe] => (Allow) C:\program files (x86)\devicemanage\devicemanage.exe
FirewallRules: [{CBFD16CD-AADC-48B2-BEB1-045EF3B9585F}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{02D6E52F-26D5-4A17-A03F-BC661124FCA2}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{F23B4565-D778-4566-9F58-DEE308CA9737}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{26F7C2FC-FF1E-4B7C-A699-28B9DC267C1F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{5B50EE71-0654-4970-A095-2BBC48F9D844}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{5620F317-41A6-4B26-AD45-57AC531142AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{029F1161-AF8D-4E32-92E6-532CF219401A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{A62ECB2B-DEC7-40B2-B523-A6BFD6F7FC75}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [UDP Query User{98837384-13EE-4684-B1A8-F4533E4B8A78}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [TCP Query User{A5AE49CF-AC02-436D-8147-E2BF4F6E80D2}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [UDP Query User{D7F793A1-4643-430D-80CC-34C6C8953DB0}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [TCP Query User{378D5BB5-08AC-4B5C-A487-011782B9F91F}C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [UDP Query User{A1A541D3-9858-4E79-9534-B7801E3C05BD}C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [{924BD1A1-C9D6-4F1D-8A4C-6D9AC68CDF66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{44B47DE2-4BC1-4E15-99CB-6DD08B54DADF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AA9944F1-8DEE-4A2D-8C01-094DA940F305}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33CB5796-85CF-4068-B5BE-2AE0CFBAF023}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F48B7BF-569F-4532-B8BF-92617FA36745}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{758082BC-1C7D-4F4A-BAC9-34988AD6D6CA}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C27B00D-8B16-4133-9F50-6FD18E35253E}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3A2FD084-3369-40EA-85FF-D53EFE0D0752}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B7A603D9-F55F-48C1-8C46-882CC9CE6C1A}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [UDP Query User{A3F30B3B-F854-4BF2-A452-79736390F00B}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [TCP Query User{D5E0F362-DF11-4EDD-A8E8-68107ECC83AA}C:\program files (x86)\hdhrfling\hdhrfling.exe] => (Allow) C:\program files (x86)\hdhrfling\hdhrfling.exe
FirewallRules: [UDP Query User{73380196-9F2C-42EB-8E2E-45FF1F58A4A6}C:\program files (x86)\hdhrfling\hdhrfling.exe] => (Allow) C:\program files (x86)\hdhrfling\hdhrfling.exe
FirewallRules: [{BBDB8760-1898-4E33-B37D-08B60BE2B053}] => (Allow) LPort=9090
FirewallRules: [{AF434A2A-BACE-4C82-908D-2015240F1F79}] => (Allow) LPort=9090
FirewallRules: [{E6A88D76-2FB6-4370-9D53-13DA38B5FA18}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_view.exe
FirewallRules: [{73E49EC7-82B2-4578-A07B-CF97E38E027F}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{EDC1255A-D474-4149-ADD5-58DAC489492D}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_nas_install.exe
FirewallRules: [{8DF94F46-7E78-44F6-964C-59C39297E2C0}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe
FirewallRules: [{23784516-75A1-4503-B40B-82CEE4E82583}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{DDF88BA8-ADA3-46A0-888F-56311859FF85}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{6D55155F-7536-40E3-AC89-D5807011BECB}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{400AC135-F7C3-48AA-B343-2B0794CB8D60}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe
FirewallRules: [UDP Query User{13F4FC21-1867-48C3-8684-E8A935BED181}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe
FirewallRules: [{5F05E3B9-165F-4943-8164-2DFDEA51D436}] => (Allow) LPort=9090
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

Name: Npcap Loopback Adapter
Description: Microsoft KM-TEST Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kmloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2017 09:58:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:44:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:41:46 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:31:46 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:03:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 08:58:48 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 08:52:12 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 08:29:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2017 12:26:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/20/2017 02:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: msxml6.dll, version: 6.30.9600.17041, time stamp: 0x53181bf7
Exception code: 0xc0000005
Fault offset: 0x00000000000016a8
Faulting process id: 0x2590
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5


System errors:
=============
Error: (01/25/2017 06:07:19 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xffffd000240c7000, 0x0000000000000001, 0xfffff80038daed75, 0x0000000000000000)C:\Windows\MEMORY.DMP012517-277250-01

Error: (01/25/2017 06:06:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.

Error: (01/25/2017 06:05:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error:
%%1053

Error: (01/25/2017 06:05:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.

Error: (01/25/2017 06:03:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:37:34 PM on ‎1/‎25/‎2017 was unexpected.

Error: (01/25/2017 04:22:35 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xffffd0002843c000, 0x0000000000000001, 0xfffff801bf318d75, 0x0000000000000000)C:\Windows\MEMORY.DMP

Error: (01/25/2017 04:22:35 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description:

Error: (01/25/2017 04:22:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:18:21 PM on ‎1/‎25/‎2017 was unexpected.

Error: (01/25/2017 02:37:51 AM) (Source: DCOM) (EventID: 10010) (User: lt3)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/25/2017 02:37:21 AM) (Source: DCOM) (EventID: 10010) (User: lt3)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


CodeIntegrity:
===================================
Date: 2017-01-25 02:48:31.132
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:31.096
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:31.058
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:17.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:17.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:17.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:17.277
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:17.008
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:16.888
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 02:48:08.249
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 13%
Total physical RAM: 32652.39 MB
Available physical RAM: 28344.91 MB
Total Virtual: 65420.39 MB
Available Virtual: 61122.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:39.65 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:223.19 GB) NTFS
Drive e: (AKK_ORANGE_PT1) (CDROM) (Total:3.51 GB) (Free:0 GB) UDF
Drive j: (My Passport 4) (Fixed) (Total:3725.99 GB) (Free:660.21 GB) NTFS
Drive k: (WONDER_WOMAN_SEASON_1) (CDROM) (Total:5.44 GB) (Free:0 GB) UDF
Drive l: (WONDER_WOMAN_SEASON_1) (CDROM) (Total:5.57 GB) (Free:0 GB) UDF
Drive m: (WONDER_WOMAN_SEASON_1) (CDROM) (Total:6.37 GB) (Free:0 GB) UDF
Drive o: (WONDER_WOMAN_SEASON_2) (CDROM) (Total:6.37 GB) (Free:0 GB) UDF
Drive t: (My Passport) (Fixed) (Total:931.48 GB) (Free:29.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3A411564)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88C10745)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Dale Ferrier]

RogueKiller V12.9.5.0 (x64) [Jan 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : dferrier [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/25/2017 23:32:57 (Duration : 01:53:46)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[Tr.Gen0][File] C:\Users\dferrier\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\dferrier\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\dferrier\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\dferrier\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 88f22dfff5c1b4502ccf4fb40382dbf3
[BSP] b018b6b04f876bd1b58da61742e53209 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10SPCX-21KHST0 +++++
--- User ---
[MBR] 2e0aefd9e37df28507597345a85852d4
[BSP] 84176bd72726442f324474375882c5ba : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WD My Passport 259D USB Device +++++
--- User ---
[MBR] b749ca3279980e04af4acfc8f6e210f5
[BSP] 7fd284fb52c67c795cf1eb3c56d573d7 : Empty MBR Code
Partition table:
0 - My Passport | Offset (sectors): 2048 | Size: 3815413 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: WD My Passport 0730 USB Device +++++
--- User ---
[MBR] 10e93ad5e841512afefef1b41a97e15d
[BSP] a2afca834be8506a95112da9d22fbe5f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: SDXC Card +++++
--- User ---
[MBR] b9a21efaecc7d803b04f5f651948d85f
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 32768 | Size: 121926 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
===================================

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/26/2016 08:02:57 PM in x64 mode.
Windows Version: Windows 8.1 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\nlssrv32.exe (PID: 2904) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/26/2016 08:04:57 PM
Execution time: 0 hours(s), 1 minute(s), and 59 seconds(s)

 

[Dale Ferrier]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/17
Scan Time: 6:37 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1104
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: lt3\dferrier

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388786
Time Elapsed: 11 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Quarantined, [1669], [331708],1.0.1104

Registry Value: 1
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|IMAGEPATH, Quarantined, [1669], [331708],1.0.1104

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Trojan.Agent.Trace, C:\USERS\DFERRIER\APPDATA\ROAMING\DIE.BAT, Quarantined, [3208], [247454],1.0.1104
Trojan.Agent.Trace, C:\USERS\DFERRIER\APPDATA\ROAMING\APACHESRVIN.VBS, Quarantined, [3208], [247431],1.0.1104
PUP.Optional.SpyHunter, C:\WINDOWS\SYSTEM32\DRIVERS\ESGSCANNER.SYS, Quarantined, [1669], [331708],1.0.1104

Physical Sector: 0
(No malicious items detected)


(end)

 

[Dale Ferrier]

# AdwCleaner v5.118 - Logfile created 26/05/2016 at 20:10:27
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 8.1 Pro (X64)
# Username : dferrier - LT3
# Running from : F:\Installs\Virus and Malware tools\2 ADW Cleaner\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\IEHelper.IEButton
Key Found : HKLM\SOFTWARE\Classes\IEHelper.IEButton.1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [968 bytes] - [26/05/2016 20:10:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1040 bytes] ##########

# AdwCleaner v6.042 - Logfile created 26/01/2017 at 07:47:39
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-26.1 [Server]
# Operating System : Windows 8.1 Pro (X64)
# Username : dferrier - LT3
# Running from : C:\Users\dferrier\Desktop\malware removal\ADWCleaner\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\dferrier\AppData\Local\28050


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found: FreeDownloadManagerNetworkMonitor


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1306 Bytes] - [26/05/2016 20:07:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [1119 Bytes] - [26/05/2016 19:10:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1789 Bytes] - [26/01/2017 07:47:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1862 Bytes] ##########

 

[Dale Ferrier]

# AdwCleaner v6.042 - Logfile created 26/01/2017 at 07:51:50
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-26.1 [Server]
# Operating System : Windows 8.1 Pro (X64)
# Username : dferrier - LT3
# Running from : C:\Users\dferrier\Desktop\malware removal\ADWCleaner\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\dferrier\AppData\Local\28050


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: FreeDownloadManagerNetworkMonitor


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1306 Bytes] - [26/05/2016 20:07:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [1644 Bytes] - [26/01/2017 07:51:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [1119 Bytes] - [26/05/2016 19:10:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1949 Bytes] - [26/01/2017 07:47:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1863 Bytes] ##########

 

[Dale Ferrier]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 Pro x64
Ran by dferrier (Administrator) on Thu 01/26/2017 at 8:17:24.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\dferrier\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\dferrier\AppData\Roaming\couchpotato (Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/26/2017 at 8:20:38.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Dale Ferrier]

I have finished all the steps.

Do I need to do anything else?

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Dale Ferrier]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by dferrier (administrator) on LT3 (26-01-2017 22:58:46)
Running from C:\Users\dferrier\Desktop\malware removal
Loaded Profiles: dferrier (Available Profiles: dferrier)
Platform: Windows 8.1 Pro (Update 1) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_wmc_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Tordex) C:\Program Files\TrueLaunchBar\tlbHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(RedFox) C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\RedFox\AnyDVD\ADvdDiscHlp64.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(JRT Studio LLC) C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Paul Woolcock) C:\Users\dferrier\AppData\Local\Apps\2.0\L8RQ2D3X.G1A\7GRZB6CY.0DV\outl..tion_a30846ba3587a523_0002.0003_798f7cdb1f1b13cb\OutlookGoogleCalendarSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [HDHRFling] => C:\Program Files (x86)\HDHRFling\HDHRFling.exe [5553664 2015-07-16] (HDHRFling.com)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CBSpoolDaemon] => "C:\Program Files (x86)\ImagePrint\spool\mux\muxd.exe"
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [tlbHost] => C:\Program Files\TrueLaunchBar\tlbHost.exe [560312 2015-10-03] (Tordex)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Reasonable NoClone] => [X]
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe [10737184 2016-12-26] (RedFox)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Outlook Google Calendar Sync] => C:\Users\dferrier\AppData\Local\Apps\2.0\L8RQ2D3X.G1A\7GRZB6CY.0DV\outl..tion_a30846ba3587a523_0002.0003_798f7cdb1f1b13cb\OutlookGoogleCalendarSync.exe [802816 2017-01-02] (Paul Woolcock)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\RunOnce: [Uninstall C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\MountPoints2: {e21ce5d1-97ae-11e6-827a-c03896838b48} - "I:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [Reasonable NoClone] => "C:\Program Files (x86)\Reasonable NoClone 2011 Enterprise\NoClone.exe" null /startup
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk [2016-02-20]
ShortcutTarget: ColorMunki Gamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Gamma\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunkiPhotoTray.exe.lnk [2016-02-20]
ShortcutTarget: ColorMunkiPhotoTray.exe.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-11-17]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{71ACF663-CC95-429F-8C5C-0A1DC4EE8E78}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-12-28]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cheetah Sync.lnk [2015-12-19]
ShortcutTarget: Cheetah Sync.lnk -> C:\Users\dferrier\AppData\Roaming\Microsoft\Installer\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\_57396F6D95A618E977BED0.exe ()
Startup: C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2016-05-03]
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09CBD398-74E7-49A5-A567-432F6F45A3AD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{736478E9-51BE-4D47-993A-F99B5F526DCB}: [NameServer] 8.8.8.8,8.8.4.4,192.168.25.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-09] (LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-09] (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-09] (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-09] (LastPass)
DPF: HKLM-x32 {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://192.168.25.250/web.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\gs7v3iqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-09] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-09] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Extension: Free Download Manager extension - C:\Users\dferrier\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\fdm_ffext@freedownloadmanager.org [2016-12-13]
FF Extension: DownThemAll! - C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\gs7v3iqm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-13]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-05-30]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-01-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-11-26] (Qualcomm Atheros) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4621632 2015-04-14] (SafeNet Inc.)
S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [255936 2016-11-19] ()
R2 HDHomeRun WMC Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_wmc_service.exe [33216 2016-11-19] (Silicondust USA Inc)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-03-28] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1932272 2016-12-07] (Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [24064 2014-12-05] (CLEVO CO.) [File not signed]
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-11] (Qualcomm Atheros) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-26] (Insyde Corporation)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2015-04-14] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [304296 2016-11-05] (Alcohol Soft Development Team)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-11-19] (Qualcomm Atheros, Inc.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-01-26] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-01-26] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-01-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-01-26] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2286080 2014-11-25] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [502488 2014-05-07] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-09] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-09-29] (Duplex Secure Ltd.)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows (R) Win 7 DDK provider)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2015-05-24] (Seiko Epson Corporation)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [121424 2010-10-14] (High Criteria inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-25] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 akshasp; \SystemRoot\system32\DRIVERS\akshasp.sys [X]
S3 aksusb; \SystemRoot\System32\drivers\aksusb.sys [X]
U4 npcap_wifi; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

 

[Dale Ferrier]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 09:36 - 2017-01-26 09:36 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk
2017-01-26 09:24 - 2017-01-26 09:24 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2017.lnk
2017-01-26 09:19 - 2017-01-26 09:19 - 00001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2017.lnk
2017-01-26 08:59 - 2017-01-26 08:59 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2017-01-26 08:43 - 2017-01-26 08:43 - 00002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2017-01-26 06:36 - 2017-01-26 19:35 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-26 06:36 - 2017-01-26 08:26 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 06:36 - 2017-01-26 08:26 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-26 06:36 - 2017-01-26 08:26 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-26 06:36 - 2017-01-26 06:36 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-26 06:36 - 2017-01-26 06:36 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-26 06:36 - 2017-01-26 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-26 06:36 - 2017-01-26 06:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 06:36 - 2017-01-26 06:36 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-26 06:36 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-26 04:34 - 2017-01-26 04:34 - 00326320 _____ C:\Windows\Minidump\012617-69640-01.dmp
2017-01-25 23:32 - 2017-01-25 23:32 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-25 23:32 - 2017-01-25 23:32 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-25 23:32 - 2017-01-25 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-25 23:32 - 2017-01-25 23:32 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-25 23:31 - 2017-01-26 07:29 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-25 21:20 - 2017-01-26 08:23 - 00000000 ____D C:\Users\dferrier\Desktop\malware removal
2017-01-25 18:07 - 2017-01-25 18:07 - 00321864 _____ C:\Windows\Minidump\012517-277250-01.dmp
2017-01-25 16:22 - 2017-01-26 04:33 - 1930781112 ____N C:\Windows\MEMORY.DMP
2017-01-25 16:20 - 2017-01-26 04:31 - 00098048 _____ C:\Windows\system32\Drivers\fwdump_ar6320v2_axi.log
2017-01-25 16:20 - 2017-01-26 04:31 - 00005871 _____ C:\Windows\system32\Drivers\fwdump_ce_reg.log
2017-01-24 21:45 - 2017-01-24 21:45 - 00000000 ____D C:\Users\dferrier\Downloads\FW_RT_AC88U_30043804180
2017-01-24 21:44 - 2017-01-24 21:45 - 42590418 _____ C:\Users\dferrier\Downloads\FW_RT_AC88U_30043804180.ZIP
2017-01-23 19:21 - 2017-01-23 19:21 - 777682944 _____ C:\Users\dferrier\Ghost Rider (2007) - [PG-13].mp4
2017-01-23 19:21 - 2017-01-23 19:21 - 720044032 _____ C:\Users\dferrier\From Russia With Love (1963) - [pg].mp4
2017-01-20 22:08 - 2017-01-20 22:08 - 06975096 _____ (Tim Kosse) C:\Users\dferrier\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-01-20 14:02 - 2017-01-24 18:20 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\CDisplayEx
2017-01-20 14:02 - 2017-01-20 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2017-01-20 14:02 - 2017-01-20 14:02 - 00000000 ____D C:\Program Files\CDisplayEx
2017-01-20 07:32 - 2017-01-25 11:43 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\HDHRFling
2017-01-19 21:50 - 2017-01-19 21:50 - 00000000 ___HT C:\Windows\wusa.lock
2017-01-19 21:50 - 2017-01-19 21:50 - 00000000 ____D C:\e5a66c5659522a07546c33094743
2017-01-19 16:14 - 2017-01-19 16:14 - 00002248 _____ C:\Users\dferrier\Desktop\FileBot.lnk
2017-01-19 16:14 - 2017-01-19 16:14 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileBot
2017-01-19 16:14 - 2017-01-19 16:14 - 00000000 ____D C:\Program Files\FileBot
2017-01-18 12:51 - 2017-01-22 15:23 - 00000000 ____D C:\Users\dferrier\Documents\Optical Disk Ripping Menu
2017-01-17 16:05 - 2017-01-17 16:05 - 00000146 _____ C:\Users\dferrier\Desktop\belva address.txt
2017-01-16 20:17 - 2017-01-16 20:17 - 00000939 _____ C:\Users\Public\Desktop\Agent.lnk
2017-01-16 20:17 - 2017-01-16 20:17 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Forte
2017-01-16 20:17 - 2017-01-16 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forte Agent
2017-01-16 20:17 - 2017-01-16 20:17 - 00000000 ____D C:\Program Files (x86)\Agent
2017-01-15 14:29 - 2017-01-15 14:28 - 00001191 _____ C:\Users\dferrier\Desktop\CloneBD - Copy.lnk
2017-01-15 14:28 - 2017-01-15 14:28 - 00001191 _____ C:\Users\dferrier\Desktop\CloneBD.lnk
2017-01-14 21:11 - 2017-01-14 21:11 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\21926
2017-01-14 20:30 - 2017-01-14 20:30 - 00001480 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2017-01-14 20:30 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2017-01-14 20:30 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll
2017-01-14 09:53 - 2017-01-14 09:53 - 00000000 ____D C:\ProgramData\vsosdk
2017-01-14 05:28 - 2017-01-14 05:28 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\973
2017-01-13 22:04 - 2017-01-13 22:04 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\BDREBUILDER
2017-01-13 21:56 - 2017-01-13 21:56 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth
2017-01-13 21:56 - 2017-01-13 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth
2017-01-13 21:56 - 2017-01-13 21:56 - 00000000 ____D C:\Program Files (x86)\AviSynth
2017-01-13 21:55 - 2017-01-13 21:55 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-01-13 21:55 - 2017-01-13 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2017-01-13 21:55 - 2017-01-13 21:55 - 00000000 ____D C:\Program Files (x86)\Haali
2017-01-13 21:54 - 2017-01-13 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2017-01-13 21:54 - 2017-01-13 21:54 - 00000000 ____D C:\Program Files (x86)\ffdshow
2017-01-13 21:54 - 2014-09-29 12:23 - 00112640 _____ C:\Windows\SysWOW64\ff_vfw.dll
2017-01-13 21:54 - 2014-09-29 12:22 - 00047616 _____ C:\Windows\SysWOW64\ff_acm.acm
2017-01-13 21:51 - 2017-01-13 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-01-13 15:43 - 2017-01-13 15:43 - 00000000 ____D C:\ProgramData\xml_param
2017-01-13 15:26 - 2017-01-13 15:26 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2017-01-13 15:25 - 2017-01-13 15:25 - 00000000 ____D C:\Users\dferrier\Documents\Wondershare MediaServer
2017-01-13 15:23 - 2017-01-14 20:30 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-01-13 15:23 - 2017-01-14 20:29 - 00000000 ____D C:\ProgramData\Wondershare
2017-01-13 15:19 - 2017-01-13 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-01-13 15:19 - 2017-01-13 15:32 - 00000000 ____D C:\Users\dferrier\Documents\Wondershare Video Converter Ultimate
2017-01-13 15:19 - 2017-01-13 15:19 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Wondershare Video Converter Ultimate
2017-01-13 15:19 - 2017-01-13 15:19 - 00000000 ____D C:\Users\dferrier\AppData\Local\Wondershare
2017-01-13 15:19 - 2012-03-31 11:25 - 00892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2017-01-13 15:19 - 2012-03-31 11:25 - 00496640 _____ C:\Windows\SysWOW64\xvid.ax
2017-01-13 15:18 - 2017-01-13 15:37 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-01-13 15:18 - 2012-03-31 11:25 - 00675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2017-01-12 10:09 - 2017-01-12 10:10 - 00000000 ____D C:\Program Files\HandBrake 5
2017-01-11 13:57 - 2017-01-11 13:58 - 00000000 ____D C:\Program Files (x86)\DVDInfoPro
2017-01-11 13:57 - 2017-01-11 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDInfoPro
2017-01-11 07:39 - 2017-01-11 07:42 - 00000000 ____D C:\Users\dferrier\Documents\optical drives info
2017-01-11 07:38 - 2017-01-11 07:38 - 00000000 ____D C:\Users\dferrier\Documents\MATSHITA_BD-MLT_UJ260AF
2017-01-11 07:20 - 2017-01-11 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opti Drive Control
2017-01-11 07:20 - 2017-01-11 07:20 - 00000000 ____D C:\Program Files (x86)\Opti Drive Control
2017-01-09 14:58 - 2017-01-09 15:03 - 00000000 ____D C:\Program Files\HandBrake 4
2017-01-09 14:58 - 2017-01-09 15:02 - 00000000 ____D C:\Program Files\HandBrake 3
2017-01-09 14:58 - 2017-01-09 15:01 - 00000000 ____D C:\Program Files\HandBrake 2
2017-01-05 20:11 - 2017-01-07 09:20 - 00044336 _____ C:\Users\dferrier\Documents\You are bidding on a Vectronix model PLRF15 handheld laser range finder which is accurate out to 3.htm
2017-01-05 20:11 - 2017-01-07 09:20 - 00000000 ____D C:\Users\dferrier\Documents\You are bidding on a Vectronix model PLRF15 handheld laser range finder which is accurate out to 3_files
2017-01-05 20:11 - 2017-01-05 20:15 - 00042879 ____H C:\Users\dferrier\Documents\~WRL0005.tmp
2017-01-05 20:11 - 2017-01-05 20:11 - 00000162 ____H C:\Users\dferrier\Documents\~$u are bidding on a Vectronix model PLRF15 handheld laser range finder which is accurate out to 3.htm
2017-01-05 20:01 - 2017-01-05 20:01 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsigne1c653f55a025fbb
2017-01-05 20:00 - 2017-01-05 20:00 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign59909f20af1f7877
2017-01-05 19:46 - 2017-01-05 19:46 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignf6288ca7eed2cfb2
2017-01-05 19:45 - 2017-01-05 19:45 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign924e96ff0690ae59
2017-01-03 18:18 - 2017-01-03 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignddf0b7fd7d1bd493
2017-01-03 18:18 - 2017-01-03 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignbed4f41b538fab6b
2017-01-03 18:18 - 2017-01-03 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign44a0be367ef3e09d
2017-01-02 20:51 - 2017-01-02 20:51 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignaad0271a2ab12086
2017-01-02 20:51 - 2017-01-02 20:51 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign35c7ea0a2b969c86
2017-01-02 20:51 - 2017-01-02 20:51 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign06e8d7bd70219d02
2017-01-02 12:09 - 2017-01-02 12:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\bunkus.org
2017-01-02 12:08 - 2017-01-02 12:08 - 00001750 _____ C:\Users\Public\Desktop\MKVToolNix GUI.lnk
2017-01-02 12:08 - 2017-01-02 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2017-01-02 12:07 - 2017-01-15 22:38 - 00000000 ____D C:\Program Files\MKVToolNix
2017-01-02 11:51 - 2017-01-02 11:51 - 00000000 ____D C:\ProgramData\Movie Studio
2017-01-02 11:50 - 2017-01-02 12:56 - 00000000 ____D C:\Users\dferrier\Documents\Movie Studio 13.0 Projects
2017-01-02 11:50 - 2017-01-02 11:50 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Movie Studio
2017-01-02 11:50 - 2017-01-02 11:50 - 00000000 ____D C:\Users\dferrier\AppData\Local\Movie Studio
2017-01-02 11:49 - 2017-01-02 12:01 - 00000000 ____D C:\Program Files\VEGAS
2017-01-02 11:41 - 2017-01-14 06:03 - 00000000 ____D C:\ProgramData\MAGIX
2017-01-02 11:41 - 2017-01-02 11:51 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\VEGAS
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MAGIX Computer Products Intl. Co
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\DVD Architect
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\Users\dferrier\AppData\Local\DVD Architect
2017-01-02 11:41 - 2017-01-02 11:41 - 00000000 ____D C:\ProgramData\DVD Architect
2017-01-02 11:34 - 2017-01-02 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2017-01-02 11:33 - 2017-01-02 12:01 - 00000000 ____D C:\ProgramData\VEGAS
2017-01-02 11:33 - 2017-01-02 11:33 - 00000000 ____D C:\Users\dferrier\AppData\Local\VEGAS
2017-01-02 11:33 - 2017-01-02 11:33 - 00000000 ____D C:\Program Files (x86)\VEGAS
2017-01-02 11:32 - 2017-01-14 06:03 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MAGIX
2017-01-02 10:38 - 2017-01-02 10:39 - 00000000 ____D C:\Program Files (x86)\Ultra Video Splitter
2017-01-02 10:38 - 2017-01-02 10:38 - 00001167 _____ C:\Users\Public\Desktop\Ultra Video Splitter.lnk
2017-01-02 10:38 - 2017-01-02 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Splitter
2017-01-02 10:38 - 2007-04-12 14:19 - 00129024 _____ C:\Windows\SysWOW64\AVERM.dll
2017-01-02 10:38 - 2006-09-26 13:57 - 00028672 _____ C:\Windows\SysWOW64\AVEQT.dll
2017-01-02 06:18 - 2017-01-02 06:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\IsolatedStorage
2017-01-02 06:16 - 2017-01-26 08:34 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Outlook Google Calendar Sync
2017-01-02 06:16 - 2017-01-02 06:16 - 00000436 _____ C:\Users\dferrier\Desktop\Outlook Google Calendar Sync.appref-ms
2017-01-02 06:16 - 2017-01-02 06:16 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paul Woolcock
2017-01-01 16:05 - 2017-01-01 21:45 - 00000000 ____D C:\Users\dferrier\Documents\Star Wars despecialized
2017-01-01 16:05 - 2017-01-01 18:59 - 12470889 _____ C:\Users\dferrier\Documents\Star Wars despecialized.ncor
2017-01-01 15:09 - 2017-01-01 15:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign669e5b7b79bfc690
2017-01-01 15:09 - 2017-01-01 15:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign37410f9733eeddc3
2017-01-01 15:09 - 2017-01-01 15:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign01a8f77ea7f580d4
2016-12-31 01:01 - 2016-12-31 01:01 - 00000000 ____D C:\Users\dferrier\Documents\linux scirpt
2016-12-30 21:19 - 2017-01-03 15:09 - 00000000 ____D C:\Users\dferrier\Downloads\Newshosting
2016-12-30 21:19 - 2016-12-30 21:19 - 00001912 _____ C:\Users\Public\Desktop\Newshosting Downloads.lnk
2016-12-30 21:19 - 2016-12-30 21:19 - 00000943 _____ C:\Users\Public\Desktop\Newshosting.lnk
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\Users\dferrier\AppData\Local\Newshosting
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newshosting
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\ProgramData\Caphyon
2016-12-30 21:19 - 2016-12-30 21:19 - 00000000 ____D C:\Program Files\Newshosting
2016-12-30 21:18 - 2016-12-30 21:18 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Newshosting
2016-12-30 12:03 - 2017-01-20 22:28 - 00000000 ____D C:\Users\dferrier\AppData\Local\FileZilla
2016-12-30 12:02 - 2016-12-30 12:02 - 06880664 _____ (Tim Kosse) C:\Users\dferrier\Downloads\FileZilla_3.23.0.2_win64-setup.exe
2016-12-29 13:33 - 2017-01-24 20:52 - 00000000 ____D C:\Users\dferrier\.zenmap
2016-12-29 13:33 - 2017-01-02 20:55 - 00000143 _____ C:\Users\dferrier\AppData\Local\zenmap.exe.log
2016-12-29 13:33 - 2016-12-29 13:33 - 00000979 _____ C:\Users\dferrier\Desktop\Nmap - Zenmap GUI.lnk
2016-12-29 13:33 - 2016-12-29 13:33 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2016-12-29 13:30 - 2016-12-29 13:30 - 00000000 ____D C:\Windows\SysWOW64\Npcap
2016-12-29 13:30 - 2016-12-29 13:30 - 00000000 ____D C:\Windows\system32\Npcap
2016-12-29 13:30 - 2016-12-29 13:30 - 00000000 ____D C:\Program Files\Npcap
2016-12-29 13:28 - 2016-12-29 13:33 - 00000000 ____D C:\Program Files (x86)\Nmap
2016-12-27 23:09 - 2016-12-27 23:09 - 00000000 ____D C:\Users\dferrier\AppData\Local\Microsoft_Corporation
2016-12-27 15:04 - 2017-01-09 15:00 - 00000000 ____D C:\Program Files\HandBrake
2016-12-27 15:04 - 2016-12-27 15:04 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 22:58 - 2016-05-26 19:05 - 00000000 ____D C:\FRST
2017-01-26 22:38 - 2015-11-17 12:49 - 00000000 ____D C:\Users\dferrier\Documents\email
2017-01-26 22:32 - 2015-12-04 00:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-26 22:02 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2017-01-26 20:35 - 2015-11-17 11:37 - 01514400 _____ C:\Windows\WindowsUpdate.log
2017-01-26 19:22 - 2015-12-28 08:13 - 00000000 ____D C:\Users\dferrier\AppData\Local\CrashDumps
2017-01-26 15:12 - 2016-11-20 19:09 - 00000000 ____D C:\Users\dferrier\AppData\LocalLow\Mozilla
2017-01-26 12:37 - 2015-12-04 07:54 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\vlc
2017-01-26 10:11 - 2013-09-10 07:49 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-26 09:38 - 2015-11-17 11:52 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1717685655-2789524432-2867823966-1001
2017-01-26 09:36 - 2015-11-21 08:42 - 00000000 ____D C:\Program Files\Adobe
2017-01-26 08:59 - 2015-12-05 19:57 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-01-26 08:43 - 2015-11-21 08:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-01-26 08:34 - 2016-08-10 22:25 - 00000000 ____D C:\Users\dferrier\AppData\Local\Deployment
2017-01-26 08:34 - 2015-11-26 21:55 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-26 08:30 - 2015-11-17 12:34 - 00006464 _____ C:\Windows\SysWOW64\Gms.log
2017-01-26 08:29 - 2016-03-13 18:58 - 00000000 ___RD C:\Users\dferrier\Creative Cloud Files
2017-01-26 08:29 - 2015-12-23 05:31 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-26 08:29 - 2015-11-21 08:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Adobe
2017-01-26 08:27 - 2015-12-19 13:49 - 00000000 ____D C:\Users\dferrier\Documents\JRT Studio
2017-01-26 08:25 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-26 08:20 - 2016-05-26 20:26 - 00001035 _____ C:\Users\dferrier\Desktop\JRT.txt
2017-01-26 08:08 - 2016-05-26 19:10 - 00000000 ____D C:\AdwCleaner
2017-01-26 07:29 - 2015-11-17 11:39 - 00000000 ____D C:\Users\dferrier
2017-01-26 04:34 - 2016-04-02 16:44 - 00000000 ____D C:\Windows\Minidump
2017-01-26 04:06 - 2016-12-18 21:00 - 00003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-26 04:06 - 2016-09-12 14:37 - 00003176 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1717685655-2789524432-2867823966-1001
2017-01-26 04:06 - 2016-09-12 14:37 - 00002311 _____ C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-26 01:25 - 2013-08-22 09:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-26 00:58 - 2015-11-17 14:50 - 00023552 _____ C:\Users\dferrier\Documents\Joebob.xlsx
2017-01-25 21:34 - 2015-11-20 11:02 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\HandBrake
2017-01-25 16:22 - 2013-09-10 07:43 - 00229884 _____ C:\Windows\PFRO.log
2017-01-25 16:14 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2017-01-25 12:49 - 2016-12-13 20:29 - 00000000 ____D C:\Users\dferrier\AppData\Local\Free Download Manager
2017-01-25 12:11 - 2016-09-18 18:04 - 00000600 _____ C:\Users\dferrier\AppData\Local\PUTTY.RND
2017-01-25 10:05 - 2016-11-30 22:12 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\FileZilla
2017-01-23 13:22 - 2016-11-30 16:30 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\.dvdcss
2017-01-22 19:02 - 2016-12-08 07:50 - 00000085 ___SH C:\ProgramData\.zreglib
2017-01-22 01:10 - 2016-03-07 10:29 - 00002387 _____ C:\Users\dferrier\Documents\ax_files.xml
2017-01-22 01:08 - 2016-03-07 16:12 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\dvdcss
2017-01-22 00:26 - 2016-12-08 07:37 - 00001191 _____ C:\Users\Public\Desktop\CloneBD.lnk
2017-01-21 21:49 - 2015-12-26 16:06 - 00000000 ____D C:\Users\dferrier\Documents\photography
2017-01-20 22:09 - 2016-11-30 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-01-20 22:09 - 2016-11-30 22:12 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-01-20 07:32 - 2016-12-26 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDHRFling
2017-01-20 07:32 - 2016-12-26 17:07 - 00000000 ____D C:\Program Files (x86)\HDHRFling
2017-01-19 21:50 - 2015-11-17 12:53 - 00000000 ____D C:\Users\dferrier\Documents\Guns
2017-01-19 21:46 - 2015-11-17 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-19 21:44 - 2016-03-01 14:43 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-19 21:35 - 2015-11-17 11:39 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Adobe
2017-01-19 21:29 - 2013-08-22 08:44 - 05316784 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-19 13:07 - 2015-12-11 16:27 - 00000000 ____D C:\ProgramData\Oracle
2017-01-19 12:49 - 2016-12-14 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-19 12:48 - 2016-12-14 15:32 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-19 12:48 - 2016-12-14 15:31 - 00000000 ____D C:\Program Files\Java
2017-01-19 00:32 - 2016-03-24 10:55 - 00033245 _____ C:\Windows\setupact.log
2017-01-16 07:57 - 2015-11-17 12:46 - 00000000 ____D C:\Users\dferrier\Documents\Bible
2017-01-15 06:53 - 2016-12-16 06:50 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\DVDFab10
2017-01-14 05:58 - 2015-11-17 13:45 - 00000000 ____D C:\Users\dferrier\AppData\Local\Pinnacle
2017-01-14 05:57 - 2015-11-17 20:20 - 00002111 _____ C:\Users\dferrier\AppData\Roaming\LT3.MTBF.txt
2017-01-14 05:57 - 2015-11-17 13:41 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2017-01-14 05:30 - 2016-12-16 06:50 - 00001130 _____ C:\Users\Public\Desktop\DVDFab Mini.lnk
2017-01-14 05:30 - 2016-12-16 06:50 - 00001018 _____ C:\Users\Public\Desktop\DVDFab 10.lnk
2017-01-14 05:30 - 2016-12-16 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-01-14 05:30 - 2016-12-16 06:49 - 00000000 ____D C:\Program Files (x86)\DVDFab 10
2017-01-13 21:51 - 2016-03-07 10:31 - 00001893 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-01-13 21:51 - 2016-03-07 10:31 - 00001881 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2017-01-12 07:50 - 2016-03-01 14:43 - 00002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-12 07:48 - 2016-03-01 14:46 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 06:32 - 2015-12-04 00:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 06:32 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 06:32 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-02 17:29 - 2016-02-27 11:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Logos
2017-01-02 12:00 - 2015-11-20 14:33 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Sony
2017-01-02 11:51 - 2015-11-20 14:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Sony
2017-01-01 13:22 - 2016-02-27 12:24 - 00002291 _____ C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2017-01-01 13:22 - 2016-02-27 12:24 - 00002283 _____ C:\Users\dferrier\Desktop\Logos Bible Software.lnk
2016-12-31 14:25 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-30 11:10 - 2015-11-17 21:04 - 00007168 _____ C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-28 23:36 - 2015-12-31 10:36 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MusicBee
2016-12-27 19:32 - 2016-05-30 21:40 - 00012393 _____ C:\Windows\LkmdfCoInst.log
2016-12-27 19:31 - 2016-05-30 21:40 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-12-27 15:04 - 2015-11-17 16:06 - 00000836 _____ C:\Users\dferrier\Desktop\HandBrake.lnk
2016-12-27 15:02 - 2016-03-02 23:35 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Mp3tag

==================== Files in the root of some directories =======

2016-12-03 12:46 - 2016-12-03 12:47 - 0009272 _____ () C:\Program Files (x86)\DeviceManage Setup Log.txt
2016-03-09 17:50 - 2016-03-09 17:51 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-21 21:12 - 2008-03-19 17:50 - 0097280 _____ () C:\Program Files (x86)\Common Files\pcsbClean.exe
2015-11-21 21:12 - 2008-03-06 21:31 - 0134656 _____ () C:\Program Files (x86)\Common Files\PCSBoff.exe
2016-03-01 14:53 - 2016-09-30 07:51 - 0000033 _____ () C:\Users\dferrier\AppData\Roaming\AdobeWLCMCache.dat
2015-08-05 09:51 - 2015-08-05 09:51 - 0000000 _____ () C:\Users\dferrier\AppData\Roaming\bdopatchtime.txt
2015-11-17 20:20 - 2017-01-14 05:57 - 0002111 _____ () C:\Users\dferrier\AppData\Roaming\LT3.MTBF.txt
2015-11-17 21:04 - 2016-12-30 11:10 - 0007168 _____ () C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 14:08 - 2015-11-17 14:08 - 0000000 _____ () C:\Users\dferrier\AppData\Local\Driver_11ACPresent.flag
2016-09-18 18:04 - 2017-01-25 12:11 - 0000600 _____ () C:\Users\dferrier\AppData\Local\PUTTY.RND
2015-12-26 18:07 - 2015-09-25 03:21 - 0016800 _____ () C:\Users\dferrier\AppData\Local\Z@!-5946ba91-ed5f-41a8-8801-12c6dbd9f3de.tmp
2015-12-26 18:07 - 2015-09-25 03:21 - 0015776 _____ () C:\Users\dferrier\AppData\Local\Z@S!-83152ba7-24c1-4572-9f40-f7b7dcf1c59d.tmp
2016-12-29 13:33 - 2017-01-02 20:55 - 0000143 _____ () C:\Users\dferrier\AppData\Local\zenmap.exe.log
2016-12-08 07:50 - 2017-01-22 19:02 - 0000085 ___SH () C:\ProgramData\.zreglib
2015-11-21 13:48 - 2015-11-21 13:48 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-11-21 13:06 - 2015-11-21 13:37 - 0000238 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-06-26 23:41 - 2016-06-26 23:41 - 0000090 _____ () C:\ProgramData\Temp.log

Some files in TEMP:
====================
C:\Users\dferrier\AppData\Local\Temp\7za.exe
C:\Users\dferrier\AppData\Local\Temp\aa.exe
C:\Users\dferrier\AppData\Local\Temp\clicky.exe
C:\Users\dferrier\AppData\Local\Temp\dllnt_dump.dll
C:\Users\dferrier\AppData\Local\Temp\handbrake-setup.exe
C:\Users\dferrier\AppData\Local\Temp\jre-8u121-windows-au.exe
C:\Users\dferrier\AppData\Local\Temp\utt2804.tmp.exe
C:\Users\dferrier\AppData\Local\Temp\utt3CF5.tmp.exe
C:\Users\dferrier\AppData\Local\Temp\VV.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-01-19 07:16

==================== End of FRST.txt ============================

 

[Dale Ferrier]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by dferrier (2017-01-26 23:00:07)
Running from C:\Users\dferrier\Desktop\malware removal
Windows 8.1 Pro (Update 1) (X64) (2015-11-17 17:39:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1717685655-2789524432-2867823966-500 - Administrator - Disabled)
dferrier (S-1-5-21-1717685655-2789524432-2867823966-1001 - Administrator - Enabled) => C:\Users\dferrier
Guest (S-1-5-21-1717685655-2789524432-2867823966-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
4nec2 full version 5.8.16 (HKLM-x32\...\4nec2_is1) (Version: - 4nec2@gmx.net (Use "4nec2 modeller" as the subject))
64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_1_0) (Version: 14.1.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Encore CS6 Library (HKLM-x32\...\{07E80932-FFB1-402D-9198-18C58EBAF216}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 Functional Content (HKLM-x32\...\{614020C8-2E16-4E16-A5F0-04DE2AB96097}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2015 (HKLM-x32\...\{8FD7F1DB-7355-469E-A3F2-2118148D8477}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.0.9.0 - RedFox)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BDOTomePatcher (HKLM-x32\...\BDOTomePatcher) (Version: - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cheetah Sync (HKLM-x32\...\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}) (Version: 1.5.1 - JRT Studio)
CHIRP (HKLM-x32\...\CHIRP) (Version: - )
CLANNAD (HKLM\...\Steam App 324160) (Version: - VisualArts/Key)
CloneBD (HKLM-x32\...\CloneBD) (Version: 1.1.2.0 - Elaborate Bytes)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
ColorChecker Passport 1.1.0 (HKLM-x32\...\ColorChecker Passport_is1) (Version: 1.1.0 - X-Rite)
ColorMunki Photo 1.1.1 (HKLM-x32\...\ColorMunki Photo_is1) (Version: - X-Rite)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 3 - Your Mom)
Creative Pack Volume 1 (HKLM\...\{3D1688AB-3440-4C7A-8CBB-5D77CD3C02D7}) (Version: 3.1.1 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.07 (HKLM-x32\...\{631D71FD-237F-4D74-B090-88E66FBC5A10}) (Version: 1.07.0000 - Pinnacle)
DDC Driver 1.5 (HKLM-x32\...\DDC Driver_is1) (Version: - )
DeviceManage (HKLM-x32\...\DeviceManage) (Version: - )
DVD Architect (HKLM-x32\...\{F3B2BFC0-76F2-11E6-B231-BB95F5A309BD}) (Version: 7.0.38 - VEGAS)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 10.0.1.9 (13/01/2017) (HKLM-x32\...\DVDFab 10_is1) (Version: - Fengtao Software Inc.)
DVDInfoPro 7.6.0.5 (HKLM-x32\...\DVDInfoPro_is1) (Version: - DVDInfoPro Elite)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.6.0 - Seiko Epson Corporation)
EZNEC Demo v. 6.0 (HKLM-x32\...\EZNEC_-6000_is1) (Version: 6.0 - EZNEC)
Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios)
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FileBot (HKLM\...\{36A3AA3A-1849-418B-A07D-1ABB5C909179}) (Version: 4.7.7 - Reinhard Pointner)
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Forté Agent (HKLM-x32\...\{9B867430-CF67-4989-A414-68DF625D5D15}) (Version: 8.00.1272 - Forté Internet Software, Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
FT-857 Programmer (HKLM-x32\...\{7B67EE40-5362-11E2-390C-10AB7E3B7E87}) (Version: 4.50.0.0 - RT Systems. Inc)
G4FON Koch Method Morse Trainer (HKLM-x32\...\G4FON Koch Method Morse Trainer) (Version: - )
Gear Watch Designer 1.1.1 (HKLM-x32\...\Gear Watch Designer) (Version: 1.1.1 - Samsung Electronics)
GT3_W64_VIP (HKLM-x32\...\ST6UNST #1) (Version: - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 1.0.0 (HKLM-x32\...\HandBrake) (Version: 1.0.0 - )
HDHomeRun (HKLM\...\{54F9A4D2-83CC-4169-BC4E-24F341E6AA8D}) (Version: 1.0.23228.0 - Silicondust)
HDHRFling (HKLM-x32\...\{4FBE6121-3BDF-49CC-B95D-E6EB83AF2CEA}_is1) (Version: 1.2.8.2 - HDHRFling.com)
Helicon Focus 6.6.1.0 (HKLM\...\Helicon Focus 6_is1) (Version: - Helicon Soft Ltd.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hollywood FX Volumes 1-3 (HKLM\...\{94F26E3B-100E-4C7B-B1F1-2F395128E848}) (Version: 2.1 - Corel Corporation)
Hotkey 3.16.29 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 3.16.29 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3995 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iSpy (64 bit) (HKLM\...\{23D18C2E-0A91-43C5-ADDE-42D4B5A4B6F9}) (Version: 6.5.8.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{62646e38-1498-4ba5-81ef-5f8edc95db78}) (Version: 6.5.8.0 - DeveloperInABox)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Just Learn Morse Code (HKLM-x32\...\{CBE3B17D-C988-4AF7-B84E-BEFF6F60BCC9}) (Version: 1.0.0.0 - Sigurd Stenersen)
Koi-Koi Japan [Hanafuda playing cards] (HKLM\...\Steam App 364930) (Version: - Zoo Corporation)
Kolor Autopano Pro 4.2 (HKLM\...\AutopanoPro4.2) (Version: V4.2.3 - Kolor)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lightroom Duplicate Finder 2 (HKLM-x32\...\{366C1420-AF2B-45BC-B1E9-09D2F7201E71}) (Version: 2.0.4317 - Jim Keir)
LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version: - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logos Bible Software (HKLM-x32\...\{248A5699-936A-4651-824F-5221EDEF5CB9}) (Version: 7.48.41 - Faithlife Corporation)
LOOT version 0.9.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.1 - LOOT Team)
LRTimelapse 4.5.1 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.5.1 - Gunther Wegner)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.65 (HKLM\...\MediaInfo) (Version: 0.7.65 - MediaArea.net)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
MKVToolNix 9.7.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.7.1 - Moritz Bunkus)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Movie Studio 13.0 (64-bit) (HKLM\...\{15C608B0-B5A5-11E6-858D-EF6B4CB4F8F1}) (Version: 13.0.208 - VEGAS)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
NewBlue Effects (HKLM\...\{C0C7CFFB-C0EF-4CB5-A83D-33626D67BAA7}) (Version: 1.0.1 - Corel Corporation)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
Newshosting (HKLM\...\{649F577B-BCA1-4EB1-B17F-6157F351E528}) (Version: 2.2.1 - Newshosting)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.1 - Black Tree Gaming)
Nmap 7.40 (HKLM-x32\...\Nmap) (Version: 7.40 - )
Npcap 0.78 r5 (HKLM-x32\...\NpcapInst) (Version: 0.78 r5 - Nmap Project)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NZBGet (HKLM-x32\...\NZBGet) (Version: - Andrey Prygunkov)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.0.2 - ON1)
ON1 Resize 10 (HKLM\...\ON1 Resize 10 PE) (Version: 10.5.1 - ON1)
Open 3D Model Viewer (HKLM-x32\...\{EBDFEC36-5277-454F-875B-F0AA2CDC3C92}) (Version: 1.10.0000 - Alexander Gessler)
Opti Drive Control 1.70 (HKLM-x32\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version: - Erik Deppe)
Outlook Google Calendar Sync (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\ae7ab5abd52d9711) (Version: 2.3.0.0 - Paul Woolcock)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Pavtube BDMagic Ver 4.8.6.8 (HKLM-x32\...\{322AED85-69CD-49E5-AA61-123707D9A80B}_is1) (Version: - )
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photomatix Pro version 5.1.2 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.1.2 - HDRsoft Ltd)
Pinnacle Studio 18 - Install Manager (HKLM\...\{39B53CC2-EE72-44E6-800D-C61A6465BF1A}) (Version: 18.0.234 - Corel Corporation)
Pinnacle Studio 18 - Standard Content Pack (HKLM\...\{DDBFA6BC-5756-465F-902A-5659F4EFBC6F}) (Version: 18.0 - Corel Corporation)
Pinnacle Studio 18 (HKLM\...\{11FB47FB-B341-4FD8-A505-E4C0CC0536C1}) (Version: 18.5.1.827 - Corel Corporation)
Pinnacle Studio 18 Add-Ons (x32 Version: 18.0 - Corel) Hidden
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Plex Media Server (HKLM-x32\...\{b17cb6c8-2d2a-4174-81d4-9583917706fc}) (Version: 1.2.0.3114 - Plex, Inc.)
Plex Media Server (x32 Version: 1.2.3114 - Plex, Inc.) Hidden
Qualcomm Atheros 11AC Drivers (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.451 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{FE6786D7-4CAD-47D9-9221-3782B0052992}) (Version: 1.1.49.1393 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
QuickLOAD (HKLM-x32\...\ST5UNST #2) (Version: - )
QuickLOAD-QuickTARGET Demo (HKLM-x32\...\ST5UNST #1) (Version: - )
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21255 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7363 - Realtek Semiconductor Corp.)
Reasonable NoClone 2014 (HKLM-x32\...\{A677B60C-9707-4D9C-AB9C-BF856A0832AC}) (Version: 6.1.45 - REASONABLE SOFTWARE HOUSE)
RogueKiller version 12.9.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.5.0 - Adlice Software)
SABnzbd 1.1.1 (HKLM-x32\...\SABnzbd) (Version: 1.1.1 - The SABnzbd Team)
ScoreFitter Volumes 1-2 (HKLM\...\{DAD8BCAC-30E7-4D1A-91F2-F3712F0E2555}) (Version: 2.1 - Corel Corporation)
SDK (x32 Version: 1.40.002 - Portrait Displays, Inc.) Hidden
Sentinel Runtime (HKLM-x32\...\{F3B75675-67AC-4349-8673-3AC0C29165C0}) (Version: 7.32.1.52786 - SafeNet Inc.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shroud of the Avatar: Forsaken Virtues (HKLM\...\Steam App 326160) (Version: - Portalarium)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Snagit 12 (HKLM-x32\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.4.1 - TechSmith Corporation) Hidden
Spam Reader 3.7 (HKLM-x32\...\{488AD2A7-1158-45D0-BDBD-B82AB6B6EDD3}}_is1) (Version: - LuxContinent LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (x32 Version: 1.2.3114 - Plex, Inc.) Hidden
Subnautica (HKLM\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.0 - Synaptics Incorporated)
Teekesselchen version 1.8 (HKLM-x32\...\{E20A5744-5ECD-49C5-8102-10CB0027DFCB}_is1) (Version: 1.8 - Michael Bungenstock)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
Title Extreme (HKLM\...\{C202FA8F-552B-4F7A-AB57-0B5B888E6BB5}) (Version: 2.1 - Corel Corporation)
Total Recorder 8.2 (HKLM-x32\...\TotalRecorder) (Version: - )
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 7.3.0.0 - Tordex)
Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software)
UltraEdit (HKLM-x32\...\{3EFB776D-32C0-4895-8D45-184C3F8BA337}) (Version: 23.00.0.59 - IDM Computer Solutions, Inc.)
UninstallDeviceDll 1.1 (HKLM-x32\...\UninstallDeviceDll_is1) (Version: - X-Rite)
UV-3R+ 1.11 (HKLM-x32\...\UV-3R+) (Version: - )
VEGAS Pro 14.0 (64-bit) (HKLM\...\{995C928F-BE54-11E6-B066-BE9B4130C4C9}) (Version: 14.0.211 - VEGAS)
VidCoder 1.5.34 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.34 - RandomEngy)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
Windows Driver Package - RT Systems RT CDM Driver Package (01/30/2016 2.12.08) (HKLM\...\44F74E9BE605C75BBD33EC4CA829BECAFE4B8630) (Version: 01/30/2016 2.12.08 - RT Systems)
Windows Driver Package - RT Systems RT CDM Driver Package (01/30/2016 2.12.08) (HKLM\...\AD6D814F58FF742D1ABBBDFC9760CF33549296C8) (Version: 01/30/2016 2.12.08 - RT Systems)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Winsome File Renamer version 8.0 (HKLM-x32\...\{C84B0B73-760A-4604-B723-28F46A34F924}_is1) (Version: 8.0 - Winsome Technologies)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Converter Ultimate(Build 9.0.0.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.0.4 - Wondershare Software)
X-Rite Device ColorMunki Service (HKLM-x32\...\{EAEFA1B2-64E3-4B8E-942F-F57A73BC1CAE}_is1) (Version: 1.0 - X-Rite Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

22-01-2017 00:26:00 Installed DirectX
26-01-2017 08:17:29 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04AF43E1-5992-46E1-A421-CAEB78D602FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {07859E64-F64C-47AE-BC80-C7F8B244F9D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {08E25909-D143-4D1E-9679-BB7E229FD1F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {23DEC8A0-F76B-40B7-870B-273F49335C6A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {3A8B9590-E7B0-438A-877C-84620E14E6AA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1717685655-2789524432-2867823966-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {40FC9D59-87CA-4849-9AAA-D66DEEFC4E27} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {513B8820-0932-4FB0-8C49-E2890EC86E13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {6269FCDD-320E-4972-BADB-ED22EDD1A4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {8C94544D-D3C2-487F-A90C-C972EE756221} - System32\Tasks\{11F1210D-889E-45D1-A067-4DEE800F4341} => Firefox.exe http://ui.skype.com/ui/0/7.23.0.105/en/eula?source=lightinstaller
Task: {9B463CFB-B6CF-4460-BA25-7E1E59643ACD} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {D0E97515-001A-43E8-A2D5-E34C114E32FD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-09] (Synaptics Incorporated)
Task: {EEFC7926-55D9-412B-80C7-CB79A17D4F9C} - System32\Tasks\AdobeAAMUpdater-1.0-lt3-dferrier => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-11-17 12:11 - 2015-02-05 13:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-13 13:10 - 2017-01-13 13:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-10-25 08:57 - 2016-10-25 08:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-16 06:41 - 2016-12-28 11:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-14 20:30 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-03-30 06:27 - 2016-03-30 21:00 - 00147968 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2017-01-26 06:36 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-26 06:36 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-26 06:36 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-02-20 12:32 - 2009-10-23 09:26 - 01921024 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
2014-09-29 18:51 - 2014-09-29 18:51 - 00074664 _____ () C:\Program Files (x86)\RedFox\AnyDVD\ADvdDiscHlp64.exe
2014-12-11 00:53 - 2014-12-11 00:53 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-12-07 19:53 - 2016-12-07 19:53 - 00083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-12-07 19:52 - 2016-12-07 19:52 - 00203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-02-20 12:31 - 2008-09-03 16:12 - 02592768 _____ () C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\colormunki.dll
2015-11-26 21:58 - 2016-12-23 12:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-26 21:58 - 2016-08-31 19:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-26 21:58 - 2017-01-18 19:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-26 21:58 - 2016-08-31 19:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-26 21:58 - 2016-08-31 19:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-26 21:58 - 2016-01-27 01:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-26 21:58 - 2017-01-18 19:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-15 14:03 - 2016-07-04 16:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-20 12:32 - 2009-10-22 14:33 - 07053312 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtGui4.dll
2016-02-20 12:32 - 2009-10-22 14:33 - 01970176 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtCore4.dll
2016-02-20 12:32 - 2009-10-22 14:29 - 00131072 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qjpeg4.dll
2016-02-20 12:32 - 2009-10-22 14:29 - 00278528 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qtiff4.dll
2016-10-25 09:51 - 2016-10-25 09:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-14 20:30 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-01-14 20:30 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-08-14 10:57 - 2015-08-14 10:57 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2015-08-14 10:57 - 2015-08-14 10:57 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2017-01-13 13:10 - 2017-01-13 13:10 - 00048304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-03-20 13:43 - 2014-03-20 13:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-12 00:08 - 2016-10-12 00:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 00:08 - 2016-10-12 00:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 09:49 - 2016-10-25 09:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 00:08 - 2016-10-12 00:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-14 09:22 - 2017-01-04 21:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-11-26 21:58 - 2017-01-18 19:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-10-10 22:15 - 2016-10-10 22:15 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-10 22:15 - 2016-10-10 22:15 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-10-10 22:15 - 2016-10-10 22:15 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-10 22:17 - 2016-10-10 22:17 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-25 09:41 - 2016-10-25 09:41 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-10 22:14 - 2016-10-10 22:14 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2016-10-10 22:14 - 2016-10-10 22:14 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-23 12:11 - 2016-12-23 12:11 - 05929040 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\AdobePDFMakerX.dll
2016-09-16 06:37 - 2016-09-16 06:38 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2016-09-16 06:37 - 2016-12-28 05:34 - 01010368 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\dferrier\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:FCd64RTDrYFRI1Z2H
AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:ZQlWOHOCr4RpyJvmfbdcOEoqh5jNv

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "CBSpoolDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"

 

[Dale Ferrier]

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16D2996D-1DBD-4BE7-94B6-D230F911936B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48CA8B7E-98FB-4018-845B-978FC99E3E3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{09DB9EE8-6775-4CE2-BDBD-AC92E3D8DD90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BFECA2F3-7C77-4FD4-BA55-E0A96A15B403}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A298252D-BD4B-4B53-B388-5E08F9D4A095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FA271D0-4AE6-4457-B867-6F83E7851308}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6A799B31-3D83-4823-B0C4-5765C4B1CF36}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{5FC55606-97F1-4B96-B3C7-1DCD54608DA2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{B0A1B7B3-C8B6-4490-B905-5B46AD4B1A86}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{6CA20B68-7AF4-46F6-85E8-2C569196254B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{A2CAE719-B1E4-4381-BF33-B69B09EA71F8}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{153B5C29-9162-4A82-96DC-14930B828294}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{63085810-2923-4460-B9BB-52C50E34E025}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{1A5FDCF6-6901-4E80-B5B3-0EDDE1E4E233}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{1896014D-DD6B-45AF-B985-60FE45093616}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{6109A1BD-121B-45AF-928D-D2F0AB51141E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{56D5CD78-765B-46F4-8B6F-35275E539744}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{98B4702E-5142-4891-8E54-1E6E846187B9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{426B5EEC-50F9-4338-9832-9160A8A76FCE}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{7EC486D3-ABD2-4D8D-A087-E20813F228E3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{6BDBA6EA-8C26-4265-BB45-D7040063BC0C}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{CCE590DF-4F57-4361-8EA8-1802B2754155}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{DA90B094-F089-4ED4-BC60-2A42BFE4596E}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{E7F65E1F-1D28-4FF7-87E3-313846D42BB3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{B34630D5-CF48-4DFC-99B3-09E360A7C91B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{938FCA39-C276-4671-8927-9E48B070C60F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E93DEC02-89BC-4215-A333-F3617A375629}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75420B98-3A0D-4C40-B6B1-F4480A6BD0D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F86A86D-5B00-48F7-91CD-B5F496BA5343}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{39ACF385-492B-407E-BA05-1C9F4EE3C4C7}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{42D586D0-72F4-4EF6-8795-6FAB128718E4}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{E6C08C26-6090-45F2-A634-00339D25F9DB}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{0D19A34E-F638-4A8E-8FEC-0E9972272437}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{42ABCFB2-F6D3-4DD4-AB3C-9C57C701B99A}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{1980903B-EAE0-42EF-80AA-2E5184E569C7}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{DA8EF29B-55FD-4A31-9460-977EF94EDB5A}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [UDP Query User{693A5210-1F24-410B-AF4B-68FA0FC1F9D0}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [{84432AA8-5321-4F87-AAC4-B791119FDDDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe
FirewallRules: [{DA4962ED-1BA0-4F96-903D-FC9EC2CF5CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe
FirewallRules: [{0E0661C7-6A8E-4AB3-A547-100A4423A7ED}] => (Allow) LPort=8298
FirewallRules: [TCP Query User{DA6E4BCF-3802-43C1-9F72-9BB2251DD2D8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B3E721A0-BC6F-4096-9699-BFA31223864D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{9C31F3C2-BD9B-4CE7-9C8B-A5DD292B919D}C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe] => (Allow) C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe
FirewallRules: [UDP Query User{9E9C6D6C-3355-48DB-B910-3F9A94C115A8}C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe] => (Allow) C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe
FirewallRules: [TCP Query User{4DC8ECBB-C79A-481B-96F0-CF2FAF40107B}C:\program files\onone software\perfect resize 9\perfect resize 9.exe] => (Allow) C:\program files\onone software\perfect resize 9\perfect resize 9.exe
FirewallRules: [UDP Query User{9D8A3AF9-616D-451C-9F4D-6A2B471B188F}C:\program files\onone software\perfect resize 9\perfect resize 9.exe] => (Allow) C:\program files\onone software\perfect resize 9\perfect resize 9.exe
FirewallRules: [TCP Query User{F219A285-7DEF-43BE-B441-65DC3B3E5000}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [UDP Query User{224254F8-DC22-4CA3-B4D8-92C78AD52685}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [{904EA697-DF81-42D7-B40A-98ADD4ECF003}] => (Allow) LPort=5454
FirewallRules: [{8553CAF3-5AE6-4014-9561-4E09FA7D16B4}] => (Allow) LPort=5454
FirewallRules: [TCP Query User{88AAEA31-DA24-4E43-9606-DA4FAAAF50EA}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [UDP Query User{EB071DDC-B06F-4AD6-828E-48A8C39A9826}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [TCP Query User{1ECB6B45-BD7F-49A2-B93F-33167E20443D}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{26048747-0F61-4C75-B113-BB537A79819E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{9C57C1E1-86E0-4D50-9F37-08AA0B0366A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D0597EDE-F70A-48E5-9FD1-D022EF189658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{373BC15B-7B8E-4504-AB0A-3A189B84BD33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{95DF81D5-E675-4C55-BD21-6814C721ABF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [TCP Query User{ECC9E33E-31B8-499C-ABF4-089320047E51}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{23581F29-6D34-41A6-AAB0-76FEF35EF0E3}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [TCP Query User{873723AF-1950-4F79-A3D7-DBFE4C7949AF}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{9E7BA8F0-7F50-4012-8966-C729913A13B9}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{32BF37FC-EC1E-4EDB-984E-72C25B25D522}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\bin\BlackDesert32.exe
FirewallRules: [{9E246989-B8FC-4A18-BAE9-85632C609C76}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\bin64\BlackDesert64.exe
FirewallRules: [{6F34F171-547E-4C5F-B2AB-CE8F8614EDBF}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\BlackDesert_Launcher.exe
FirewallRules: [{5C9090BB-8FEF-4FB0-A7AD-B63991611C39}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\BlackDesert_Downloader.exe
FirewallRules: [TCP Query User{D811B7D8-49AB-4F16-B4E1-2F98B724B172}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{09CC7A38-FD61-48F1-9BC9-F2AC3B649CE1}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{4218852E-C488-486B-867B-07C05EF91461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{4E19223F-94B5-450A-8CED-5BCAEF29F167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{F48ECE11-D2D3-4C69-A5DB-7930FC30490B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CLANNAD\RealLiveEn.exe
FirewallRules: [{088D6C6A-2A57-4086-9C41-7A338010E125}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CLANNAD\RealLiveEn.exe
FirewallRules: [TCP Query User{BF34EFEA-8DBA-4D0B-9BA7-26EF154C2388}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E7D64A9B-BE9B-4997-8470-E8C313087C72}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{E60A090C-6355-4484-A9DC-6C7FFEC74F3F}C:\users\dferrier\desktop\ab analytics\app\abm_win.exe] => (Allow) C:\users\dferrier\desktop\ab analytics\app\abm_win.exe
FirewallRules: [UDP Query User{A8749EF5-387E-4A33-BE63-D130EABB6F5F}C:\users\dferrier\desktop\ab analytics\app\abm_win.exe] => (Allow) C:\users\dferrier\desktop\ab analytics\app\abm_win.exe
FirewallRules: [TCP Query User{90727535-0C3C-40F3-BB76-9CC07EF2FC90}C:\program files (x86)\ab analytics\app\abm_win.exe] => (Allow) C:\program files (x86)\ab analytics\app\abm_win.exe
FirewallRules: [UDP Query User{6853FBBE-BB65-42AD-BAA3-78882938C813}C:\program files (x86)\ab analytics\app\abm_win.exe] => (Allow) C:\program files (x86)\ab analytics\app\abm_win.exe
FirewallRules: [{3504DD83-009E-4784-B6F3-2EC10DB263CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A09FA166-0EB1-4392-BA66-148EFC163813}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{37EA56F0-525E-43EA-B70D-CAB90B8C7399}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe
FirewallRules: [UDP Query User{0CC49148-60AD-471F-B781-A0BB0FF14B21}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe
FirewallRules: [TCP Query User{E270C79B-0A0F-4D15-929C-E453B72B7095}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [UDP Query User{EC25287C-562D-4B45-83DF-AA7FD1043364}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [TCP Query User{8A03314C-9B4A-42B8-9176-D65465A9F544}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [UDP Query User{5DE374D0-B9BC-47D4-8348-9DB714C8B327}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [{CDE0FDA7-FDFD-4977-8E9D-467CCECA8A0C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{FDFB6F1C-84A0-4107-9030-82AFCB69D8F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{70B4C7F8-55DD-49C4-A1D6-CA84E6245AE5}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{3482E17F-5E10-438A-86AD-9228B55D5751}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{FDDA3A4B-C648-4774-A60B-B6AAB8741533}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{FE56C383-289D-4CD2-A000-68EDD2F78102}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{F8AF5C7C-223C-4FB8-A240-5516607C0CE7}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{5B8B60C9-50E5-4A55-A3A1-07499530FC25}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [TCP Query User{C5A3841E-1C92-4626-9DB9-54C2058C58C5}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [UDP Query User{FE50F1BD-9F31-4E60-866E-91A25DA3F538}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [TCP Query User{5367F2C6-CC2A-404A-B10B-6F707BF4EAA8}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [UDP Query User{CADE46A5-27C3-412A-A0C8-B64B5F1C1175}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [TCP Query User{04330347-CF6B-43AC-85E1-A4A096DCBF61}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{1545A64E-70B7-482F-9602-02E64498FA21}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{8209AA52-7FAD-4160-A602-7DC71036B15D}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{4F030ABC-5ADE-4062-9B63-38909E2955D8}C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe] => (Allow) C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe
FirewallRules: [UDP Query User{83FC594C-4479-4854-B813-6F4A5D667BC2}C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe] => (Allow) C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe
FirewallRules: [{9A70AE86-59BF-415F-9173-3EF07CDF3457}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3AF5E882-9B1A-4C7B-80A9-7E1DD56EC6C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{8D2DD1F4-C138-458A-9FAD-B8CD1E0070E2}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{20CB1257-3144-4157-B8D2-CD71E56EE48A}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{B84E0CD0-F26F-44F4-9813-CC03653475F1}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{DD2910B1-6358-4FA8-A132-E5CCE94D19C8}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7593C432-C542-4FE7-9B5F-8FEFA6FD112B}] => (Allow) D:\SteamLibrary\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [{4EC32183-37B3-4C40-B0B9-730ADF483CBE}] => (Allow) D:\SteamLibrary\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [TCP Query User{310A6EA1-00D4-46DA-8057-613BCA0252E2}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [UDP Query User{0BDDC79B-4494-45D5-B3E7-8DC76DDDD782}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [{53672316-BF56-4C8D-9F1C-84F583A06C28}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{2B4B8406-0BD6-47B6-B0BC-D21839E9AE6F}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{3C2BD30A-B611-4D0C-8BD8-A5F5C672390A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A4E703A6-2670-4C7E-A8D4-523E9ACCFE4F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{B9A86027-466C-47E6-BE93-D3542865F499}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E64BE649-256B-4126-A97B-E18730BE43B0}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{BA606B12-DBE0-4ECF-A120-4608489C4039}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{17CC1584-608E-4DF5-9CCF-84EF213C12D4}C:\program files (x86)\devicemanage\devicemanage.exe] => (Allow) C:\program files (x86)\devicemanage\devicemanage.exe
FirewallRules: [UDP Query User{1C9702D8-B1CA-4B22-B95A-C668C1F1B90D}C:\program files (x86)\devicemanage\devicemanage.exe] => (Allow) C:\program files (x86)\devicemanage\devicemanage.exe
FirewallRules: [{CBFD16CD-AADC-48B2-BEB1-045EF3B9585F}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{02D6E52F-26D5-4A17-A03F-BC661124FCA2}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{F23B4565-D778-4566-9F58-DEE308CA9737}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{26F7C2FC-FF1E-4B7C-A699-28B9DC267C1F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{5B50EE71-0654-4970-A095-2BBC48F9D844}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{5620F317-41A6-4B26-AD45-57AC531142AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{029F1161-AF8D-4E32-92E6-532CF219401A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{A62ECB2B-DEC7-40B2-B523-A6BFD6F7FC75}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [UDP Query User{98837384-13EE-4684-B1A8-F4533E4B8A78}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [TCP Query User{A5AE49CF-AC02-436D-8147-E2BF4F6E80D2}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [UDP Query User{D7F793A1-4643-430D-80CC-34C6C8953DB0}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [TCP Query User{378D5BB5-08AC-4B5C-A487-011782B9F91F}C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [UDP Query User{A1A541D3-9858-4E79-9534-B7801E3C05BD}C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [{924BD1A1-C9D6-4F1D-8A4C-6D9AC68CDF66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{44B47DE2-4BC1-4E15-99CB-6DD08B54DADF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AA9944F1-8DEE-4A2D-8C01-094DA940F305}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33CB5796-85CF-4068-B5BE-2AE0CFBAF023}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F48B7BF-569F-4532-B8BF-92617FA36745}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{758082BC-1C7D-4F4A-BAC9-34988AD6D6CA}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C27B00D-8B16-4133-9F50-6FD18E35253E}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3A2FD084-3369-40EA-85FF-D53EFE0D0752}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B7A603D9-F55F-48C1-8C46-882CC9CE6C1A}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [UDP Query User{A3F30B3B-F854-4BF2-A452-79736390F00B}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [TCP Query User{D5E0F362-DF11-4EDD-A8E8-68107ECC83AA}C:\program files (x86)\hdhrfling\hdhrfling.exe] => (Allow) C:\program files (x86)\hdhrfling\hdhrfling.exe
FirewallRules: [UDP Query User{73380196-9F2C-42EB-8E2E-45FF1F58A4A6}C:\program files (x86)\hdhrfling\hdhrfling.exe] => (Allow) C:\program files (x86)\hdhrfling\hdhrfling.exe
FirewallRules: [{BBDB8760-1898-4E33-B37D-08B60BE2B053}] => (Allow) LPort=9090
FirewallRules: [{AF434A2A-BACE-4C82-908D-2015240F1F79}] => (Allow) LPort=9090
FirewallRules: [{E6A88D76-2FB6-4370-9D53-13DA38B5FA18}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_view.exe
FirewallRules: [{73E49EC7-82B2-4578-A07B-CF97E38E027F}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{EDC1255A-D474-4149-ADD5-58DAC489492D}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_nas_install.exe
FirewallRules: [{8DF94F46-7E78-44F6-964C-59C39297E2C0}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe
FirewallRules: [{23784516-75A1-4503-B40B-82CEE4E82583}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{DDF88BA8-ADA3-46A0-888F-56311859FF85}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{6D55155F-7536-40E3-AC89-D5807011BECB}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{400AC135-F7C3-48AA-B343-2B0794CB8D60}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe
FirewallRules: [UDP Query User{13F4FC21-1867-48C3-8684-E8A935BED181}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe
FirewallRules: [{5F05E3B9-165F-4943-8164-2DFDEA51D436}] => (Allow) LPort=9090
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

Name: Npcap Loopback Adapter
Description: Microsoft KM-TEST Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kmloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Killer Wireless-n/a/ac 1525 Wireless Network Adapter
Description: Killer Wireless-n/a/ac 1525 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: Qcamain
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2017 07:22:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Premiere Pro.exe, version: 11.0.2.47, time stamp: 0x5876029b
Faulting module name: GROOVEEX.DLL, version: 16.0.7571.7095, time stamp: 0x5863d23d
Exception code: 0x011d91d0
Fault offset: 0x00000000000c1d82
Faulting process id: 0x26a8
Faulting application start time: 0xAdobe Premiere Pro.exe0
Faulting application path: Adobe Premiere Pro.exe1
Faulting module path: Adobe Premiere Pro.exe2
Report Id: Adobe Premiere Pro.exe3
Faulting package full name: Adobe Premiere Pro.exe4
Faulting package-relative application ID: Adobe Premiere Pro.exe5

Error: (01/26/2017 08:18:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe CEF Helper.exe, version: 3.9.1.335, time stamp: 0x580f9487
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x551bdc44
Exception code: 0xc0000005
Fault offset: 0x00444106
Faulting process id: 0x1888
Faulting application start time: 0xAdobe CEF Helper.exe0
Faulting application path: Adobe CEF Helper.exe1
Faulting module path: Adobe CEF Helper.exe2
Report Id: Adobe CEF Helper.exe3
Faulting package full name: Adobe CEF Helper.exe4
Faulting package-relative application ID: Adobe CEF Helper.exe5

Error: (01/26/2017 08:17:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/26/2017 03:59:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/26/2017 03:57:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:58:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:44:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:41:46 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:31:46 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2017 09:03:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/26/2017 09:52:06 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CATWOMAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{736478E9-51BE-4D47-993A-F99B5F526DCB}.
The master browser is stopping or an election is being forced.

Error: (01/26/2017 08:59:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (01/26/2017 08:59:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Network Inspection Service service failed to start due to the following error:
%%577

Error: (01/26/2017 08:58:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (01/26/2017 08:58:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Network Inspection Service service failed to start due to the following error:
%%577

Error: (01/26/2017 08:18:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2017 08:18:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2017 07:52:12 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/26/2017 07:51:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2017 07:51:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-01-26 08:59:38.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-26 08:59:33.927
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-26 08:58:58.169
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-26 08:58:53.134
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-26 04:27:27.077
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-26 04:27:27.041
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-26 04:27:26.975
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 21:32:40.724
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 21:32:40.677
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 21:32:40.584
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 15%
Total physical RAM: 32652.39 MB
Available physical RAM: 27617.95 MB
Total Virtual: 65420.39 MB
Available Virtual: 59988.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:34.5 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:222.46 GB) NTFS
Drive e: (AKK_ORANGE_PT1) (CDROM) (Total:3.51 GB) (Free:0 GB) UDF
Drive j: (My Passport 4) (Fixed) (Total:3725.99 GB) (Free:636.72 GB) NTFS
Drive k: (WONDER_WOMAN_SEASON_1) (CDROM) (Total:5.44 GB) (Free:0 GB) UDF
Drive l: (WONDER_WOMAN_SEASON_1) (CDROM) (Total:5.57 GB) (Free:0 GB) UDF
Drive m: (WONDER_WOMAN_SEASON_1) (CDROM) (Total:6.37 GB) (Free:0 GB) UDF
Drive o: (WONDER_WOMAN_SEASON_2) (CDROM) (Total:6.37 GB) (Free:0 GB) UDF
Drive t: (My Passport) (Fixed) (Total:931.48 GB) (Free:29.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3A411564)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88C10745)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.