Inactive Seeing an unexplained dos box popup

[Dale Ferrier]

I see this momentary dos box popup and then it disappears before I can tell what it is doing. I can't determine what it is or where it came from.

Here are the farbar logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by dferrier (administrator) on LT3 (26-06-2017 22:42:29)
Running from C:\Users\dferrier\Desktop\malware removal\farbar
Loaded Profiles: dferrier (Available Profiles: dferrier)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_wmc_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Tordex) C:\Program Files\TrueLaunchBar\tlbHost.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(JRT Studio LLC) C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft(R) Corporation) C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_131\bin\javaw.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(RedFox) C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\RedFox\AnyDVD\ADvdDiscHlp64.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe
(HandBrake Team) C:\Program Files\HandBrake\HandBrake.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [HDHRFling] => C:\Program Files (x86)\HDHRFling\HDHRFling.exe [5553664 2015-07-16] (HDHRFling.com)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [CBSpoolDaemon] => "C:\Program Files (x86)\ImagePrint\spool\mux\muxd.exe"
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [525352 2016-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [tlbHost] => C:\Program Files\TrueLaunchBar\tlbHost.exe [560312 2015-10-03] (Tordex)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Reasonable NoClone] => [X]
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-01] (Valve Corporation)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\RedFox\AnyDVD\AnyDVDtray.exe [11116544 2017-06-20] (RedFox)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [Outlook Google Calendar Sync] => C:\Users\dferrier\AppData\Local\Apps\2.0\L8RQ2D3X.G1A\7GRZB6CY.0DV\outl..tion_a30846ba3587a523_0002.0004_d79036ab77ef318b\OutlookGoogleCalendarSync.exe [851968 2017-05-10] (Paul Woolcock)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\RunOnce: [Uninstall C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\MountPoints2: {e21ce5d1-97ae-11e6-827a-c03896838b48} - "I:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [Reasonable NoClone] => "C:\Program Files (x86)\Reasonable NoClone 2011 Enterprise\NoClone.exe" null /startup
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk [2016-02-20]
ShortcutTarget: ColorMunki Gamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Gamma\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunkiPhotoTray.exe.lnk [2016-02-20]
ShortcutTarget: ColorMunkiPhotoTray.exe.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-11-17]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{71ACF663-CC95-429F-8C5C-0A1DC4EE8E78}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-12-28]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cheetah Sync.lnk [2015-12-19]
ShortcutTarget: Cheetah Sync.lnk -> C:\Users\dferrier\AppData\Roaming\Microsoft\Installer\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}\_57396F6D95A618E977BED0.exe ()
Startup: C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2016-05-03]
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{09CBD398-74E7-49A5-A567-432F6F45A3AD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{736478E9-51BE-4D47-993A-F99B5F526DCB}: [NameServer] 8.8.8.8,8.8.4.4,192.168.25.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-24] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-09] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-24] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-09] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-09] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-09] (LastPass)
DPF: HKLM-x32 {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://192.168.25.250/web.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\gs7v3iqm.default [2017-06-26]
FF Extension: (Free Download Manager extension) - C:\Users\dferrier\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\fdm_ffext@freedownloadmanager.org [2016-12-13]
FF Extension: (DownThemAll!) - C:\Users\dferrier\AppData\Roaming\Mozilla\Firefox\Profiles\gs7v3iqm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-05-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-20] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-09] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-09] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-11-26] (Qualcomm Atheros) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4621632 2015-04-14] (SafeNet Inc.)
S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [255936 2016-11-19] ()
R2 HDHomeRun WMC Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_wmc_service.exe [33216 2016-11-19] (Silicondust USA Inc)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [246272 2014-10-29] (Insyde Software Corp.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-03-28] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [24064 2014-12-05] (CLEVO CO.) [File not signed]
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [386560 2014-12-11] (Qualcomm Atheros) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-26] (Insyde Corporation)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2015-04-14] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [304296 2017-05-10] (Alcohol Soft Development Team)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-11-19] (Qualcomm Atheros, Inc.)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [119680 2017-03-08] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [89792 2017-03-08] (Future Technology Devices International Ltd.)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [41160 2014-10-29] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [40136 2014-10-29] (Insyde Software Corp.)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R1 MpKslfedbde4a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69A62411-B280-4E14-8837-A94D90F6D167}\MpKslfedbde4a.sys [44928 2017-06-06] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2286080 2014-11-26] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [502488 2014-05-07] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-09] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-09-29] (Duplex Secure Ltd.)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows (R) Win 7 DDK provider)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2015-05-24] (Seiko Epson Corporation)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [121424 2010-10-14] (High Criteria inc.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [38168 2016-12-02] (CyberLink Corp.)
S3 akshasp; \SystemRoot\system32\DRIVERS\akshasp.sys [X]
S3 aksusb; \SystemRoot\System32\drivers\aksusb.sys [X]
U4 npcap_wifi; no ImagePath
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 22:24 - 2017-06-26 22:24 - 00000000 ____D C:\Users\dferrier\Documents\Larian Studios
2017-06-26 18:54 - 2017-06-26 18:54 - 00000000 ____D C:\Users\dferrier\AppData\Local\assistant
2017-06-26 09:40 - 2017-06-26 09:40 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignfa540e18037a3bb7
2017-06-26 09:24 - 2017-06-26 09:24 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign578bcde46b2f4cc1
2017-06-26 09:24 - 2017-06-26 09:24 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign1357166ce04a90bf
2017-06-26 09:23 - 2017-06-26 09:23 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsigndb9fe1e7f1504d62
2017-06-26 09:23 - 2017-06-26 09:23 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign96c0381969e20bb1
2017-06-26 09:23 - 2017-06-26 09:23 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign651287fc3c066038
2017-06-25 20:48 - 2017-06-25 20:48 - 00000222 _____ C:\Users\dferrier\Desktop\Divinity Original Sin Enhanced Edition.url
2017-06-25 20:37 - 2017-06-25 20:37 - 00000222 _____ C:\Users\dferrier\Desktop\NieRAutomata.url
2017-06-25 15:23 - 2017-06-25 15:23 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign25d1fc99f9022722
2017-06-25 15:22 - 2017-06-25 15:22 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign286af6eabb30d5eb
2017-06-25 15:21 - 2017-06-25 15:21 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignba4c71fe9b4f06e9
2017-06-25 15:21 - 2017-06-25 15:21 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign5ee866bb11f640f3
2017-06-25 15:21 - 2017-06-25 15:21 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign0dd32c54eab861a7
2017-06-25 14:58 - 2017-06-25 14:58 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign364f1b7a0d04b681
2017-06-25 14:57 - 2017-06-25 14:57 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign6ea42baa4cd384b0
2017-06-25 14:56 - 2017-06-25 14:56 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign4fb6f498e6e2adb4
2017-06-25 14:56 - 2017-06-25 14:56 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign1177dc734c3853e3
2017-06-25 14:51 - 2017-06-25 14:51 - 00001909 _____ C:\Users\Public\Desktop\Agisoft PhotoScan Standard (64 bit).lnk
2017-06-25 14:51 - 2017-06-25 14:51 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Agisoft
2017-06-25 14:51 - 2017-06-25 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agisoft
2017-06-25 14:51 - 2017-06-25 14:51 - 00000000 ____D C:\Program Files\Agisoft
2017-06-25 14:21 - 2017-06-25 14:23 - 00000000 ____D C:\Users\dferrier\Documents\reo speedwagon tickets
2017-06-25 14:21 - 2017-06-25 14:21 - 00000000 ____D C:\Users\dferrier\Documents\New folder
2017-06-24 18:28 - 2017-06-24 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CraftWare 1.14
2017-06-24 18:28 - 2017-06-24 18:28 - 00000000 ____D C:\Program Files (x86)\CraftWare
2017-06-24 17:36 - 2017-06-24 17:36 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\cura
2017-06-24 17:35 - 2017-06-24 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cura
2017-06-24 17:35 - 2017-06-24 17:35 - 00000000 ____D C:\Program Files\Cura 2.6
2017-06-23 17:50 - 2017-06-23 17:50 - 00000146 _____ C:\Users\dferrier\Desktop\Sound - Shortcut.lnk
2017-06-19 22:50 - 2017-06-24 17:36 - 00000000 ____D C:\Users\dferrier\AppData\Local\cura
2017-06-19 22:45 - 2017-06-24 17:34 - 00000000 ____D C:\Program Files\Cura 2.5
2017-06-19 14:03 - 2017-06-19 14:03 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsignb0ff42b22ad0a776
2017-06-19 14:03 - 2017-06-19 14:03 - 00000000 ____D C:\Users\dferrier\AppData\Local\Tempzxpsign3325c6ac85272be3
2017-06-19 13:23 - 2017-06-19 13:48 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\FreeCAD
2017-06-19 13:23 - 2017-06-19 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.16
2017-06-19 13:18 - 2017-06-19 13:22 - 00000000 ____D C:\Program Files\FreeCAD 0.16
2017-06-19 12:43 - 2017-06-19 12:43 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-06-19 12:14 - 2017-06-19 12:14 - 00001000 _____ C:\Users\dferrier\Desktop\Adobe Lightroom.lnk
2017-06-19 12:14 - 2017-06-19 12:14 - 00001000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2017-06-19 11:52 - 2017-06-19 11:52 - 00001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-19 11:52 - 2017-06-19 11:52 - 00001233 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-06-18 22:03 - 2017-06-18 22:03 - 00002205 _____ C:\Users\dferrier\AppData\Local\recently-used.xbel
2017-06-17 12:13 - 2017-06-17 12:13 - 07075640 _____ (Tim Kosse) C:\Users\dferrier\Downloads\FileZilla_3.26.2_win64-setup.exe
2017-06-16 10:37 - 2017-06-16 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2017-06-10 12:19 - 2017-06-10 12:19 - 1153990656 _____ C:\Users\dferrier\Downloads\The Quiet Man (1952) -.mkv
2017-06-10 12:18 - 2017-06-01 12:36 - 201645046 _____ C:\Users\dferrier\Downloads\The Making of The Quiet Man-featurette.mkv
2017-06-10 12:12 - 2017-06-10 12:13 - 07070840 _____ (Tim Kosse) C:\Users\dferrier\Downloads\FileZilla_3.26.1_win64-setup.exe
2017-06-09 18:18 - 2017-06-13 09:33 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MuseScore
2017-06-09 18:18 - 2017-06-09 18:18 - 00001069 _____ C:\Users\dferrier\Desktop\MuseScore 2.lnk
2017-06-09 18:18 - 2017-06-09 18:18 - 00000000 ____D C:\Users\dferrier\Documents\MuseScore2
2017-06-09 18:18 - 2017-06-09 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2017-06-09 18:18 - 2017-06-09 18:18 - 00000000 ____D C:\Users\dferrier\AppData\Local\MuseScore
2017-06-09 18:18 - 2017-06-09 18:18 - 00000000 ____D C:\Program Files (x86)\MuseScore 2
2017-06-05 21:32 - 2017-06-07 23:12 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Ultra Fractal 5
2017-06-05 21:32 - 2017-06-05 21:32 - 00001971 _____ C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultra Fractal Server 5.04.lnk
2017-06-05 21:32 - 2017-06-05 21:32 - 00001955 _____ C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultra Fractal 5.04.lnk
2017-06-05 21:32 - 2017-06-05 21:32 - 00001925 _____ C:\Users\dferrier\Desktop\Ultra Fractal 5.04.lnk
2017-06-05 21:32 - 2017-06-05 21:32 - 00000000 ____D C:\Users\dferrier\Documents\Ultra Fractal 5
2017-06-05 21:32 - 2017-06-05 21:32 - 00000000 ____D C:\Program Files (x86)\Ultra Fractal 5
2017-06-02 22:41 - 2017-06-02 22:41 - 00001113 _____ C:\Users\dferrier\Desktop\Acrosync.lnk
2017-06-02 22:41 - 2017-06-02 22:41 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrosync
2017-06-02 22:41 - 2017-06-02 22:41 - 00000000 ____D C:\Users\dferrier\AppData\Local\Acrosync
2017-06-01 12:51 - 2017-06-01 12:51 - 106528394 _____ C:\Users\dferrier\Downloads\plexmediaserver-1.7.2.3878-8088811b8.x86_64.rpm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 22:42 - 2016-05-26 20:05 - 00000000 ____D C:\FRST
2017-06-26 22:41 - 2017-01-25 22:20 - 00000000 ____D C:\Users\dferrier\Desktop\malware removal
2017-06-26 22:35 - 2016-11-20 20:09 - 00000000 ____D C:\Users\dferrier\AppData\LocalLow\Mozilla
2017-06-26 22:27 - 2015-11-17 15:50 - 00025600 _____ C:\Users\dferrier\Documents\Joebob.xlsx
2017-06-26 22:27 - 2015-11-17 13:49 - 00000000 ____D C:\Users\dferrier\Documents\email
2017-06-26 22:25 - 2015-12-28 09:13 - 00000000 ____D C:\Users\dferrier\AppData\Local\CrashDumps
2017-06-26 22:24 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-26 21:13 - 2016-12-13 21:29 - 00000000 ____D C:\Users\dferrier\AppData\Local\Free Download Manager
2017-06-26 14:07 - 2015-11-21 09:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Adobe
2017-06-26 12:59 - 2017-04-21 23:23 - 00000000 ____D C:\Users\dferrier\Documents\3d printing
2017-06-26 12:30 - 2016-05-26 17:06 - 00000000 __SHD C:\Users\dferrier\AppData\LocalLow\EmieUserList
2017-06-26 12:30 - 2016-05-26 17:05 - 00000000 __SHD C:\Users\dferrier\AppData\LocalLow\EmieSiteList
2017-06-26 12:30 - 2016-05-26 17:05 - 00000000 __SHD C:\Users\dferrier\AppData\Local\EmieUserList
2017-06-26 12:30 - 2016-05-26 17:05 - 00000000 __SHD C:\Users\dferrier\AppData\Local\EmieSiteList
2017-06-25 23:57 - 2015-11-17 12:52 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1717685655-2789524432-2867823966-1001
2017-06-25 22:05 - 2015-11-17 14:00 - 00000000 ____D C:\Users\dferrier\Documents\My Games
2017-06-25 20:48 - 2016-03-27 21:46 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-25 14:52 - 2013-09-10 08:49 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-25 14:52 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2017-06-24 18:29 - 2015-11-17 23:43 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-24 18:29 - 2015-11-17 13:26 - 00000000 ____D C:\Program Files\DIFX
2017-06-24 01:44 - 2015-11-20 12:02 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\HandBrake
2017-06-23 23:30 - 2015-12-29 16:42 - 00000000 ____D C:\Users\dferrier\AppData\Local\Battle.net
2017-06-23 22:39 - 2016-03-15 15:27 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2017-06-23 22:36 - 2015-12-29 16:41 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-23 18:21 - 2016-06-23 17:42 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2017-06-23 17:51 - 2015-12-31 11:36 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\MusicBee
2017-06-23 17:41 - 2016-03-15 15:27 - 00000000 ____D C:\Users\dferrier\Documents\StarCraft II
2017-06-23 17:36 - 2016-04-29 14:42 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-06-23 07:08 - 2016-09-18 19:04 - 00000600 _____ C:\Users\dferrier\AppData\Local\PUTTY.RND
2017-06-23 07:04 - 2015-12-04 08:54 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\vlc
2017-06-22 17:44 - 2015-12-26 17:06 - 00000000 ____D C:\Users\dferrier\Documents\photography
2017-06-22 06:40 - 2016-05-26 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-22 06:02 - 2015-11-17 13:46 - 00000000 ____D C:\Users\dferrier\Documents\Bible
2017-06-22 00:05 - 2015-11-17 12:39 - 00000000 ____D C:\Users\dferrier\AppData\Local\Packages
2017-06-21 22:03 - 2016-12-06 11:41 - 00001114 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2017-06-21 12:32 - 2015-11-17 13:49 - 00000000 ____D C:\Users\dferrier\Documents\bills
2017-06-20 22:11 - 2016-05-30 22:40 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-06-20 12:34 - 2015-11-17 12:39 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Adobe
2017-06-20 07:30 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-20 07:30 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-19 13:59 - 2016-03-01 00:36 - 00000000 ___RD C:\Users\dferrier\Creative Cloud Files
2017-06-19 13:59 - 2015-11-17 12:39 - 00000000 ____D C:\Users\dferrier
2017-06-19 13:57 - 2016-03-13 19:58 - 00000000 __RHD C:\Users\dferrier\lizzylizard@writeme.com Creative Cloud Files
2017-06-19 12:43 - 2015-11-17 13:46 - 00000000 ____D C:\Users\dferrier\Documents\Adobe
2017-06-19 12:40 - 2015-11-21 09:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-19 12:36 - 2015-11-21 09:42 - 00000000 ____D C:\Program Files\Adobe
2017-06-19 12:34 - 2015-11-21 09:34 - 00000000 ____D C:\ProgramData\Adobe
2017-06-19 05:58 - 2017-05-18 08:52 - 00000000 ____D C:\Users\dferrier\.gimp-2.8
2017-06-17 12:13 - 2016-11-30 23:12 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\FileZilla
2017-06-16 10:49 - 2016-03-03 00:35 - 00000000 ____D C:\Users\dferrier\AppData\Roaming\Mp3tag
2017-06-16 10:37 - 2015-12-31 12:06 - 00000995 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2017-06-16 10:37 - 2015-12-31 12:06 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2017-06-15 09:36 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2017-06-14 13:40 - 2016-01-09 16:41 - 00000000 ____D C:\Users\dferrier\Documents\atkins
2017-06-13 21:02 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2017-06-13 13:57 - 2017-05-19 10:54 - 00000000 ____D C:\Users\dferrier\AppData\Local\gtk-2.0
2017-06-10 12:13 - 2016-11-30 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-06-10 12:13 - 2016-11-30 23:12 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-06-04 22:56 - 2016-02-27 12:34 - 00000000 ____D C:\Users\dferrier\AppData\Local\Logos
2017-06-04 22:52 - 2016-02-27 13:24 - 00002291 _____ C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2017-06-04 22:52 - 2016-02-27 13:24 - 00002283 _____ C:\Users\dferrier\Desktop\Logos Bible Software.lnk
2017-06-04 22:43 - 2016-02-27 14:08 - 00000000 ____D C:\Users\dferrier\Documents\Logos Log Files
2017-06-02 22:48 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-02 22:46 - 2015-11-17 17:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-02 22:34 - 2015-12-19 14:49 - 00000000 ____D C:\Users\dferrier\Documents\JRT Studio
2017-06-02 22:31 - 2015-12-16 12:01 - 00000091 _____ C:\HaxLogs.txt
2017-06-02 22:30 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-02 14:33 - 2017-04-01 09:23 - 00000000 ____D C:\Users\dferrier\Documents\solar power
2017-06-02 14:33 - 2016-07-26 16:54 - 00000000 ____D C:\Users\dferrier\Documents\Ham Radio
2017-06-02 09:20 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-06-01 07:58 - 2016-03-07 11:29 - 00004848 _____ C:\Users\dferrier\Documents\ax_files.xml
2017-05-27 14:01 - 2017-05-26 14:33 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-12-03 13:46 - 2016-12-03 13:47 - 0009272 _____ () C:\Program Files (x86)\DeviceManage Setup Log.txt
2016-03-09 18:50 - 2016-03-09 18:51 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-21 22:12 - 2008-03-19 18:50 - 0097280 _____ () C:\Program Files (x86)\Common Files\pcsbClean.exe
2015-11-21 22:12 - 2008-03-06 22:31 - 0134656 _____ () C:\Program Files (x86)\Common Files\PCSBoff.exe
2016-03-01 15:53 - 2016-09-30 08:51 - 0000033 _____ () C:\Users\dferrier\AppData\Roaming\AdobeWLCMCache.dat
2015-08-05 10:51 - 2015-08-05 10:51 - 0000000 _____ () C:\Users\dferrier\AppData\Roaming\bdopatchtime.txt
2015-11-17 21:20 - 2017-02-15 12:37 - 0002491 _____ () C:\Users\dferrier\AppData\Roaming\LT3.MTBF.txt
2017-03-07 21:19 - 2017-03-07 21:19 - 0000600 _____ () C:\Users\dferrier\AppData\Roaming\PUTTY.RND
2017-05-19 09:38 - 2017-05-19 09:38 - 0000000 ____H () C:\Users\dferrier\AppData\Local\.urbackupclientgui_startonce
2015-11-17 22:04 - 2017-05-05 21:55 - 0007680 _____ () C:\Users\dferrier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 15:08 - 2015-11-17 15:08 - 0000000 _____ () C:\Users\dferrier\AppData\Local\Driver_11ACPresent.flag
2016-09-18 19:04 - 2017-06-23 07:08 - 0000600 _____ () C:\Users\dferrier\AppData\Local\PUTTY.RND
2017-06-18 22:03 - 2017-06-18 22:03 - 0002205 _____ () C:\Users\dferrier\AppData\Local\recently-used.xbel
2015-12-26 19:07 - 2015-09-25 04:21 - 0016800 _____ () C:\Users\dferrier\AppData\Local\Z@!-5946ba91-ed5f-41a8-8801-12c6dbd9f3de.tmp
2015-12-26 19:07 - 2015-09-25 04:21 - 0015776 _____ () C:\Users\dferrier\AppData\Local\Z@S!-83152ba7-24c1-4572-9f40-f7b7dcf1c59d.tmp
2016-12-29 14:33 - 2017-01-02 21:55 - 0000143 _____ () C:\Users\dferrier\AppData\Local\zenmap.exe.log
2016-12-08 08:50 - 2017-05-10 21:15 - 0000085 ___SH () C:\ProgramData\.zreglib
2015-11-21 14:48 - 2015-11-21 14:48 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-11-21 14:06 - 2015-11-21 14:37 - 0000238 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-06-27 00:41 - 2016-06-27 00:41 - 0000090 _____ () C:\ProgramData\Temp.log

Some files in TEMP:
====================
2017-04-10 12:15 - 2017-04-10 12:15 - 10468271 _____ () C:\Users\dferrier\AppData\Local\Temp\handbrake-setup.exe
2016-08-25 16:43 - 2016-08-25 16:43 - 15301888 _____ (Microsoft Corporation) C:\Users\dferrier\AppData\Local\Temp\vc_redist_2015.x64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-18 02:48

==================== End of FRST.txt ============================

 

[Dale Ferrier]

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by dferrier (26-06-2017 22:43:37)
Running from C:\Users\dferrier\Desktop\malware removal\farbar
Windows 8.1 Pro (Update) (X64) (2015-11-17 17:39:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1717685655-2789524432-2867823966-500 - Administrator - Disabled)
dferrier (S-1-5-21-1717685655-2789524432-2867823966-1001 - Administrator - Enabled) => C:\Users\dferrier
Guest (S-1-5-21-1717685655-2789524432-2867823966-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
4nec2 full version 5.8.16 (HKLM-x32\...\4nec2_is1) (Version: - 4nec2@gmx.net (Use "4nec2 modeller" as the subject))
64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
Acrosync (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\Acrosync) (Version: 1.6 - Acrosync LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.10.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Agisoft PhotoScan Standard (HKLM\...\{01E15477-3876-4930-88B6-AE78ED0C3D04}) (Version: 1.3.2 - Agisoft)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.1.5.0 - RedFox)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BDOTomePatcher (HKLM-x32\...\BDOTomePatcher) (Version: - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Cheetah Sync (HKLM-x32\...\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}) (Version: 1.5.1 - JRT Studio)
CHIRP (HKLM-x32\...\CHIRP) (Version: - )
Choice of Robots (HKLM\...\Steam App 339350) (Version: - Choice of Games)
CLANNAD (HKLM\...\Steam App 324160) (Version: - VisualArts/Key)
CloneBD (HKLM-x32\...\CloneBD) (Version: 1.1.5.1 - Elaborate Bytes)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
ColorChecker Passport 1.1.0 (HKLM-x32\...\ColorChecker Passport_is1) (Version: 1.1.0 - X-Rite)
ColorMunki Photo 1.1.1 (HKLM-x32\...\ColorMunki Photo_is1) (Version: - X-Rite)
CraftWare 1.14 (HKLM-x32\...\CraftWare1.14) (Version: 1.14 - CraftUnique ltd)
Creative Pack Volume 1 (HKLM\...\{3D1688AB-3440-4C7A-8CBB-5D77CD3C02D7}) (Version: 3.1.1 - Corel Corporation)
Cura 2.6 (HKLM-x32\...\Cura 2.6) (Version: 2.6.0 - Ultimaker)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.2406.60 - CyberLink Corp.)
Dazzle Video Capture DVC100 X64 Driver 1.07 (HKLM-x32\...\{631D71FD-237F-4D74-B090-88E66FBC5A10}) (Version: 1.07.0000 - Pinnacle)
DDC Driver 1.5 (HKLM-x32\...\DDC Driver_is1) (Version: - )
Defender's Quest: Valley of the Forgotten (HKLM\...\Steam App 218410) (Version: - Level Up Labs, LLC)
DeviceManage (HKLM-x32\...\DeviceManage) (Version: - )
Divinity: Original Sin Enhanced Edition (HKLM\...\Steam App 373420) (Version: - Larian Studios)
DVD Architect (HKLM-x32\...\{F3B2BFC0-76F2-11E6-B231-BB95F5A309BD}) (Version: 7.0.38 - VEGAS)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 10.0.2.2 (14/02/2017) (HKLM-x32\...\DVDFab 10_is1) (Version: - Fengtao Software Inc.)
DVDInfoPro 7.6.0.5 (HKLM-x32\...\DVDInfoPro_is1) (Version: - DVDInfoPro Elite)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.6.0 - Seiko Epson Corporation)
EZNEC Demo v. 6.0 (HKLM-x32\...\EZNEC_-6000_is1) (Version: 6.0 - EZNEC)
Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios)
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FileBot (HKLM\...\{3AE33F8A-E542-4B5E-B7D9-BFC9061CB58E}) (Version: 4.7.9 - Reinhard Pointner)
FileZilla Client 3.26.1 (HKLM-x32\...\FileZilla Client) (Version: 3.26.1 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
FreeCAD 0.16 - A free open source CAD system (HKLM\...\FreeCAD 0.16) (Version: 0.16.6700 - Juergen Riegel)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
FT-857 Programmer (HKLM-x32\...\{7B67EE40-5362-11E2-390C-10AB7E3B7E87}) (Version: 4.50.0.0 - RT Systems. Inc)
G4FON Koch Method Morse Trainer (HKLM-x32\...\G4FON Koch Method Morse Trainer) (Version: - )
Gear Watch Designer 1.1.1 (HKLM-x32\...\Gear Watch Designer) (Version: 1.1.1 - Samsung Electronics)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
GT3_W64_VIP (HKLM-x32\...\ST6UNST #1) (Version: - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HDHomeRun (HKLM\...\{54F9A4D2-83CC-4169-BC4E-24F341E6AA8D}) (Version: 1.0.23228.0 - Silicondust)
HDHRFling (HKLM-x32\...\{4FBE6121-3BDF-49CC-B95D-E6EB83AF2CEA}_is1) (Version: 1.2.8.2 - HDHRFling.com)
Helicon Focus 6.6.1.0 (HKLM\...\Helicon Focus 6_is1) (Version: - Helicon Soft Ltd.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hollywood FX Volumes 1-3 (HKLM\...\{94F26E3B-100E-4C7B-B1F1-2F395128E848}) (Version: 2.1 - Corel Corporation)
Hotkey 3.16.29 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 3.16.29 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3995 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iSpy (64 bit) (HKLM\...\{23D18C2E-0A91-43C5-ADDE-42D4B5A4B6F9}) (Version: 6.5.8.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{62646e38-1498-4ba5-81ef-5f8edc95db78}) (Version: 6.5.8.0 - DeveloperInABox)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Just Learn Morse Code (HKLM-x32\...\{CBE3B17D-C988-4AF7-B84E-BEFF6F60BCC9}) (Version: 1.0.0.0 - Sigurd Stenersen)
Koi-Koi Japan [Hanafuda playing cards] (HKLM\...\Steam App 364930) (Version: - Zoo Corporation)
Kolor Autopano Pro 4.2 (HKLM\...\AutopanoPro4.2) (Version: V4.2.3 - Kolor)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lightroom Duplicate Finder 2 (HKLM-x32\...\{366C1420-AF2B-45BC-B1E9-09D2F7201E71}) (Version: 2.0.4317 - Jim Keir)
LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version: - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logos Bible Software (HKLM-x32\...\{D9D58101-8601-49C1-8601-CDF6B33E8006}) (Version: 7.96.37 - Faithlife Corporation)
LOOT version 0.9.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.1 - LOOT Team)
LRTimelapse 4.5.1 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.5.1 - Gunther Wegner)
MediaInfo 0.7.65 (HKLM\...\MediaInfo) (Version: 0.7.65 - MediaArea.net)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
MKVCleaver x64 (HKLM\...\{4BBA40AF-D259-486F-B44F-2D817CF79434}) (Version: 7.0.1 - Ilia Bakhmoutski)
MKVToolNix 12.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 12.0.0 - Moritz Bunkus)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Movie Studio 13.0 (64-bit) (HKLM\...\{15C608B0-B5A5-11E6-858D-EF6B4CB4F8F1}) (Version: 13.0.208 - VEGAS)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
NewBlue Effects (HKLM\...\{C0C7CFFB-C0EF-4CB5-A83D-33626D67BAA7}) (Version: 1.0.1 - Corel Corporation)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
Newshosting (HKLM\...\{649F577B-BCA1-4EB1-B17F-6157F351E528}) (Version: 2.2.1 - Newshosting)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.1 - Black Tree Gaming)
NieR:Automata™ (HKLM\...\Steam App 524220) (Version: - Square Enix)
Nmap 7.40 (HKLM-x32\...\Nmap) (Version: 7.40 - )
Npcap 0.78 r5 (HKLM-x32\...\NpcapInst) (Version: 0.78 r5 - Nmap Project)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.0.2 - ON1)
ON1 Resize 10 (HKLM\...\ON1 Resize 10 PE) (Version: 10.5.1 - ON1)
Opti Drive Control 1.70 (HKLM-x32\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version: - Erik Deppe)
Outlook Google Calendar Sync (HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\ae7ab5abd52d9711) (Version: 2.4.0.0 - Paul Woolcock)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Pavtube BDMagic Ver 4.8.6.8 (HKLM-x32\...\{322AED85-69CD-49E5-AA61-123707D9A80B}_is1) (Version: - )
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photomatix Pro version 5.1.2 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.1.2 - HDRsoft Ltd)
Pinnacle Studio 18 - Install Manager (HKLM\...\{39B53CC2-EE72-44E6-800D-C61A6465BF1A}) (Version: 18.0.234 - Corel Corporation)
Pinnacle Studio 18 - Standard Content Pack (HKLM\...\{DDBFA6BC-5756-465F-902A-5659F4EFBC6F}) (Version: 18.0 - Corel Corporation)
Pinnacle Studio 18 (HKLM\...\{11FB47FB-B341-4FD8-A505-E4C0CC0536C1}) (Version: 18.5.1.827 - Corel Corporation)
Pinnacle Studio 18 Add-Ons (x32 Version: 18.0 - Corel) Hidden
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Qualcomm Atheros 11AC Drivers (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.451 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{FE6786D7-4CAD-47D9-9221-3782B0052992}) (Version: 1.1.49.1393 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.49.1393 - Qualcomm Atheros) Hidden
QuickLOAD (HKLM-x32\...\ST5UNST #2) (Version: - )
QuickLOAD-QuickTARGET Demo (HKLM-x32\...\ST5UNST #1) (Version: - )
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RawTherapee version 5.1 (HKLM\...\RawTherapee5.1_is1) (Version: 5.1 - rawtherapee.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21255 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7363 - Realtek Semiconductor Corp.)
Reasonable NoClone 2014 (HKLM-x32\...\{A677B60C-9707-4D9C-AB9C-BF856A0832AC}) (Version: 6.1.45 - REASONABLE SOFTWARE HOUSE)
ScoreFitter Volumes 1-2 (HKLM\...\{DAD8BCAC-30E7-4D1A-91F2-F3712F0E2555}) (Version: 2.1 - Corel Corporation)
SDK (x32 Version: 1.40.002 - Portrait Displays, Inc.) Hidden
Sentinel Runtime (HKLM-x32\...\{F3B75675-67AC-4349-8673-3AC0C29165C0}) (Version: 7.32.1.52786 - SafeNet Inc.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Shroud of the Avatar: Forsaken Virtues (HKLM\...\Steam App 326160) (Version: - Portalarium)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Snagit 12 (HKLM-x32\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.4.1 - TechSmith Corporation) Hidden
Spam Reader 3.7 (HKLM-x32\...\{488AD2A7-1158-45D0-BDBD-B82AB6B6EDD3}}_is1) (Version: - LuxContinent LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Title Extreme (HKLM\...\{C202FA8F-552B-4F7A-AB57-0B5B888E6BB5}) (Version: 2.1 - Corel Corporation)
Total Recorder 8.2 (HKLM-x32\...\TotalRecorder) (Version: - )
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 7.3.0.0 - Tordex)
Ultra Fractal 5.04 (HKLM-x32\...\Ultra Fractal 5.04) (Version: - )
Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software)
UltraEdit (HKLM-x32\...\{3EFB776D-32C0-4895-8D45-184C3F8BA337}) (Version: 23.00.0.59 - IDM Computer Solutions, Inc.)
Undertale (HKLM\...\Steam App 391540) (Version: - tobyfox)
UninstallDeviceDll 1.1 (HKLM-x32\...\UninstallDeviceDll_is1) (Version: - X-Rite)
UV-3R+ 1.11 (HKLM-x32\...\UV-3R+) (Version: - )
VEGAS Pro 14.0 (64-bit) (HKLM\...\{995C928F-BE54-11E6-B066-BE9B4130C4C9}) (Version: 14.0.211 - VEGAS)
VidCoder 1.5.34 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.34 - RandomEngy)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - CraftUnique Ltd. (usbser) Ports (12/19/2014 1.0.2.0) (HKLM\...\A68B66A0305948B7AD2513DE68C312D6B2CA2CA7) (Version: 12/19/2014 1.0.2.0 - CraftUnique Ltd.)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
Windows Driver Package - RT Systems RT CDM Driver Package (01/30/2016 2.12.08) (HKLM\...\44F74E9BE605C75BBD33EC4CA829BECAFE4B8630) (Version: 01/30/2016 2.12.08 - RT Systems)
Windows Driver Package - RT Systems RT CDM Driver Package (01/30/2016 2.12.08) (HKLM\...\AD6D814F58FF742D1ABBBDFC9760CF33549296C8) (Version: 01/30/2016 2.12.08 - RT Systems)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Winsome File Renamer version 8.0 (HKLM-x32\...\{C84B0B73-760A-4604-B723-28F46A34F924}_is1) (Version: 8.0 - Winsome Technologies)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
X-Rite Device ColorMunki Service (HKLM-x32\...\{EAEFA1B2-64E3-4B8E-942F-F57A73BC1CAE}_is1) (Version: 1.0 - X-Rite Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\dferrier\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{c9425bc1-a651-4be3-a8c6-7a2f50defbbf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1717685655-2789524432-2867823966-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {001C167F-0664-454F-97B9-BA1727415998} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {075B829D-26F5-4CC2-A907-8C5853AC136E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {10BD2109-73D5-4A54-8680-184412F5AC97} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {24FD8A8B-65D0-45FC-A867-D71DEAD9F371} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-26] ()
Task: {6232242A-79CD-4726-A3BF-90722CBF55C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-26] (Microsoft Corporation)
Task: {8C94544D-D3C2-487F-A90C-C972EE756221} - System32\Tasks\{11F1210D-889E-45D1-A067-4DEE800F4341} => Firefox.exe hxxp://ui.skype.com/ui/0/7.23.0.105/en/eula?source=lightinstaller
Task: {915A488B-DF9E-425D-8874-8F29AF498DAC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-26] (Microsoft Corporation)
Task: {9B463CFB-B6CF-4460-BA25-7E1E59643ACD} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {C9A2E455-03E4-4016-9E6E-04B9A603C8D7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-26] ()
Task: {D0E97515-001A-43E8-A2D5-E34C114E32FD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-09] (Synaptics Incorporated)
Task: {EEFC7926-55D9-412B-80C7-CB79A17D4F9C} - System32\Tasks\AdobeAAMUpdater-1.0-lt3-dferrier => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\dferrier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tizen SDK-2.4\Tizen Web Simulator-2.4.lnk -> C:\tizen-sdk\tools\websimulator\simulator.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-11-17 13:11 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-16 07:41 - 2017-05-26 03:25 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-01 19:04 - 2015-02-27 15:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-03-30 07:27 - 2016-03-30 22:00 - 00147968 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2016-02-20 13:32 - 2009-10-23 10:26 - 01921024 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
2014-12-11 01:53 - 2014-12-11 01:53 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2017-05-15 02:38 - 2017-05-15 02:38 - 34957896 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-09-29 19:51 - 2014-09-29 19:51 - 00074664 _____ () C:\Program Files (x86)\RedFox\AnyDVD\ADvdDiscHlp64.exe
2017-04-09 15:42 - 2017-04-09 15:42 - 33180155 _____ () C:\Program Files\HandBrake\hb.dll
2016-12-13 21:29 - 2016-10-13 19:03 - 02160128 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2016-12-13 21:29 - 2016-10-13 19:03 - 00484352 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2016-12-13 21:29 - 2016-10-13 19:03 - 12621312 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2016-12-13 21:29 - 2016-10-13 19:03 - 02111488 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2016-12-13 21:29 - 2016-10-13 19:03 - 00663040 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2016-12-13 21:29 - 2016-10-13 19:03 - 00139264 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2016-12-13 21:29 - 2016-10-13 19:03 - 00071168 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\postproc-54.dll
2016-12-13 21:29 - 2016-11-25 19:36 - 00099328 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winunivappfeatures.dll
2016-12-13 21:29 - 2016-10-13 17:36 - 65771520 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2016-12-13 21:29 - 2016-10-13 17:36 - 02129920 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2016-12-13 21:29 - 2016-10-13 17:36 - 00087040 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2017-06-02 12:09 - 2017-06-02 12:09 - 00052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-02-20 13:31 - 2008-09-03 17:12 - 02592768 _____ () C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\colormunki.dll
2016-02-20 13:32 - 2009-10-22 15:33 - 07053312 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtGui4.dll
2016-02-20 13:32 - 2009-10-22 15:33 - 01970176 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtCore4.dll
2016-02-20 13:32 - 2009-10-22 15:29 - 00131072 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qjpeg4.dll
2016-02-20 13:32 - 2009-10-22 15:29 - 00278528 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qtiff4.dll
2017-01-14 21:30 - 2016-10-08 17:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-01-14 21:30 - 2016-07-21 11:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-08-14 11:57 - 2015-08-14 11:57 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2015-08-14 11:57 - 2015-08-14 11:57 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2014-03-20 14:43 - 2014-03-20 14:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-16 07:41 - 2017-05-26 03:25 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-06-02 12:09 - 2017-06-02 12:09 - 00048296 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2010-03-01 15:31 - 2010-03-01 15:31 - 00247672 _____ () C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\myuni08.dll
2016-09-16 07:37 - 2017-05-26 03:23 - 00272072 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL
2017-06-04 07:19 - 2017-06-04 07:19 - 52051552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-05-30 01:38 - 2017-05-30 01:38 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-06-04 07:47 - 2017-06-04 07:47 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-04 07:43 - 2017-06-04 07:43 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-09-16 07:37 - 2017-05-26 03:23 - 01009864 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-09-16 07:41 - 2017-05-26 03:24 - 00515264 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2015-11-26 22:58 - 2017-05-16 20:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-26 22:58 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-26 22:58 - 2017-06-01 14:50 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-26 22:58 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-26 22:58 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-26 22:58 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-26 22:58 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-26 22:58 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-26 22:58 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-26 22:58 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-26 22:58 - 2017-06-01 14:50 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-15 15:03 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-14 10:22 - 2017-05-08 14:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-11-26 22:58 - 2017-06-01 14:50 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-11-26 22:58 - 2015-09-24 18:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\dferrier\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [368]
AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:FCd64RTDrYFRI1Z2H [2148]
AlternateDataStreams: C:\Users\dferrier\AppData\Local\Temporary Internet Files:ZQlWOHOCr4RpyJvmfbdcOEoqh5jNv [2502]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "CBSpoolDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1717685655-2789524432-2867823966-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"

 

[Dale Ferrier]

Addition.txt continued


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{16D2996D-1DBD-4BE7-94B6-D230F911936B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48CA8B7E-98FB-4018-845B-978FC99E3E3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{09DB9EE8-6775-4CE2-BDBD-AC92E3D8DD90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BFECA2F3-7C77-4FD4-BA55-E0A96A15B403}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A298252D-BD4B-4B53-B388-5E08F9D4A095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FA271D0-4AE6-4457-B867-6F83E7851308}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6A799B31-3D83-4823-B0C4-5765C4B1CF36}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{5FC55606-97F1-4B96-B3C7-1DCD54608DA2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{B0A1B7B3-C8B6-4490-B905-5B46AD4B1A86}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{6CA20B68-7AF4-46F6-85E8-2C569196254B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{A2CAE719-B1E4-4381-BF33-B69B09EA71F8}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{153B5C29-9162-4A82-96DC-14930B828294}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{63085810-2923-4460-B9BB-52C50E34E025}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{1A5FDCF6-6901-4E80-B5B3-0EDDE1E4E233}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{1896014D-DD6B-45AF-B985-60FE45093616}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{6109A1BD-121B-45AF-928D-D2F0AB51141E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{56D5CD78-765B-46F4-8B6F-35275E539744}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{98B4702E-5142-4891-8E54-1E6E846187B9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{426B5EEC-50F9-4338-9832-9160A8A76FCE}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{7EC486D3-ABD2-4D8D-A087-E20813F228E3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{6BDBA6EA-8C26-4265-BB45-D7040063BC0C}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{CCE590DF-4F57-4361-8EA8-1802B2754155}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{DA90B094-F089-4ED4-BC60-2A42BFE4596E}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{E7F65E1F-1D28-4FF7-87E3-313846D42BB3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{B34630D5-CF48-4DFC-99B3-09E360A7C91B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{938FCA39-C276-4671-8927-9E48B070C60F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E93DEC02-89BC-4215-A333-F3617A375629}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75420B98-3A0D-4C40-B6B1-F4480A6BD0D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F86A86D-5B00-48F7-91CD-B5F496BA5343}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{39ACF385-492B-407E-BA05-1C9F4EE3C4C7}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{42D586D0-72F4-4EF6-8795-6FAB128718E4}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{E6C08C26-6090-45F2-A634-00339D25F9DB}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{0D19A34E-F638-4A8E-8FEC-0E9972272437}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{42ABCFB2-F6D3-4DD4-AB3C-9C57C701B99A}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{1980903B-EAE0-42EF-80AA-2E5184E569C7}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{DA8EF29B-55FD-4A31-9460-977EF94EDB5A}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [UDP Query User{693A5210-1F24-410B-AF4B-68FA0FC1F9D0}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [{84432AA8-5321-4F87-AAC4-B791119FDDDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe
FirewallRules: [{DA4962ED-1BA0-4F96-903D-FC9EC2CF5CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\I am Alive\src\SYSTEM\IAmAlive_game.exe
FirewallRules: [{0E0661C7-6A8E-4AB3-A547-100A4423A7ED}] => (Allow) LPort=8298
FirewallRules: [TCP Query User{DA6E4BCF-3802-43C1-9F72-9BB2251DD2D8}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B3E721A0-BC6F-4096-9699-BFA31223864D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{9C31F3C2-BD9B-4CE7-9C8B-A5DD292B919D}C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe] => (Allow) C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe
FirewallRules: [UDP Query User{9E9C6D6C-3355-48DB-B910-3F9A94C115A8}C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe] => (Allow) C:\program files\onone software\perfect photo suite 6\perfectphotosuite.exe
FirewallRules: [TCP Query User{4DC8ECBB-C79A-481B-96F0-CF2FAF40107B}C:\program files\onone software\perfect resize 9\perfect resize 9.exe] => (Allow) C:\program files\onone software\perfect resize 9\perfect resize 9.exe
FirewallRules: [UDP Query User{9D8A3AF9-616D-451C-9F4D-6A2B471B188F}C:\program files\onone software\perfect resize 9\perfect resize 9.exe] => (Allow) C:\program files\onone software\perfect resize 9\perfect resize 9.exe
FirewallRules: [TCP Query User{F219A285-7DEF-43BE-B441-65DC3B3E5000}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [UDP Query User{224254F8-DC22-4CA3-B4D8-92C78AD52685}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => (Allow) C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [{904EA697-DF81-42D7-B40A-98ADD4ECF003}] => (Allow) LPort=5454
FirewallRules: [{8553CAF3-5AE6-4014-9561-4E09FA7D16B4}] => (Allow) LPort=5454
FirewallRules: [TCP Query User{88AAEA31-DA24-4E43-9606-DA4FAAAF50EA}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [UDP Query User{EB071DDC-B06F-4AD6-828E-48A8C39A9826}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [TCP Query User{1ECB6B45-BD7F-49A2-B93F-33167E20443D}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{26048747-0F61-4C75-B113-BB537A79819E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{373BC15B-7B8E-4504-AB0A-3A189B84BD33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{95DF81D5-E675-4C55-BD21-6814C721ABF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [TCP Query User{ECC9E33E-31B8-499C-ABF4-089320047E51}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{23581F29-6D34-41A6-AAB0-76FEF35EF0E3}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Block) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [TCP Query User{873723AF-1950-4F79-A3D7-DBFE4C7949AF}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{9E7BA8F0-7F50-4012-8966-C729913A13B9}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{32BF37FC-EC1E-4EDB-984E-72C25B25D522}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\bin\BlackDesert32.exe
FirewallRules: [{9E246989-B8FC-4A18-BAE9-85632C609C76}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\bin64\BlackDesert64.exe
FirewallRules: [{6F34F171-547E-4C5F-B2AB-CE8F8614EDBF}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\BlackDesert_Launcher.exe
FirewallRules: [{5C9090BB-8FEF-4FB0-A7AD-B63991611C39}] => (Allow) C:\Users\dferrier\Downloads\Installs\Black Desert\BlackDesert_Downloader.exe
FirewallRules: [TCP Query User{D811B7D8-49AB-4F16-B4E1-2F98B724B172}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{09CC7A38-FD61-48F1-9BC9-F2AC3B649CE1}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{4218852E-C488-486B-867B-07C05EF91461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{4E19223F-94B5-450A-8CED-5BCAEF29F167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{F48ECE11-D2D3-4C69-A5DB-7930FC30490B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CLANNAD\RealLiveEn.exe
FirewallRules: [{088D6C6A-2A57-4086-9C41-7A338010E125}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CLANNAD\RealLiveEn.exe
FirewallRules: [TCP Query User{BF34EFEA-8DBA-4D0B-9BA7-26EF154C2388}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E7D64A9B-BE9B-4997-8470-E8C313087C72}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{E60A090C-6355-4484-A9DC-6C7FFEC74F3F}C:\users\dferrier\desktop\ab analytics\app\abm_win.exe] => (Allow) C:\users\dferrier\desktop\ab analytics\app\abm_win.exe
FirewallRules: [UDP Query User{A8749EF5-387E-4A33-BE63-D130EABB6F5F}C:\users\dferrier\desktop\ab analytics\app\abm_win.exe] => (Allow) C:\users\dferrier\desktop\ab analytics\app\abm_win.exe
FirewallRules: [TCP Query User{90727535-0C3C-40F3-BB76-9CC07EF2FC90}C:\program files (x86)\ab analytics\app\abm_win.exe] => (Allow) C:\program files (x86)\ab analytics\app\abm_win.exe
FirewallRules: [UDP Query User{6853FBBE-BB65-42AD-BAA3-78882938C813}C:\program files (x86)\ab analytics\app\abm_win.exe] => (Allow) C:\program files (x86)\ab analytics\app\abm_win.exe
FirewallRules: [{3504DD83-009E-4784-B6F3-2EC10DB263CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A09FA166-0EB1-4392-BA66-148EFC163813}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{37EA56F0-525E-43EA-B70D-CAB90B8C7399}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe
FirewallRules: [UDP Query User{0CC49148-60AD-471F-B781-A0BB0FF14B21}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe
FirewallRules: [TCP Query User{E270C79B-0A0F-4D15-929C-E453B72B7095}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [UDP Query User{EC25287C-562D-4B45-83DF-AA7FD1043364}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [TCP Query User{8A03314C-9B4A-42B8-9176-D65465A9F544}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [UDP Query User{5DE374D0-B9BC-47D4-8348-9DB714C8B327}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [{CDE0FDA7-FDFD-4977-8E9D-467CCECA8A0C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{FDFB6F1C-84A0-4107-9030-82AFCB69D8F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{70B4C7F8-55DD-49C4-A1D6-CA84E6245AE5}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{3482E17F-5E10-438A-86AD-9228B55D5751}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{FDDA3A4B-C648-4774-A60B-B6AAB8741533}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{FE56C383-289D-4CD2-A000-68EDD2F78102}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{F8AF5C7C-223C-4FB8-A240-5516607C0CE7}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{5B8B60C9-50E5-4A55-A3A1-07499530FC25}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [TCP Query User{C5A3841E-1C92-4626-9DB9-54C2058C58C5}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [UDP Query User{FE50F1BD-9F31-4E60-866E-91A25DA3F538}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [TCP Query User{5367F2C6-CC2A-404A-B10B-6F707BF4EAA8}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [UDP Query User{CADE46A5-27C3-412A-A0C8-B64B5F1C1175}C:\program files (x86)\imageprint\spool\mux\muxd.exe] => (Allow) C:\program files (x86)\imageprint\spool\mux\muxd.exe
FirewallRules: [TCP Query User{04330347-CF6B-43AC-85E1-A4A096DCBF61}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{1545A64E-70B7-482F-9602-02E64498FA21}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{8209AA52-7FAD-4160-A602-7DC71036B15D}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [TCP Query User{4F030ABC-5ADE-4062-9B63-38909E2955D8}C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe] => (Allow) C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe
FirewallRules: [UDP Query User{83FC594C-4479-4854-B813-6F4A5D667BC2}C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe] => (Allow) C:\program files (x86)\gearwatchdesigner\gearwatchdesigner.exe
FirewallRules: [{9A70AE86-59BF-415F-9173-3EF07CDF3457}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3AF5E882-9B1A-4C7B-80A9-7E1DD56EC6C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{8D2DD1F4-C138-458A-9FAD-B8CD1E0070E2}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{20CB1257-3144-4157-B8D2-CD71E56EE48A}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{B84E0CD0-F26F-44F4-9813-CC03653475F1}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{DD2910B1-6358-4FA8-A132-E5CCE94D19C8}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7593C432-C542-4FE7-9B5F-8FEFA6FD112B}] => (Allow) D:\SteamLibrary\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [{4EC32183-37B3-4C40-B0B9-730ADF483CBE}] => (Allow) D:\SteamLibrary\steamapps\common\SotA\Shroud of the Avatar.exe
FirewallRules: [TCP Query User{310A6EA1-00D4-46DA-8057-613BCA0252E2}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [UDP Query User{0BDDC79B-4494-45D5-B3E7-8DC76DDDD782}C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\jp2launcher.exe
FirewallRules: [{53672316-BF56-4C8D-9F1C-84F583A06C28}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{2B4B8406-0BD6-47B6-B0BC-D21839E9AE6F}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [TCP Query User{A4E703A6-2670-4C7E-A8D4-523E9ACCFE4F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{B9A86027-466C-47E6-BE93-D3542865F499}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E64BE649-256B-4126-A97B-E18730BE43B0}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{BA606B12-DBE0-4ECF-A120-4608489C4039}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{17CC1584-608E-4DF5-9CCF-84EF213C12D4}C:\program files (x86)\devicemanage\devicemanage.exe] => (Allow) C:\program files (x86)\devicemanage\devicemanage.exe
FirewallRules: [UDP Query User{1C9702D8-B1CA-4B22-B95A-C668C1F1B90D}C:\program files (x86)\devicemanage\devicemanage.exe] => (Allow) C:\program files (x86)\devicemanage\devicemanage.exe
FirewallRules: [{CBFD16CD-AADC-48B2-BEB1-045EF3B9585F}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{02D6E52F-26D5-4A17-A03F-BC661124FCA2}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{5620F317-41A6-4B26-AD45-57AC531142AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{029F1161-AF8D-4E32-92E6-532CF219401A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{A62ECB2B-DEC7-40B2-B523-A6BFD6F7FC75}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [UDP Query User{98837384-13EE-4684-B1A8-F4533E4B8A78}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [TCP Query User{A5AE49CF-AC02-436D-8147-E2BF4F6E80D2}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [UDP Query User{D7F793A1-4643-430D-80CC-34C6C8953DB0}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [TCP Query User{378D5BB5-08AC-4B5C-A487-011782B9F91F}C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [UDP Query User{A1A541D3-9858-4E79-9534-B7801E3C05BD}C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\dferrier\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [{924BD1A1-C9D6-4F1D-8A4C-6D9AC68CDF66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{44B47DE2-4BC1-4E15-99CB-6DD08B54DADF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B7A603D9-F55F-48C1-8C46-882CC9CE6C1A}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [UDP Query User{A3F30B3B-F854-4BF2-A452-79736390F00B}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
FirewallRules: [TCP Query User{D5E0F362-DF11-4EDD-A8E8-68107ECC83AA}C:\program files (x86)\hdhrfling\hdhrfling.exe] => (Allow) C:\program files (x86)\hdhrfling\hdhrfling.exe
FirewallRules: [UDP Query User{73380196-9F2C-42EB-8E2E-45FF1F58A4A6}C:\program files (x86)\hdhrfling\hdhrfling.exe] => (Allow) C:\program files (x86)\hdhrfling\hdhrfling.exe
FirewallRules: [{BBDB8760-1898-4E33-B37D-08B60BE2B053}] => (Allow) LPort=9090
FirewallRules: [{AF434A2A-BACE-4C82-908D-2015240F1F79}] => (Allow) LPort=9090
FirewallRules: [{E6A88D76-2FB6-4370-9D53-13DA38B5FA18}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_view.exe
FirewallRules: [{73E49EC7-82B2-4578-A07B-CF97E38E027F}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{EDC1255A-D474-4149-ADD5-58DAC489492D}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_nas_install.exe
FirewallRules: [{8DF94F46-7E78-44F6-964C-59C39297E2C0}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe
FirewallRules: [{23784516-75A1-4503-B40B-82CEE4E82583}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{DDF88BA8-ADA3-46A0-888F-56311859FF85}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{6D55155F-7536-40E3-AC89-D5807011BECB}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{400AC135-F7C3-48AA-B343-2B0794CB8D60}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe
FirewallRules: [UDP Query User{13F4FC21-1867-48C3-8684-E8A935BED181}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe
FirewallRules: [{5F05E3B9-165F-4943-8164-2DFDEA51D436}] => (Allow) LPort=9090
FirewallRules: [{C65A8A35-E116-4A87-8A43-3273798F2508}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD.exe
FirewallRules: [{46DC10AA-1361-41F0-B485-7B5FFF9134C3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe
FirewallRules: [{0B1D766B-0460-496D-B7D5-A5A7228E2A91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe
FirewallRules: [{17C57EE1-55D5-4FB4-A821-ABA1AEBFFE95}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe
FirewallRules: [{DE119C15-9DA9-40CC-89AD-58486E5B3CAA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\CastingStation.exe
FirewallRules: [{70D1C490-D824-4FC5-AFFA-E4F4CC22D6A9}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE1B8038-789B-4F3E-B751-FC7427113ABC}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C0A6932-F374-4F3D-B855-85320857FF51}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6D45F5E-156B-4889-A759-5716D14EC1AE}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8536440A-034D-4CB3-8E39-AB8C9887BD5C}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DC9C9C9-9258-4B5B-ADA6-3F6A3F5B80DD}] => (Allow) C:\Users\dferrier\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B287224C-5F43-4BC3-B689-A5397B668283}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{434EC171-0311-494E-B903-29384F717303}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [{F786A858-BCC4-4ECA-9D9F-06198CD52D19}] => (Allow) D:\SteamLibrary\steamapps\common\ChoiceOfRobots\ChoiceOfRobots.exe
FirewallRules: [{55945A4E-80B2-448F-9F2A-4B7693A7A71C}] => (Allow) D:\SteamLibrary\steamapps\common\ChoiceOfRobots\ChoiceOfRobots.exe
FirewallRules: [{C24923A6-CF3F-4561-8462-1F52C99B000B}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0E92DD59-2AAF-40F0-BDB0-599DCDBB25D1}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{FE23E4E7-33EF-42F4-8A49-A1BF54B8C9F1}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{E10A33AE-E662-4CBB-9717-A07332541409}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [{7EE1870B-E7E8-47B0-840E-873FACA4EF68}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{8B2C70DC-73A8-446F-B05C-07BBCB597A76}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{E5F4A2E3-E27C-4D88-807E-F504ACDDCE2D}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{09CEE975-B6B8-463F-A075-AC3B628BBE49}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{B72CAD4D-E1A3-4527-A455-0AC8CDF0E9F6}] => (Allow) C:\Program Files\UrBackup\UrBackupClientBackend.exe
FirewallRules: [{0F23078B-E920-453E-B35F-27E473651367}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{4B1F3B09-8156-4C5A-8DD8-EFBBBD4AD4ED}C:\program files\cura 2.5\cura.exe] => (Allow) C:\program files\cura 2.5\cura.exe
FirewallRules: [UDP Query User{DB8D3D8A-D228-4F3A-A0E0-1E20B76740D1}C:\program files\cura 2.5\cura.exe] => (Allow) C:\program files\cura 2.5\cura.exe
FirewallRules: [TCP Query User{6397F1B8-C981-4092-AF17-ABA6A62A65A8}C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe
FirewallRules: [UDP Query User{A6F4867F-E8CF-44BC-8E94-71E008D45FBF}C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base54518\sc2_x64.exe
FirewallRules: [TCP Query User{8EECA500-44BF-4741-A658-65130A1E6FA4}C:\program files\cura 2.6\cura.exe] => (Allow) C:\program files\cura 2.6\cura.exe
FirewallRules: [UDP Query User{CAB090A3-CB18-42CC-9CE5-200FB6D8C4EC}C:\program files\cura 2.6\cura.exe] => (Allow) C:\program files\cura 2.6\cura.exe
FirewallRules: [{C45C6736-1657-4248-B193-E2D1D16EB04B}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
FirewallRules: [{80FD5CE0-9F3D-4D53-8D75-966246E1BC30}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
FirewallRules: [{A508F575-65C1-40BA-9EAD-A73E15BF349F}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
FirewallRules: [{AB14D37C-CCE3-4BFA-8CCC-995A64AC486A}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
FirewallRules: [{201D6C87-7142-4C33-B468-0AFE1C4302BA}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
FirewallRules: [{162F914D-0934-410C-8D48-1A6EC2024506}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
FirewallRules: [{E7E7CF99-B75C-4403-BA66-CF7E3CD177E3}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe\LevelEditor.exe
FirewallRules: [{BA85A46B-7791-4F5D-9A9E-0B83A04753A0}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe\LevelEditor.exe
FirewallRules: [{31E2DA36-A045-4357-9105-F64156ECB87D}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe_gl\LevelEditor.exe
FirewallRules: [{C0900DCB-F520-4B25-B677-69EAC37469C5}] => (Allow) D:\SteamLibrary\steamapps\common\DefendersQuest\deluxe_gl\LevelEditor.exe
FirewallRules: [TCP Query User{AB6F7758-D766-4CF2-A62D-F8E02ABA640D}C:\program files (x86)\craftware\craftprint.exe] => (Allow) C:\program files (x86)\craftware\craftprint.exe
FirewallRules: [UDP Query User{0BDC7B43-3709-4182-9C87-D738C9BA2150}C:\program files (x86)\craftware\craftprint.exe] => (Allow) C:\program files (x86)\craftware\craftprint.exe
FirewallRules: [{926424EF-18CA-4817-AE1A-09C8F86662EA}] => (Allow) D:\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{E9F2A558-62A9-4C7E-8D5D-2B0B841A0B12}] => (Allow) D:\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{31A5C950-FF1E-4DD1-919B-75139A2BF2E3}] => (Allow) D:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{B2A7C4D9-C653-4356-9D6A-9A9F60F7DB61}] => (Allow) D:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

24-06-2017 18:28:55 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Faulty Device Manager Devices =============

Name: Npcap Loopback Adapter
Description: Microsoft KM-TEST Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kmloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2017 10:25:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EoCApp.exe, version: 2.0.119.430, time stamp: 0x56fd2c80
Faulting module name: EoCApp.exe, version: 2.0.119.430, time stamp: 0x56fd2c80
Exception code: 0xc0000005
Fault offset: 0x0000000000f7ed44
Faulting process id: 0x42dcc
Faulting application start time: 0x01d2eef500466b47
Faulting application path: D:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
Faulting module path: D:\SteamLibrary\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
Report Id: 43947eab-5ae8-11e7-8299-c03896838b48
Faulting package full name:
Faulting package-relative application ID:

Error: (06/26/2017 04:21:31 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/25/2017 09:47:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f974

Start Time: 01d2e91c984fe87f

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: b13cfe8c-5a16-11e7-8299-c03896838b48

Faulting package full name:

Faulting package-relative application ID:

Error: (06/25/2017 07:50:58 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/25/2017 05:47:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/24/2017 06:29:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/24/2017 02:38:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/24/2017 12:34:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HandBrake.exe, version: 1.0.7.0, time stamp: 0x58ea9d2f
Faulting module name: hb.dll, version: 0.0.0.0, time stamp: 0x58ea9caf
Exception code: 0xc0000005
Fault offset: 0x0000000000045a89
Faulting process id: 0x125a0
Faulting application start time: 0x01d2e86f16758d71
Faulting application path: C:\Program Files\HandBrake\HandBrake.exe
Faulting module path: C:\Program Files\HandBrake\hb.dll
Report Id: c49bc8f0-589e-11e7-8299-c03896838b48
Faulting package full name:
Faulting package-relative application ID:

Error: (06/24/2017 12:34:18 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HandBrake.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000000006F345A89
Stack:

Error: (06/23/2017 05:52:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SC2_x64.exe version 3.15.1.54724 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 30fe4

Start Time: 01d2ec7283aa816b

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\StarCraft II\Versions\Base54518\SC2_x64.exe

Report Id: 2e545e90-5866-11e7-8299-c03896838b48

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (06/26/2017 10:32:02 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.

Error: (06/26/2017 04:20:52 AM) (Source: DCOM) (EventID: 10010) (User: lt3)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (06/26/2017 04:20:18 AM) (Source: DCOM) (EventID: 10010) (User: lt3)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (06/25/2017 02:50:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.

Error: (06/25/2017 02:26:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.

Error: (06/25/2017 02:26:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.

Error: (06/25/2017 02:26:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.

Error: (06/25/2017 02:26:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.

Error: (06/25/2017 02:26:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.

Error: (06/25/2017 02:26:24 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR9.


CodeIntegrity:
===================================
Date: 2017-06-06 23:12:30.040
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-25 04:49:50.997
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-17 20:34:31.131
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-17 20:34:31.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-17 20:34:30.961
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-17 20:05:21.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-17 20:05:21.390
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-17 20:05:21.296
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-16 14:52:14.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-16 14:52:14.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 32652.38 MB
Available physical RAM: 22940.78 MB
Total Virtual: 37516.38 MB
Available Virtual: 24302.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:28.61 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:112.57 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:19.07 GB) NTFS
Drive j: (My Passport 4) (Fixed) (Total:3725.99 GB) (Free:1129.66 GB) NTFS
Drive l: (The X-Files, Season 4 Disc 4) (CDROM) (Total:43.84 GB) (Free:0 GB) UDF
Drive m: (The X-Files, Season 4 Disc 5) (CDROM) (Total:43.11 GB) (Free:0 GB) UDF
Drive n: (The X-Files, Season 4 Disc 6) (CDROM) (Total:45.92 GB) (Free:0 GB) UDF
Drive o: (The X-Files, Season 5 Disc 1) (CDROM) (Total:43.42 GB) (Free:0 GB) UDF
Drive p: (AKK_ORANGE_PT2) (CDROM) (Total:3.85 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3A411564)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88C10745)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

You abandoned this topic in the past: https://www.techspot.com/community/topics/ran-what-I-thought-was-a-safe-executable.232895/
Unless I hear valid explanation I won't be able to help you.

 

[Dale Ferrier]

Not sure why I "abandoned" my previous postings except that the last thing you had me do resulted in the symptoms going away.

Sorry about that, I didn't realize I was obligated to confirm that everything was good to go.

I certainly didn't mean to abandon anything.

 

[Broni]

In that topic I asked you to run a fix. I even asked after 5 days of silence "Still with me?". Still nothing.

I always clearly state my rules in my very first reply in every topic.
One of the rules says:
"The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know."
...and:
"If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum."

I'm not sure what is unclear about that.

It can NOT happen again.

So, please read carefully my rules again.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Dale Ferrier]

Thanks Broni but I don't wish to continue.

Thanks for your help.

 

[Broni]

No problem.